From blackhole at torproject.org Fri Jan 1 04:52:21 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 01 Jan 2016 04:52:21 -0000 Subject: [tbb-bugs] #6458 [Tor Browser]: Double-key HSTS for third party content In-Reply-To: <049.898ac8379e66db871b577fd3995584e5@torproject.org> References: <049.898ac8379e66db871b577fd3995584e5@torproject.org> Message-ID: <064.5dfbdeb5add293ee9a1749ec7050fb32@torproject.org> #6458: Double-key HSTS for third party content -------------------------------------------------+------------------------- Reporter: mikeperry | Owner: tbb- Type: defect | team Priority: High | Status: new Component: Tor Browser | Milestone: Severity: Normal | Version: Keywords: tbb-linkability, tbb-bounty, tbb- | Resolution: firefox-patch | Actual Points: Parent ID: | Points: Sponsor: | -------------------------------------------------+------------------------- Changes (by arthuredelstein): * cc: arthuredelstein (added) * severity: => Normal -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 1 09:35:46 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 01 Jan 2016 09:35:46 -0000 Subject: [tbb-bugs] #17970 [Tor Browser]: Only audio in mp4 videos Message-ID: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> #17970: Only audio in mp4 videos -----------------------------+------------------------------ Reporter: slycelote | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Tor: unspecified Severity: Normal | Keywords: Actual Points: | Parent ID: Points: | Sponsor: -----------------------------+------------------------------ During playback of mp4 videos I only see a white screen. Firefox on the same machine works fine. Also, webm videos work. Steps to reproduce: create an HTML document with the following content: {{{

}}} Put an mp4 file next to the document and open it. Tor browser version 5.0.6. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 1 11:51:39 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 01 Jan 2016 11:51:39 -0000 Subject: [tbb-bugs] #17970 [Tor Browser]: Only audio in mp4 videos In-Reply-To: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> References: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> Message-ID: <064.7a5c643572cbd87b69b4348c2d38e797@torproject.org> #17970: Only audio in mp4 videos -------------------------+-------------------------- Reporter: slycelote | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Changes (by cypherpunks): * version: Tor: unspecified => Comment: > During playback of mp4 videos I only see a white screen. Firefox on the same machine works fine. Also, webm videos work. [https://developer.mozilla.org/en-US/docs/Web/HTML/Supported_media_formats Media formats supported by the HTML audio and video elements]: > To avoid patent issues, support for MPEG 4, H.264 and MP3 is not built directly into Firefox. Instead it relies on support from the OS or hardware (the hardware also needs to be able to support the profile used to encode the video, in the case of MP4). Firefox supports these formats on the following platforms: Windows Vista+ since Firefox 22.0, Android since Firefox 20.0, Firefox OS since Firefox 15.0, Linux since Firefox 26.0 (relies on GStreamer codecs) and OS X 10.7 since Firefox 35.0. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 1 14:14:40 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 01 Jan 2016 14:14:40 -0000 Subject: [tbb-bugs] #14424 [Tor]: Connecting by Hostname In-Reply-To: <046.57d2e794d3385352e228335ab08cea49@torproject.org> References: <046.57d2e794d3385352e228335ab08cea49@torproject.org> Message-ID: <061.8351010bc18e1347d28fa5f5d2ba8a49@torproject.org> #14424: Connecting by Hostname -------------------------+------------------------------------- Reporter: Kyuske | Owner: tbb-team Type: enhancement | Status: new Priority: Medium | Milestone: Tor: very long term Component: Tor | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+------------------------------------- Changes (by teor): * priority: High => Medium * component: Tor Browser => Tor * milestone: => Tor: very long term Comment: This is a core tor feature request. It could be implemented by extending ReachableAddresses to resolve DNS names when parsing the policy. But there are a few issues with this: * DNS resultion results change, we would have to periodically refresh the policy; * do we do this based on record TTL? * what if DNS fails? temporarily? permanently? * this has caused us other issues in the past * DNS names can resolve to multiple IP addresses depending on time and location and various other factors, how can we know we have them all? * tor tries very hard not to depend on DNS because it can be a weak link - it's not authenticated, * leaking the sites users are prepared to access via DNS queries could identify the user, or make those sites the target of attacks. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 1 18:58:25 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 01 Jan 2016 18:58:25 -0000 Subject: [tbb-bugs] #17970 [Tor Browser]: Only audio in mp4 videos In-Reply-To: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> References: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> Message-ID: <064.520b002f270a56ab7c43dcedb57a0632@torproject.org> #17970: Only audio in mp4 videos -------------------------+-------------------------- Reporter: slycelote | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by slycelote): Yeah, I saw that page, that's why I mentioned that Firefox works on the same configuration. The problem is in Tor Browser. Latest version is based on Firefox 38, so it should work. Replying to [comment:1 cypherpunks]: > > During playback of mp4 videos I only see a white screen. Firefox on the same machine works fine. Also, webm videos work. > [https://developer.mozilla.org/en- US/docs/Web/HTML/Supported_media_formats Media formats supported by the HTML audio and video elements]: > > To avoid patent issues, support for MPEG 4, H.264 and MP3 is not built directly into Firefox. Instead it relies on support from the OS or hardware (the hardware also needs to be able to support the profile used to encode the video, in the case of MP4). Firefox supports these formats on the following platforms: Windows Vista+ since Firefox 22.0, Android since Firefox 20.0, Firefox OS since Firefox 15.0, Linux since Firefox 26.0 (relies on GStreamer codecs) and OS X 10.7 since Firefox 35.0. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 1 20:16:40 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 01 Jan 2016 20:16:40 -0000 Subject: [tbb-bugs] #17970 [Tor Browser]: Only audio in mp4 videos In-Reply-To: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> References: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> Message-ID: <064.4e0521a5e3ce184800c0b55421904fa8@torproject.org> #17970: Only audio in mp4 videos -------------------------+-------------------------- Reporter: slycelote | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by cypherpunks): Tested ESR-38 and Tor Browser 5.0.6 on the Win7 (default system's DirectShow installation, without any system-wide browser plugins installed.). Works fine for both browsers. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 1 20:20:22 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 01 Jan 2016 20:20:22 -0000 Subject: [tbb-bugs] #17970 [Tor Browser]: Only audio in mp4 videos In-Reply-To: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> References: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> Message-ID: <064.848731bda64140901ce70d43c30f2568@torproject.org> #17970: Only audio in mp4 videos -------------------------+-------------------------- Reporter: slycelote | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by slycelote): Ahh, right, I forgot to mention the OS, it's Trisquel distribution; {{{ Linux trisquel-laptop 3.13.0-74-lowlatency #118+7.0trisquel2 SMP PREEMPT Sat Dec 19 11:50:41 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux }}} -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 1 20:34:09 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 01 Jan 2016 20:34:09 -0000 Subject: [tbb-bugs] #17970 [Tor Browser]: Only audio in mp4 videos In-Reply-To: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> References: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> Message-ID: <064.ce4a8b73d788fc1c28b5127745ca9fae@torproject.org> #17970: Only audio in mp4 videos -------------------------+-------------------------- Reporter: slycelote | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by cypherpunks): Tor Browser 5.0.6 for Linux using gstreamer 0.10 (?) to play MP4 (if plugins support it was installed), what gstreamer version used by tested Firefox? -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 1 21:16:52 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 01 Jan 2016 21:16:52 -0000 Subject: [tbb-bugs] #17970 [Tor Browser]: Enable Gstreamer 1.0 support instead of 0.1 by default (was: Only audio in mp4 videos) In-Reply-To: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> References: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> Message-ID: <064.3cb8b413744308ec5bed06f1320f1b0d@torproject.org> #17970: Enable Gstreamer 1.0 support instead of 0.1 by default -------------------------+-------------------------- Reporter: slycelote | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by cypherpunks): [https://bugzilla.mozilla.org/show_bug.cgi?id=806917#c126 Why to use Gstreamer 1.0] -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 1 21:37:58 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 01 Jan 2016 21:37:58 -0000 Subject: [tbb-bugs] #17970 [Tor Browser]: Enable Gstreamer 1.0 support instead of 0.1 by default In-Reply-To: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> References: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> Message-ID: <064.44b78fe5d0b40ba89e4bcb5d66ca701a@torproject.org> #17970: Enable Gstreamer 1.0 support instead of 0.1 by default -------------------------+-------------------------- Reporter: slycelote | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by slycelote): I have both 0.10 and 1.0 gstreamer installed (see the list below). Not sure how to figure out which one FF uses. BTW, I tested another machine with Ubuntu 14.04 and the behavior is the same. {{{ i bluez-gstreamer - Bluetooth GStreamer support i A gir1.2-gstreamer-1.0 - Description: GObject introspection data for the GStreamer library i gstreamer0.10-alsa - GStreamer plugin for ALSA i gstreamer0.10-fluendo-mp3 - Fluendo mp3 decoder GStreamer 0.10 plugin i A gstreamer0.10-gconf - GStreamer plugin for getting the sink/source information from GConf i gstreamer0.10-gnonlin - non-linear editing module for GStreamer i A gstreamer0.10-nice - ICE library (GStreamer 0.10 plugin) i gstreamer0.10-plugins-bad - GStreamer plugins from the "bad" set i A gstreamer0.10-plugins-base - GStreamer plugins from the "base" set i gstreamer0.10-plugins-base-apps - GStreamer helper programs from the "base" set i A gstreamer0.10-plugins-good - GStreamer plugins from the "good" set i gstreamer0.10-plugins-ugly - GStreamer plugins from the "ugly" set i gstreamer0.10-pulseaudio - GStreamer plugin for PulseAudio i A gstreamer0.10-tools - Tools for use with GStreamer i gstreamer0.10-vaapi - VA-API plugins for GStreamer i gstreamer0.10-x - GStreamer plugins for X11 and Pango i gstreamer1.0-alsa - GStreamer plugin for ALSA i A gstreamer1.0-clutter - Clutter PLugin for GStreamer 1.0 i gstreamer1.0-crystalhd - Crystal HD Video Decoder (GStreamer plugin) i gstreamer1.0-fluendo-mp3 - Fluendo mp3 decoder GStreamer 1.0 plugin i A gstreamer1.0-gnonlin - non-linear editing module for GStreamer i gstreamer1.0-libav - libav plugin for GStreamer i gstreamer1.0-nice - ICE library (GStreamer plugin) i A gstreamer1.0-plugins-bad - GStreamer plugins from the "bad" set i A gstreamer1.0-plugins-bad-faad - GStreamer faad plugin from the "bad" set i A gstreamer1.0-plugins-bad-videoparsers - GStreamer videoparsers plugin from the "bad" set i A gstreamer1.0-plugins-base - GStreamer plugins from the "base" set i A gstreamer1.0-plugins-good - GStreamer plugins from the "good" set i gstreamer1.0-plugins-ugly - GStreamer plugins from the "ugly" set i gstreamer1.0-pulseaudio - GStreamer plugin for PulseAudio i gstreamer1.0-tools - Tools for use with GStreamer i gstreamer1.0-vaapi - VA-API plugins for GStreamer i A gstreamer1.0-x - GStreamer plugins for X11 and Pango i A libgstreamer-plugins-bad0.10-0 - GStreamer shared libraries from the "bad" set i A libgstreamer-plugins-bad1.0-0 - GStreamer development files for libraries from the "bad" set i A libgstreamer-plugins-base0.10-0 - GStreamer libraries from the "base" set i A libgstreamer-plugins-base1.0-0 - GStreamer libraries from the "base" set i A libgstreamer-plugins-good1.0-0 - GStreamer development files for libraries from the "good" set i A libgstreamer-vaapi0.10 - GStreamer libraries from the "vaapi" set i A libgstreamer-vaapi1.0-0 - GStreamer libraries from the "vaapi" set i A libgstreamer0.10-0 - Core GStreamer libraries and elements i A libgstreamer1.0-0 - Core GStreamer libraries and elements }}} -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 1 21:51:18 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 01 Jan 2016 21:51:18 -0000 Subject: [tbb-bugs] #17970 [Tor Browser]: Enable Gstreamer 1.0 support instead of 0.1 by default In-Reply-To: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> References: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> Message-ID: <064.47be7ba7e6fc42b67ea89aef06c4f94e@torproject.org> #17970: Enable Gstreamer 1.0 support instead of 0.1 by default -------------------------+-------------------------- Reporter: slycelote | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by cypherpunks): Replying to [comment:7 slycelote]: > I have both 0.10 and 1.0 gstreamer installed (see the list below). Not sure how to figure out which one FF uses. BTW, I tested another machine with Ubuntu 14.04 and the behavior is the same. Open `about:builconfig` page and look for "--enable-gstreamer=" at "Configure arguments". If absent then 0.10 used else number version specified there. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 1 21:56:14 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 01 Jan 2016 21:56:14 -0000 Subject: [tbb-bugs] #17970 [Tor Browser]: Enable Gstreamer 1.0 support instead of 0.1 by default In-Reply-To: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> References: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> Message-ID: <064.4a2016bd5925e5a9ca829640b3103d2d@torproject.org> #17970: Enable Gstreamer 1.0 support instead of 0.1 by default -------------------------+-------------------------- Reporter: slycelote | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by slycelote): Thanks! Indeed, it says --enable-gstreamer=1.0 in Firefox and is absent in Tor Browser. Replying to [comment:8 cypherpunks]: > Replying to [comment:7 slycelote]: > > I have both 0.10 and 1.0 gstreamer installed (see the list below). Not sure how to figure out which one FF uses. BTW, I tested another machine with Ubuntu 14.04 and the behavior is the same. > > Open `about:buildconfig` page and look for "--enable-gstreamer=" at "Configure arguments". If absent then 0.10 used else number version specified there. > > EDIT: fixed page name. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 1 22:48:40 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 01 Jan 2016 22:48:40 -0000 Subject: [tbb-bugs] #17965 [Tor Browser]: Isolate HPKP pinning to url bar domain In-Reply-To: <049.8c66fc3ef1132fbc956b2bb5c66f2973@torproject.org> References: <049.8c66fc3ef1132fbc956b2bb5c66f2973@torproject.org> Message-ID: <064.5b5391b3d923623f475de26e597ca1e2@torproject.org> #17965: Isolate HPKP pinning to url bar domain -------------------------------------------------+------------------------- Reporter: mikeperry | Owner: tbb- Type: defect | team Priority: High | Status: Component: Tor Browser | needs_information Severity: Normal | Milestone: Keywords: tbb-linkability, | Version: TorBrowserTeam201601 | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Changes (by gk): * status: new => needs_information Comment: What is the relationship of this ticket to #6458? I thought we should deal with both issues in the latter (see my comment:11:ticket:6458) Is there are reason you want to split HPKP off? -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 1 22:59:45 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 01 Jan 2016 22:59:45 -0000 Subject: [tbb-bugs] #17972 [Tor Browser]: Tor Browser Bundle Included Python DLL Requires Update In-Reply-To: <046.678d8d54fa1f80af5193a6fbd9cfaab8@torproject.org> References: <046.678d8d54fa1f80af5193a6fbd9cfaab8@torproject.org> Message-ID: <061.b36ccad8e36773a5f4c23da147f9fcda@torproject.org> #17972: Tor Browser Bundle Included Python DLL Requires Update -------------------------+-------------------------- Reporter: Aj7310 | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: Python | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Changes (by teor): * owner: asn => tbb-team * type: enhancement => defect * version: Tor: 0.2.7.6 => * component: Pluggable transport => Tor Browser * milestone: Tor: 0.2.8.x-final => -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 1 23:06:41 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 01 Jan 2016 23:06:41 -0000 Subject: [tbb-bugs] #17965 [Tor Browser]: Isolate HPKP pinning to url bar domain In-Reply-To: <049.8c66fc3ef1132fbc956b2bb5c66f2973@torproject.org> References: <049.8c66fc3ef1132fbc956b2bb5c66f2973@torproject.org> Message-ID: <064.59ca0547f4149eff17a7e53cda87f3b6@torproject.org> #17965: Isolate HPKP pinning to url bar domain -------------------------------------------------+------------------------- Reporter: mikeperry | Owner: tbb- Type: defect | team Priority: High | Status: Component: Tor Browser | needs_information Severity: Normal | Milestone: Keywords: tbb-linkability, | Version: TorBrowserTeam201601 | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Comment (by gk): Replying to [comment:1 gk]: > What is the relationship of this ticket to #6458? I thought we should deal with both issues in the latter (see my comment:11:ticket:6458) Is there are reason you want to split HPKP off? Oh, I am asking here as HSTS seems to creep into your description of this ticket. :) -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 1 23:16:54 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 01 Jan 2016 23:16:54 -0000 Subject: [tbb-bugs] #17965 [Tor Browser]: Isolate HPKP pinning to url bar domain In-Reply-To: <049.8c66fc3ef1132fbc956b2bb5c66f2973@torproject.org> References: <049.8c66fc3ef1132fbc956b2bb5c66f2973@torproject.org> Message-ID: <064.c3b5adb195f24ceddd2372c665e09591@torproject.org> #17965: Isolate HPKP pinning to url bar domain -------------------------------------------------+------------------------- Reporter: mikeperry | Owner: tbb- Type: defect | team Priority: High | Status: Component: Tor Browser | needs_information Severity: Normal | Milestone: Keywords: tbb-linkability, | Version: TorBrowserTeam201601 | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Comment (by gk): And, for the record, see https://zyan.scripts.mit.edu/presentations/toorcon2015.pdf slides 21ff. where an attack scenario is described in more detail that should be moot with binding HPKP state to the URL bar domain. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 1 23:19:33 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 01 Jan 2016 23:19:33 -0000 Subject: [tbb-bugs] #17423 [Tor Browser]: Look into Yan's browser fingerprinting tricks In-Reply-To: <055.f01b6fe77ddeab8ec7dae9dadbf5b0ed@torproject.org> References: <055.f01b6fe77ddeab8ec7dae9dadbf5b0ed@torproject.org> Message-ID: <070.a6a498fe8eca86a3bd70c62dfbbcff3a@torproject.org> #17423: Look into Yan's browser fingerprinting tricks -------------------------------------------------+------------------------- Reporter: arthuredelstein | Owner: tbb- Type: defect | team Priority: Medium | Status: closed Component: Tor Browser | Milestone: Severity: Normal | Version: Keywords: tbb-fingerprinting, tbb-linkability | Resolution: fixed Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Changes (by gk): * status: new => closed * keywords: tbb-fingerprinting => tbb-fingerprinting, tbb-linkability * resolution: => fixed Comment: Yes, I think your understanding is correct. Mike created #17965 for the HPKP issue in case we are not dealing with it in #6458. I first thought we should do that but think now both features are distinct enough that dealing with them in different tickets seems reasonable. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 1 23:28:47 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 01 Jan 2016 23:28:47 -0000 Subject: [tbb-bugs] #17965 [Tor Browser]: Isolate HPKP pinning to url bar domain In-Reply-To: <049.8c66fc3ef1132fbc956b2bb5c66f2973@torproject.org> References: <049.8c66fc3ef1132fbc956b2bb5c66f2973@torproject.org> Message-ID: <064.5f6d2cfd933a90ea1e88343b1a54ca98@torproject.org> #17965: Isolate HPKP pinning to url bar domain -------------------------------------------------+------------------------- Reporter: mikeperry | Owner: tbb- Type: defect | team Priority: High | Status: Component: Tor Browser | assigned Severity: Normal | Milestone: Keywords: tbb-linkability, | Version: TorBrowserTeam201601 | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Changes (by gk): * status: needs_information => assigned Comment: Replying to [comment:2 gk]: > Replying to [comment:1 gk]: > > What is the relationship of this ticket to #6458? I thought we should deal with both issues in the latter (see my comment:11:ticket:6458) Is there a reason you want to split HPKP off? > > Oh, I am asking here as HSTS seems to creep into your description of this ticket. :) (Answering my question(s) myself): After thinking a bit more about it it seems reasonable to not deal with both features in the same ticket as they (and the linkability attacks allowed by them) are different enough and unrelated. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 1 23:38:08 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 01 Jan 2016 23:38:08 -0000 Subject: [tbb-bugs] #17917 [Tor Browser]: Changelog after update is empty if JS is disabled In-Reply-To: <042.708b744b13d5b24982ef59222fd7ad42@torproject.org> References: <042.708b744b13d5b24982ef59222fd7ad42@torproject.org> Message-ID: <057.aeac8b41bba794c5e450cd6bca496666@torproject.org> #17917: Changelog after update is empty if JS is disabled -------------------------+-------------------------- Reporter: gk | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-5.5 | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Changes (by gk): * keywords: => tbb-5.5 -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Sat Jan 2 10:18:54 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Sat, 02 Jan 2016 10:18:54 -0000 Subject: [tbb-bugs] #17970 [Tor Browser]: Build against GStreamer 1.0 by default on Linux (was: Enable Gstreamer 1.0 support instead of 0.1 by default) In-Reply-To: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> References: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> Message-ID: <064.49c54770e7820ff376051f183cabbdfd@torproject.org> #17970: Build against GStreamer 1.0 by default on Linux -------------------------+-------------------------- Reporter: slycelote | Owner: tbb-team Type: enhancement | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Changes (by cypherpunks): * type: defect => enhancement Comment: > name: "torbrowser-linux" > suites: > - "lucid" > - "libgstreamer-plugins-base0.10-dev" There are no 1.0 version in lucid, it's hard to simply change used version. Mozilla closed as wontfix such [https://bugzilla.mozilla.org/show_bug.cgi?id=947287 wishes] too, as many distributives in-use still has no anything besides 0.10 And many distributives nuked support for mp4 plugins by gstreamer-0.10. There are no good resolve for this ticket, half of Linux's user base have been affected by any decision for today. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Sat Jan 2 15:41:16 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Sat, 02 Jan 2016 15:41:16 -0000 Subject: [tbb-bugs] #17970 [Tor Browser]: Build against GStreamer 1.0 by default on Linux In-Reply-To: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> References: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> Message-ID: <064.8618b8444d739b92235207e7b028c1c2@torproject.org> #17970: Build against GStreamer 1.0 by default on Linux -------------------------+-------------------------- Reporter: slycelote | Owner: tbb-team Type: enhancement | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by intrigeri): Some data points (I'm still not sure what exactly should be done here): * Debian Jessie has GStreamer 1.0, and lacks the ffmpeg plugin for GStreamer 0.10 => MP4 video playback is broken in Tor Browser on Tails 2.0~beta1 (scheduled to become stable at the end of the month), while it worked just fine on Wheezy-based Tails 1.x. Moving to GST 1.0 would improve things. * Debian Wheezy has gstreamer1.0 available from the official backports repository. It also has GSTreamer 0.10 in the main repo => moving to GST 1.0 would break things but there is a relatively easy workaround. * Among currently supported Ubuntu releases, only 12.04 LTS (Precise) is lacking GStreamer 1.0, and only it has gstreamer1.0-ffmpeg; if we really want to keep supporting video playback on Precise, perhaps a backport would be doable there too: what applies to Debian Wheezy often applies to Ubuntu Precise, which is quite similar. In the current state of things, moving to GST 1.0 would improve things on all supported Ubuntu releases, except it would make them worse on Precise (but a backport would help there). * On Arch Linux it seems that gstreamer0.10-ffmpeg is available from the Extras repo only. And of course it has GSTreamer 1.0 too. * In the Red Hat world, no such thing like gstreamer0.10-ffmpeg in the official repos; but various third party repos propose that plugin. No idea if people running these distros actually trust and use these repos, so no idea if they currently have working MP4 video in Tor Browser. With my Tails and Debian hats, of course I would prefer if Tor Browser was built against GSTreamer 1.0. The above data suggests it would not make things worse on Red Hat and Arch. What other information do we need to make a decision? -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Sat Jan 2 15:46:28 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Sat, 02 Jan 2016 15:46:28 -0000 Subject: [tbb-bugs] #17970 [Tor Browser]: Build against GStreamer 1.0 by default on Linux In-Reply-To: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> References: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> Message-ID: <064.56f188360baa57b79b8cf24fc1779f69@torproject.org> #17970: Build against GStreamer 1.0 by default on Linux --------------------------+-------------------------- Reporter: slycelote | Owner: tbb-team Type: enhancement | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: AffectsTails | Actual Points: Parent ID: | Points: Sponsor: | --------------------------+-------------------------- Changes (by intrigeri): * keywords: => AffectsTails -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Sat Jan 2 15:47:03 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Sat, 02 Jan 2016 15:47:03 -0000 Subject: [tbb-bugs] #17970 [Tor Browser]: Build against GStreamer 1.0 by default on Linux In-Reply-To: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> References: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> Message-ID: <064.7535cfea3b30d88ce4321a1f03d6b119@torproject.org> #17970: Build against GStreamer 1.0 by default on Linux --------------------------+-------------------------- Reporter: slycelote | Owner: tbb-team Type: enhancement | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: AffectsTails | Actual Points: Parent ID: | Points: Sponsor: | --------------------------+-------------------------- Changes (by intrigeri): * cc: intrigeri (added) -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Sun Jan 3 03:45:08 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Sun, 03 Jan 2016 03:45:08 -0000 Subject: [tbb-bugs] #17970 [Tor Browser]: Build against GStreamer 1.0 by default on Linux In-Reply-To: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> References: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> Message-ID: <064.133def4408c123bd8d373554604baa67@torproject.org> #17970: Build against GStreamer 1.0 by default on Linux --------------------------+-------------------------- Reporter: slycelote | Owner: tbb-team Type: enhancement | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: AffectsTails | Actual Points: Parent ID: | Points: Sponsor: | --------------------------+-------------------------- Comment (by FireballDWF): gstreamer dependency has been removed from Firefox 46 according to https://bugzilla.mozilla.org/show_bug.cgi?id=1234092 and may have been removed as early as Firefox 44 according to https://bugzilla.mozilla.org/show_bug.cgi?id=947287 -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Sun Jan 3 09:53:36 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Sun, 03 Jan 2016 09:53:36 -0000 Subject: [tbb-bugs] #17931 [Tor Browser]: Tor Browser Hardened Crash In-Reply-To: <044.d6ca03d5e4dde392adfaf7066ccee0e4@torproject.org> References: <044.d6ca03d5e4dde392adfaf7066ccee0e4@torproject.org> Message-ID: <059.6cbb49d69a7a89f707c1f29bd868007b@torproject.org> #17931: Tor Browser Hardened Crash -------------------------------------------------+------------------------- Reporter: pege | Owner: tbb- Type: defect | team Priority: Immediate | Status: Component: Tor Browser | needs_review Severity: Blocker | Milestone: Keywords: tbb-hardened, tbb-crash, | Version: TorBrowserTeam201512R | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Comment (by cypherpunks): >The %27s fragment in that URL (which is 's escaped) is interpreted by LogMessageToConsole as a printf-like format specifier for a 27-character string. Format-string vunnerabilities in my TBB? Who the fuck is working for you, it is an obvious BACKDOOR! -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Sun Jan 3 16:28:36 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Sun, 03 Jan 2016 16:28:36 -0000 Subject: [tbb-bugs] #17970 [Tor Browser]: Build against GStreamer 1.0 by default on Linux In-Reply-To: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> References: <049.405ea05a3fd8df9e69c6557342316547@torproject.org> Message-ID: <064.39387e1683360916f3da76cc7f58528e@torproject.org> #17970: Build against GStreamer 1.0 by default on Linux --------------------------+-------------------------- Reporter: slycelote | Owner: tbb-team Type: enhancement | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: AffectsTails | Actual Points: Parent ID: | Points: Sponsor: | --------------------------+-------------------------- Comment (by cypherpunks): [https://bugzilla.mozilla.org/show_bug.cgi?id=1207429#c33 Yet] about switching to GStreamer 1.0: > Note that we've seen tons of crashes with that coming from ubuntu builds that have flipped this switch. I wouldn't recommend people to use it - though for MP3 only it may be fine, the crashes could have been video. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Sun Jan 3 18:47:02 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Sun, 03 Jan 2016 18:47:02 -0000 Subject: [tbb-bugs] #17989 [Tor Browser]: TorBrowser hangs when download of file is finished Message-ID: <051.b9277472f310334c9d026fd084e5e898@torproject.org> #17989: TorBrowser hangs when download of file is finished -----------------------------+---------------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Keywords: torbrowser, tbb-hang Actual Points: | Parent ID: Points: | Sponsor: -----------------------------+---------------------------------- -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Sun Jan 3 18:48:46 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Sun, 03 Jan 2016 18:48:46 -0000 Subject: [tbb-bugs] #17989 [Tor Browser]: TorBrowser hangs when download of file is finished In-Reply-To: <051.b9277472f310334c9d026fd084e5e898@torproject.org> References: <051.b9277472f310334c9d026fd084e5e898@torproject.org> Message-ID: <066.a043577657a7cf09fc0ab0a2d0adfee1@torproject.org> #17989: TorBrowser hangs when download of file is finished ----------------------------------+-------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: torbrowser, tbb-hang | Actual Points: Parent ID: | Points: Sponsor: | ----------------------------------+-------------------------- Comment (by cypherpunks): I use v5.0.4, this bug was also present in previous versions, so I'm sure thai it also present in 5.5 -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Sun Jan 3 19:51:29 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Sun, 03 Jan 2016 19:51:29 -0000 Subject: [tbb-bugs] #17989 [Tor Browser]: TorBrowser hangs when download of file is finished In-Reply-To: <051.b9277472f310334c9d026fd084e5e898@torproject.org> References: <051.b9277472f310334c9d026fd084e5e898@torproject.org> Message-ID: <066.13d893434a5075e959b5e9275dfdc42b@torproject.org> #17989: TorBrowser hangs when download of file is finished ----------------------------------+----------------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: needs_information Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: torbrowser, tbb-hang | Actual Points: Parent ID: | Points: Sponsor: | ----------------------------------+----------------------------------- Changes (by cypherpunks): * status: new => needs_information Comment: > TorBrowser hangs when download of file is finished Downloaded ~~all internet~~ many files by TorBrowser so far, never hanged. More information needs. (OS, URLs, etc) -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Mon Jan 4 02:10:57 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Mon, 04 Jan 2016 02:10:57 -0000 Subject: [tbb-bugs] #17989 [Tor Browser]: TorBrowser hangs when download of file is finished In-Reply-To: <051.b9277472f310334c9d026fd084e5e898@torproject.org> References: <051.b9277472f310334c9d026fd084e5e898@torproject.org> Message-ID: <066.5847cb5895ab126c1426b9fe6532e514@torproject.org> #17989: TorBrowser hangs when download of file is finished ----------------------------------+----------------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: needs_information Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: torbrowser, tbb-hang | Actual Points: Parent ID: | Points: Sponsor: | ----------------------------------+----------------------------------- Comment (by teor): Have you checked to see if the "Open File" dialog is behind your browser window or offscreen? -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Mon Jan 4 03:32:28 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Mon, 04 Jan 2016 03:32:28 -0000 Subject: [tbb-bugs] #17904 [Tor Browser]: Use sufficient window dimensions in Privacy and Security Settings In-Reply-To: <051.f88da6edcf39556d844f44479192078d@torproject.org> References: <051.f88da6edcf39556d844f44479192078d@torproject.org> Message-ID: <066.866c193a711fcba6063103f63c00d9af@torproject.org> #17904: Use sufficient window dimensions in Privacy and Security Settings -------------------------+-------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: new Priority: Low | Milestone: Component: Tor Browser | Version: Severity: Minor | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Changes (by mcs): * cc: mcs (added) -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Mon Jan 4 03:33:13 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Mon, 04 Jan 2016 03:33:13 -0000 Subject: [tbb-bugs] #17895 [Tor Browser]: Tor Browser Bundle installer subject to DLL hijacking In-Reply-To: <047.e563a8d35d2a1ce60d8cab26793ecac3@torproject.org> References: <047.e563a8d35d2a1ce60d8cab26793ecac3@torproject.org> Message-ID: <062.4958dddd922495ec8e00e09f11e70742@torproject.org> #17895: Tor Browser Bundle installer subject to DLL hijacking -------------------------------------------------+------------------------- Reporter: ericlaw | Owner: tbb- Type: defect | team Priority: High | Status: new Component: Tor Browser | Milestone: Severity: Major | Version: Keywords: tbb-gitian, tbb-security, | Resolution: TorBrowserTeam201512, GeorgKoppen201512 | Actual Points: Parent ID: | Points: Sponsor: | -------------------------------------------------+------------------------- Changes (by mcs): * cc: mcs (added) -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Mon Jan 4 03:33:57 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Mon, 04 Jan 2016 03:33:57 -0000 Subject: [tbb-bugs] #12745 [Tor Browser]: still running old version of Tor Button after upgrading TBB in-place In-Reply-To: <051.c7a79f93a5ca25ab99aebdf264a2e91e@torproject.org> References: <051.c7a79f93a5ca25ab99aebdf264a2e91e@torproject.org> Message-ID: <066.9a41998735fbccc183cd6517fb225659@torproject.org> #12745: still running old version of Tor Button after upgrading TBB in-place ---------------------------+----------------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: needs_information Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Blocker | Resolution: Keywords: tbb-usability | Actual Points: Parent ID: | Points: Sponsor: | ---------------------------+----------------------------------- Changes (by mcs): * status: new => needs_information -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Mon Jan 4 16:11:24 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Mon, 04 Jan 2016 16:11:24 -0000 Subject: [tbb-bugs] #17931 [Tor Browser]: Tor Browser Hardened Crash In-Reply-To: <044.d6ca03d5e4dde392adfaf7066ccee0e4@torproject.org> References: <044.d6ca03d5e4dde392adfaf7066ccee0e4@torproject.org> Message-ID: <059.5ea854151f68f35a5ce1e20b5757c14e@torproject.org> #17931: Tor Browser Hardened Crash -------------------------------------------------+------------------------- Reporter: pege | Owner: tbb- Type: defect | team Priority: Immediate | Status: Component: Tor Browser | needs_revision Severity: Blocker | Milestone: Keywords: tbb-hardened, tbb-crash, | Version: TorBrowserTeam201512R | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Changes (by mikeperry): * status: needs_review => needs_revision Comment: The core problem here is that LogMessageToConsole() is dangerous, undocumented, and borderline deceptive. We should absolutely patch this function to change LogMessageToConsole() to accept only a single non- format argument, to guard against future vulnerabilities coming down from Mozilla or even by new TBB devs in the far future. In fact, it is already misused in Mozilla's own sandboxing code in ./security/sandbox/chromium- shim/sandbox/win/loggingCallbacks.h. If a sandbox violation is able to force a log message there that has a format string, this could also lead to sandbox breakout from the e10s sandbox. We might even be able to claim Mozilla's bug bounty for this. Regardless, a Mozilla bug should be filed. I hear rumors of an NSS bugfix coming out tomorrow. If that bug affects the NSS in ESR, we should wait to pick that up. Otherwise, we should make a release with a fix for this ASAP. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Mon Jan 4 17:39:33 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Mon, 04 Jan 2016 17:39:33 -0000 Subject: [tbb-bugs] #17997 [Tor Browser]: ExitNodes and/or StrictNodes not working in 5.0.6 Message-ID: <048.ab2d1e063d9cf89532cc44fc11a54c2f@torproject.org> #17997: ExitNodes and/or StrictNodes not working in 5.0.6 -----------------------------+----------------------------------------- Reporter: thmprtor | Owner: tbb-team Type: defect | Status: new Priority: Very High | Milestone: Component: Tor Browser | Version: Tor: unspecified Severity: Critical | Keywords: exitnodes torrc strictnodes Actual Points: | Parent ID: Points: | Sponsor: -----------------------------+----------------------------------------- I used to use an old version of TorBrowser where I could customize my exit nodes. I would have two separate TorBrowser folders with two separate standalone installations of TorBrowser, which of course had two separate torrc files that I could customize so as one would only use (for example) Finnish exit nodes and the other would use Canadian exit nodes. This worked very well. I recently installed the latest version of Tor Browser for Windows (5.0.6) and replaced the blank torrc file with my previous customized torrc file. The torrc file specified Strict Nodes to be used and only to use Canadian exit nodes, but after trying more than a dozen times, it would always connect to non-Canadian exit nodes. I then replaced the contents of the torrc-defaults file with the content of my old torrc file and tried again. TorBrowser then proceeded to successfully use ONLY Canadian exit nodes. I then proceeded create another separate additional Tor Browser setup in a completely different folder but instead setup for only Finnish exit nodes. Again I customized torrc-defaults in the "Finnish Tor Browser" folder and it worked. HOWEVER, when I closed the "Finnish Tor Browser" instance and went to run my "Canadian Tor Browser", I encountered a problem. The "Canadian Tor Browser" was now using random exit nodes again! I closed it down and tried again. The second time, my "Canadian Tor Browser" was now using Finnish exit nodes! I thought this was bizarre because it does not happen with the older version I was using. I also noticed that a bookmark that I had put in the "Finnish Tor Browser" standalone folder was now present when I loaded up the "Canadian Tor Browser" - this means that my two apparently separate installations of Tor Browser are sharing some common files. I do not understand how this is possible seeing as my previous standalone installations of the previous version of Tor Browser, as far as I could tell, were independent of each other. I would like to point out that, in case in makes a difference, I was NOT attempting to run the two Tor Browsers at the same time. I ran one, quit it, then ran the other. If this is somehow intentional then please tell me how I can have separate installations of Tor Browser on the same machine but utilizing different customized torrc or torrc-default files. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Mon Jan 4 19:59:27 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Mon, 04 Jan 2016 19:59:27 -0000 Subject: [tbb-bugs] #17997 [Tor Browser]: ExitNodes and/or StrictNodes not working in 5.0.6 In-Reply-To: <048.ab2d1e063d9cf89532cc44fc11a54c2f@torproject.org> References: <048.ab2d1e063d9cf89532cc44fc11a54c2f@torproject.org> Message-ID: <063.663877d4cdf5871b1fe531c417ef87b9@torproject.org> #17997: ExitNodes and/or StrictNodes not working in 5.0.6 -----------------------------------------+--------------------------------- Reporter: thmprtor | Owner: tbb-team Type: defect | Status: Priority: Very High | needs_information Component: Tor Browser | Milestone: Severity: Critical | Version: Tor: Keywords: exitnodes torrc strictnodes | unspecified Parent ID: | Resolution: Sponsor: | Actual Points: | Points: -----------------------------------------+--------------------------------- Changes (by mcs): * status: new => needs_information Comment: No files should be shared. Make sure that no firefox.exe or tor.exe processes are running before you edit torrc. If you duplicated an existing copy of Tor Browser, it is possible that some files have embedded paths; be careful about that. Also, you should never edit torrc-defaulta in Tor Browser because it may be overwritten by the next automatic update of the browser. Please only edit torrc. If editing torrc does not work, something else is wrong. Did you arrange for tor.exe to use different ports between your two browser instances (control port and SOCKS port)? Or do you just make sure tor.exe has exited before you start your other browser? If a bookmark is written to the wrong browser profile, then that profile was the one in use at the time the bookmark was created or modified. The only way I can think of for that to happen is if you did not actually start a new browser instance (new firefox.exe process). Please use our installer to place copies of Tor Browser in two separate folders, make the required changes to the two torrc files, and then report back here as to whether any files are shared. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Mon Jan 4 23:04:41 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Mon, 04 Jan 2016 23:04:41 -0000 Subject: [tbb-bugs] #17931 [Tor Browser]: Tor Browser Hardened Crash In-Reply-To: <044.d6ca03d5e4dde392adfaf7066ccee0e4@torproject.org> References: <044.d6ca03d5e4dde392adfaf7066ccee0e4@torproject.org> Message-ID: <059.3477cc12c70c2e9236b17cafc07f98bc@torproject.org> #17931: Tor Browser Hardened Crash -------------------------------------------------+------------------------- Reporter: pege | Owner: tbb- Type: defect | team Priority: Immediate | Status: Component: Tor Browser | needs_revision Severity: Blocker | Milestone: Keywords: tbb-hardened, tbb-crash, | Version: TorBrowserTeam201512R | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Comment (by arthuredelstein): Here are two patches to give `nsContentUtils::LogMessageToConsole` a single non-format argument, as Mike suggested: https://github.com/arthuredelstein/tor-browser/commits/17931+2 The first patch removes usage of `LogMessageToConsole` in `GonkGPSGeolocationProvider.cpp`, in favor of a more standard logging method found in other Gonk files. The second patch changes `nsContentUtils::LogMessageToConsole` to a single argument. That makes the existing usage in `nsCanvasUtils.cpp` and `loggingCallbacks.h` safe. I confirmed that tor-browser.git builds and works with these patches applied. I have also submitted them to Mozilla's try server. The results will be here: https://treeherder.mozilla.org/#/jobs?repo=try&revision=00333f0503d1 As I mentioned on IRC, I'm very sorry for causing this bug. I do agree with Mike that it will be safer if Mozilla adopts a single-argument signature for `LogMessageToConsole`. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Mon Jan 4 23:05:20 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Mon, 04 Jan 2016 23:05:20 -0000 Subject: [tbb-bugs] #17931 [Tor Browser]: Tor Browser Hardened Crash In-Reply-To: <044.d6ca03d5e4dde392adfaf7066ccee0e4@torproject.org> References: <044.d6ca03d5e4dde392adfaf7066ccee0e4@torproject.org> Message-ID: <059.46f81bd1689fa0e54ae634d647ecd6a0@torproject.org> #17931: Tor Browser Hardened Crash -------------------------------------------------+------------------------- Reporter: pege | Owner: tbb- Type: defect | team Priority: Immediate | Status: Component: Tor Browser | needs_review Severity: Blocker | Milestone: Keywords: tbb-hardened, tbb-crash, | Version: TorBrowserTeam201601R | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Changes (by arthuredelstein): * keywords: tbb-hardened, tbb-crash, TorBrowserTeam201512R => tbb- hardened, tbb-crash, TorBrowserTeam201601R * status: needs_revision => needs_review -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 00:11:29 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 00:11:29 -0000 Subject: [tbb-bugs] #17998 [Tor Browser]: Mystery of the Unintended Exit Node Message-ID: <043.7ea1b9c6882981d7895e7e836717997b@torproject.org> #17998: Mystery of the Unintended Exit Node -----------------------------+---------------------- Reporter: fxs | Owner: tbb-team Type: defect | Status: new Priority: High | Milestone: Component: Tor Browser | Version: Severity: Major | Keywords: Actual Points: | Parent ID: Points: | Sponsor: -----------------------------+---------------------- I was doing some "research" while I noticed something interesting in some HTTP requests I was making to my own server from the Tor Browser Bundle. Most of the time, HTTP requests to a site I owned appeared to "stray" from their intended circuits/exits and might possibly be exiting through nodes that aren't in the current circuit. I've attached an image to try and explain what I'm seeing. I've tested this a few times, and it looks like the "rogue" (for lack of a better word) changes depending on the current circuit path. I'm interested in knowing if anyone else is seeing this type of behavior. 5.0.6 (based on Mozilla Firefox 38.5.0) Default torrc file aside from a few "ExcludeNodes" entries. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 00:33:37 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 00:33:37 -0000 Subject: [tbb-bugs] #17998 [Tor Browser]: Mystery of the Unintended Exit Node In-Reply-To: <043.7ea1b9c6882981d7895e7e836717997b@torproject.org> References: <043.7ea1b9c6882981d7895e7e836717997b@torproject.org> Message-ID: <058.09b958473b6506ac41246253a16c0e2f@torproject.org> #17998: Mystery of the Unintended Exit Node -------------------------+-------------------------- Reporter: fxs | Owner: tbb-team Type: defect | Status: new Priority: High | Milestone: Component: Tor Browser | Version: Severity: Major | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by teor): Does this issue happen with the default torrc file (without any ExcludeNodes entries)? It looks like Tor Browser could be fetching the favicon from two different isolation contexts. Isolation contexts are a feature where requests that happen from different pages or areas in the browser, get sent through different exits. This protects your privacy by isolating requests from different sites. I wonder if Tor Browser considers the tab favicon and some favicon embedded in the page (or elsewhere) as different contexts? -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 00:50:26 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 00:50:26 -0000 Subject: [tbb-bugs] #17998 [Tor Browser]: Mystery of the Unintended Exit Node In-Reply-To: <043.7ea1b9c6882981d7895e7e836717997b@torproject.org> References: <043.7ea1b9c6882981d7895e7e836717997b@torproject.org> Message-ID: <058.45aaa0337c8055c92e04bcebfbb269da@torproject.org> #17998: Mystery of the Unintended Exit Node -------------------------+-------------------------- Reporter: fxs | Owner: tbb-team Type: defect | Status: new Priority: High | Milestone: Component: Tor Browser | Version: Severity: Major | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by fxs): same, without any ExcludeNodes entries. (see "no_excludes.png", attached) -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 00:59:36 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 00:59:36 -0000 Subject: [tbb-bugs] #17998 [Tor Browser]: Mystery of the Unintended Exit Node In-Reply-To: <043.7ea1b9c6882981d7895e7e836717997b@torproject.org> References: <043.7ea1b9c6882981d7895e7e836717997b@torproject.org> Message-ID: <058.d24e47c124cc955d52059b05dd2f8ab8@torproject.org> #17998: Mystery of the Unintended Exit Node -----------------------------+-------------------------- Reporter: fxs | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-linkability | Actual Points: Parent ID: | Points: Sponsor: | -----------------------------+-------------------------- Changes (by isis): * keywords: => tbb-linkability * priority: High => Medium * severity: Major => Normal * cc: isis (added) -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 05:45:42 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 05:45:42 -0000 Subject: [tbb-bugs] #17998 [Tor Browser]: Mystery of the Unintended Exit Node In-Reply-To: <043.7ea1b9c6882981d7895e7e836717997b@torproject.org> References: <043.7ea1b9c6882981d7895e7e836717997b@torproject.org> Message-ID: <058.7fca7439c540f873c346f4c9a284dd2e@torproject.org> #17998: Mystery of the Unintended Exit Node -----------------------------+--------------------------- Reporter: fxs | Owner: tbb-team Type: defect | Status: closed Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: duplicate Keywords: tbb-linkability | Actual Points: Parent ID: | Points: Sponsor: | -----------------------------+--------------------------- Changes (by gk): * status: new => closed * resolution: => duplicate Comment: Thanks for this report. This is a duplicate of #16747. As mentioned there we have some issues reproducing your problem. Help is welcome. One thing you could do is setting `extensions.torbutton.loglevel` to `3` and start Tor Browser with the `--log` switch. Then you should get a tor-browser.log which should allow us/you to debug this. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 05:46:28 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 05:46:28 -0000 Subject: [tbb-bugs] #16747 [Tor Browser]: Tor-browser downloads favicon twice (and over different circuits) (was: Tor-browser downloads favicon twice) In-Reply-To: <051.9c42f0514996fd8cc9e3577b00ebb256@torproject.org> References: <051.9c42f0514996fd8cc9e3577b00ebb256@torproject.org> Message-ID: <066.e95de98bee47c75776590c5c9e2f3744@torproject.org> #16747: Tor-browser downloads favicon twice (and over different circuits) -----------------------------+----------------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: needs_information Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Major | Resolution: Keywords: tbb-linkability | Actual Points: Parent ID: | Points: Sponsor: | -----------------------------+----------------------------------- Changes (by gk): * cc: fxs, isis (added) * keywords: => tbb-linkability Comment: #17998 is a duplicate. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 06:25:45 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 06:25:45 -0000 Subject: [tbb-bugs] [Tor Bug Tracker & Wiki] Batch modify: #15538, #16444, #17442, #17790, #17918 Message-ID: <20160105062545.4E5AA6CCC2@troodi.torproject.org> Batch modification to #15538, #16444, #17442, #17790, #17918 by gk: keywords to TorBrowserTeam201601R Comment: Carrying over reviews. -- Tickets URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 06:27:59 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 06:27:59 -0000 Subject: [tbb-bugs] #17567 [Quality Assurance and Testing]: Crash when using mozmill on tor browser 5.5a4-hardened In-Reply-To: <045.d73710df7c2f7ef8c7d7a0f4628dfb06@torproject.org> References: <045.d73710df7c2f7ef8c7d7a0f4628dfb06@torproject.org> Message-ID: <060.3ea032623312524a8563bfd96e65387a@torproject.org> #17567: Crash when using mozmill on tor browser 5.5a4-hardened ------------------------------------------------+------------------------- Reporter: boklm | Owner: boklm Type: defect | Status: closed Priority: Very High | Milestone: Component: Quality Assurance and Testing | Version: Severity: Normal | Resolution: wontfix Keywords: tbb-hardened, TorBrowserTeam201512 | Actual Points: Parent ID: | Points: Sponsor: | ------------------------------------------------+------------------------- Changes (by gk): * status: new => closed * resolution: => wontfix Comment: This is a bug in Mozmill which we address with #16009. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 06:30:58 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 06:30:58 -0000 Subject: [tbb-bugs] #17248 [Tor Browser]: Investigate new WebExtensions API requirements for our extensions In-Reply-To: <042.337c4c4ba7bd2a79da59cd6b3d90f0c2@torproject.org> References: <042.337c4c4ba7bd2a79da59cd6b3d90f0c2@torproject.org> Message-ID: <057.5ef551c8325f52f79d9ad7db44360e21@torproject.org> #17248: Investigate new WebExtensions API requirements for our extensions ----------------------------------+-------------------------- Reporter: gk | Owner: tbb-team Type: task | Status: closed Priority: High | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: fixed Keywords: TorBrowserTeam201512 | Actual Points: Parent ID: | Points: Sponsor: | ----------------------------------+-------------------------- Changes (by gk): * status: new => closed * resolution: => fixed Comment: This is done and Mozilla should be aware of our needs by now. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 06:42:28 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 06:42:28 -0000 Subject: [tbb-bugs] #17904 [Tor Browser]: Use sufficient window dimensions in Privacy and Security Settings In-Reply-To: <051.f88da6edcf39556d844f44479192078d@torproject.org> References: <051.f88da6edcf39556d844f44479192078d@torproject.org> Message-ID: <066.5d50817e635132f4088d166a8ebddc86@torproject.org> #17904: Use sufficient window dimensions in Privacy and Security Settings ---------------------------------+-------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: new Priority: Low | Milestone: Component: Tor Browser | Version: Severity: Minor | Resolution: Keywords: tbb-security-slider | Actual Points: Parent ID: | Points: Sponsor: | ---------------------------------+-------------------------- Changes (by gk): * cc: gk (added) * keywords: => tbb-security-slider -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 06:48:40 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 06:48:40 -0000 Subject: [tbb-bugs] #17959 [Tor Browser]: NoScript's click-to-play is unusable on YouTube in higher security modes In-Reply-To: <044.eddf7f1a5570bc60d8d7f842d48b71a0@torproject.org> References: <044.eddf7f1a5570bc60d8d7f842d48b71a0@torproject.org> Message-ID: <059.4c38bd4ac66c5576e5cc43b316286ccd@torproject.org> #17959: NoScript's click-to-play is unusable on YouTube in higher security modes -----------------------------------+-------------------------- Reporter: teor | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-usability-website | Actual Points: Parent ID: | Points: Sponsor: | -----------------------------------+-------------------------- Changes (by gk): * cc: gk (added) * keywords: => tbb-usability-website -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 07:19:51 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 07:19:51 -0000 Subject: [tbb-bugs] #17999 [Tor Browser]: Changed default GUI font might help fingerprinting JA Windows users Message-ID: <042.04e2a0b3c5620d01681afc388d863de4@torproject.org> #17999: Changed default GUI font might help fingerprinting JA Windows users -----------------------------+-------------------------------------- Reporter: gk | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Keywords: tbb-fingerprinting-fonts Actual Points: | Parent ID: Points: | Sponsor: -----------------------------+-------------------------------------- As yawning noted in #17550 the default GUI font changed across Windows versions: * Windows XP -> `MS UI Gothic` (Not sure if this needs to be localized, don't have a box with this) * Windows Vista/7 -> `????` * Windows 8/8.1 -> `Meiryo UI` * Windows 10 -> `Yu Gothic UI` This might aid in fingerprinting JA users which are on Windows. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 07:20:47 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 07:20:47 -0000 Subject: [tbb-bugs] #17550 [Tor Browser]: All UI elements appear really messed up (Windows 10 JA) In-Reply-To: <047.8146f30d74dc216b939df1cf61c97483@torproject.org> References: <047.8146f30d74dc216b939df1cf61c97483@torproject.org> Message-ID: <062.7108c3a218eebf258aac5f26fc4c1cfd@torproject.org> #17550: All UI elements appear really messed up (Windows 10 JA) -------------------------------------------------+------------------------- Reporter: yawning | Owner: tbb- Type: defect | team Priority: High | Status: closed Component: Tor Browser | Milestone: Severity: Major | Version: Keywords: windows, tbb-usability, | Resolution: fixed TorBrowserTeam201512 | Actual Points: Parent ID: | Points: Sponsor: | -------------------------------------------------+------------------------- Changes (by gk): * status: new => closed * resolution: => fixed Comment: This is fixed. #17999 is a follow-up ticket dealing with the different default fonts in different Windows versions. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 07:21:41 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 07:21:41 -0000 Subject: [tbb-bugs] [Tor Bug Tracker & Wiki] Batch modify: #17761, #6540, #13893, #17870, #17895, #15578, #15988, #16333, #16652, #16665, #16672, #16686, #16757, #17128, #17400, #17509, #17662, #17858 Message-ID: <20160105072141.E4B4665F56@troodi.torproject.org> Batch modification to #17761, #6540, #13893, #17870, #17895, #15578, #15988, #16333, #16652, #16665, #16672, #16686, #16757, #17128, #17400, #17509, #17662, #17858 by gk: keywords to TorBrowserTeam201601 Comment: Tickets for Jan 2016. -- Tickets URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 07:23:58 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 07:23:58 -0000 Subject: [tbb-bugs] [Tor Bug Tracker & Wiki] Batch modify: #17428, #17917 Message-ID: <20160105072358.6191765F56@troodi.torproject.org> Batch modification to #17428, #17917 by gk: keywords to TorBrowserTeam201601 -- Tickets URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 09:15:02 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 09:15:02 -0000 Subject: [tbb-bugs] [Tor Bug Tracker & Wiki] Batch modify: #13893, #17870, #17895, #15988, #17869 Message-ID: <20160105091502.DEFAA65F56@troodi.torproject.org> Batch modification to #13893, #17870, #17895, #15988, #17869 by gk: keywords to GeorgKoppen201601 -- Tickets URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 09:27:50 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 09:27:50 -0000 Subject: [tbb-bugs] #17898 [Tor Browser]: Firefox new Tracking Protection In-Reply-To: <051.60890efa353a0e8879a7f244e15e7460@torproject.org> References: <051.60890efa353a0e8879a7f244e15e7460@torproject.org> Message-ID: <066.2c2651910231742738d687cb17c6a8c7@torproject.org> #17898: Firefox new Tracking Protection -------------------------+-------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: ff45-esr | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Changes (by gk): * keywords: => ff45-esr * cc: gk (added) Comment: Replying to [ticket:17898 cypherpunks]: > Firefox's new Tracking Protection includes 2 lists, 1 basic and 1 strict list with the basic enabled by default in private browsing (the mode TBB uses by default). > > How will this need to be configured in Firefox 45 ESR when it lands? Seems we have to set `privacy.trackingprotection.pbmode.enabled` to `false` > Is there a way to link this in with the security slider (basic protection for lower levels and strict for high)? Well, the security slider (as the name says) is for security related things while tracking protection aims at defending against cross-origin tracking. These are different things and I think we should not mix them. This would further complicate things and would make an analysis of the properties Tor Browser provides even harder. Thus, no, there are no plans to expose this in the slider. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 09:58:06 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 09:58:06 -0000 Subject: [tbb-bugs] #17931 [Tor Browser]: Tor Browser crashes in LogMessageToConsole() (was: Tor Browser Hardened Crash) In-Reply-To: <044.d6ca03d5e4dde392adfaf7066ccee0e4@torproject.org> References: <044.d6ca03d5e4dde392adfaf7066ccee0e4@torproject.org> Message-ID: <059.34ea3b100c08e847e4fe1d46a95e2688@torproject.org> #17931: Tor Browser crashes in LogMessageToConsole() -------------------------------------------------+------------------------- Reporter: pege | Owner: tbb- Type: defect | team Priority: Immediate | Status: Component: Tor Browser | needs_review Severity: Blocker | Milestone: Keywords: tbb-hardened, tbb-crash, | Version: TorBrowserTeam201601R | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 10:36:22 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 10:36:22 -0000 Subject: [tbb-bugs] #16990 [Tor Browser]: Circuit visualizer stops working after some time In-Reply-To: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> References: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> Message-ID: <066.5f7fcb81f95525260a6d007022fc725c@torproject.org> #16990: Circuit visualizer stops working after some time -------------------------------------------------+------------------------- Reporter: cypherpunks | Owner: tbb- Type: defect | team Priority: Medium | Status: Component: Tor Browser | needs_information Severity: Normal | Milestone: Keywords: tbb-torbutton tbb-circuit-display | Version: TorBrowserTeam201511R | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Changes (by gk): * status: reopened => needs_information Comment: Replying to [comment:9 cypherpunks]: > This problem is still present in 5.0.6. GNU/Linux, x64, English locale. How do I reproduce your issue? -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 14:19:10 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 14:19:10 -0000 Subject: [tbb-bugs] #17898 [Tor Browser]: Firefox new Tracking Protection In-Reply-To: <051.60890efa353a0e8879a7f244e15e7460@torproject.org> References: <051.60890efa353a0e8879a7f244e15e7460@torproject.org> Message-ID: <066.7541733dfa002313f3fd3d561158005a@torproject.org> #17898: Firefox new Tracking Protection -------------------------+-------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: ff45-esr | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by mcs): Replying to [comment:2 gk]: > Well, the security slider (as the name says) is for security related things while tracking protection aims at defending against cross-origin tracking. These are different things and I think we should not mix them. This would further complicate things and would make an analysis of the properties Tor Browser provides even harder. Thus, no, there are no plans to expose this in the slider. I agree that we should not mix privacy related things into the security slider settings. But if features such as tracking protection break a lot of websites, we may eventually want to provide a way for users to choose how much privacy protection they need. That said, at this point in time I do not think we have enough experience to decide what to group together in order to make a user interface that users would be able to understand. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 15:27:14 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 15:27:14 -0000 Subject: [tbb-bugs] #17931 [Tor Browser]: Tor Browser crashes in LogMessageToConsole() In-Reply-To: <044.d6ca03d5e4dde392adfaf7066ccee0e4@torproject.org> References: <044.d6ca03d5e4dde392adfaf7066ccee0e4@torproject.org> Message-ID: <059.9f779d36ce78ceea808eb0029dbd5e31@torproject.org> #17931: Tor Browser crashes in LogMessageToConsole() -------------------------------------------------+------------------------- Reporter: pege | Owner: tbb- Type: defect | team Priority: Immediate | Status: Component: Tor Browser | needs_review Severity: Blocker | Milestone: Keywords: tbb-hardened, tbb-crash, | Version: TorBrowserTeam201601R | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Comment (by mcs): Replying to [comment:14 arthuredelstein]: > Here are two patches to give `nsContentUtils::LogMessageToConsole` a single non-format argument, as Mike suggested: > > https://github.com/arthuredelstein/tor-browser/commits/17931+2 > > The first patch removes usage of `LogMessageToConsole` in `GonkGPSGeolocationProvider.cpp`, in favor of a more standard logging method found in other Gonk files. > > The second patch changes `nsContentUtils::LogMessageToConsole` to a single argument. That makes the existing usage in `nsCanvasUtils.cpp` and `loggingCallbacks.h` safe. > > I confirmed that tor-browser.git builds and works with these patches applied. I have also submitted them to Mozilla's try server. The results will be here: > https://treeherder.mozilla.org/#/jobs?repo=try&revision=71edd495d073 r=mcs, r=brade We did not compile or run the code, but it looks good. One question: are the (int) casts in front of the nsresult args needed inside GonkGPSGeolocationProvider.cpp? I assume they are; I am just surprised. > ... I do agree with Mike that it will be safer if Mozilla adopts a single-argument signature for `LogMessageToConsole`. Have you filed a bugzilla bug yet? I would like to be cc'd on it. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 16:24:42 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 16:24:42 -0000 Subject: [tbb-bugs] #17931 [Tor Browser]: Tor Browser crashes in LogMessageToConsole() In-Reply-To: <044.d6ca03d5e4dde392adfaf7066ccee0e4@torproject.org> References: <044.d6ca03d5e4dde392adfaf7066ccee0e4@torproject.org> Message-ID: <059.ccc55c681b4822bfda73905f61ba99be@torproject.org> #17931: Tor Browser crashes in LogMessageToConsole() -------------------------------------------------+------------------------- Reporter: pege | Owner: tbb- Type: defect | team Priority: Immediate | Status: closed Component: Tor Browser | Milestone: Severity: Blocker | Version: Keywords: tbb-hardened, tbb-crash, | Resolution: fixed TorBrowserTeam201601R | Actual Points: Parent ID: | Points: Sponsor: | -------------------------------------------------+------------------------- Changes (by gk): * status: needs_review => closed * resolution: => fixed Comment: Looks good to me, too. This will be fixed in 5.0.7, 5.5a6 and 5.5a6-hardened. Applied to tor-browser-38.5.0esr-5.0-2 and tor- browser-38.5.0esr-5.5-2 with slightly modified commit messages. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 16:29:11 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 16:29:11 -0000 Subject: [tbb-bugs] #18004 [Tor Browser]: Remove donation banner from TBB about:tor page when campaign is finished Message-ID: <055.0ae7d60d484a10f00eacd6ebcc9facc0@torproject.org> #18004: Remove donation banner from TBB about:tor page when campaign is finished ---------------------------------+---------------------------------- Reporter: arthuredelstein | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Keywords: TorBrowserTeam201601 Actual Points: | Parent ID: #17534 Points: | Sponsor: ---------------------------------+---------------------------------- In #17565, we introduced a donation banner to TBB's about:tor page. When the fundraising campaign is done, we should remove the banner from torbutton.git. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 16:33:16 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 16:33:16 -0000 Subject: [tbb-bugs] #18004 [Tor Browser]: Remove donation banner from TBB about:tor page when campaign is finished In-Reply-To: <055.0ae7d60d484a10f00eacd6ebcc9facc0@torproject.org> References: <055.0ae7d60d484a10f00eacd6ebcc9facc0@torproject.org> Message-ID: <070.71525e71cb57813a389a65736ed9cbdb@torproject.org> #18004: Remove donation banner from TBB about:tor page when campaign is finished ----------------------------------+-------------------------- Reporter: arthuredelstein | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: TorBrowserTeam201601 | Actual Points: Parent ID: #17534 | Points: Sponsor: | ----------------------------------+-------------------------- Comment (by arthuredelstein): Here's a patch that reverts the commits for the donation banner: https://github.com/arthuredelstein/torbutton/commit/18004 -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 18:17:24 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 18:17:24 -0000 Subject: [tbb-bugs] #18005 [Tor Browser]: Set India IP - Takes Japan IP Message-ID: <046.fe0aa2288ca245c9b5a6ac678a4a475a@torproject.org> #18005: Set India IP - Takes Japan IP -----------------------------+---------------------- Reporter: patkim | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Keywords: Actual Points: | Parent ID: Points: | Sponsor: -----------------------------+---------------------- I set India IP ExitNodes {in} StrictExitNodes 1 in my torrc file. However with this configuration it is taking an IP 120.29.xxx.xxx whose reverse look up shows in originates in Japan Tokyo. Is this a bug? Kindly confirm. I am using Tor Browser 5.0.6 on Windows 7. Thanks, Pat -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 19:13:59 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 19:13:59 -0000 Subject: [tbb-bugs] #17898 [Tor Browser]: Firefox new Tracking Protection In-Reply-To: <051.60890efa353a0e8879a7f244e15e7460@torproject.org> References: <051.60890efa353a0e8879a7f244e15e7460@torproject.org> Message-ID: <066.2ad0c16dca4bd1a0dc01d9a822166c5a@torproject.org> #17898: Firefox new Tracking Protection -------------------------+-------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: ff45-esr | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by cypherpunks): There is also the value `privacy.trackingprotection.enabled` which is set to `false` by default (meaning it only works in PB mode). I think both this value as well as `privacy.trackingprotection.pbmode.enabled` need to be set to `true`. From my experience, `basic` seems to very rarely (if at all) break any sites core functionality but it is much more common for `strict` to break sites. If not in the security slider, it would be seem ideal to implement it in a similar fashion to allow users a tradeoff for increased privacy. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 19:36:10 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 19:36:10 -0000 Subject: [tbb-bugs] #17898 [Tor Browser]: Firefox new Tracking Protection In-Reply-To: <051.60890efa353a0e8879a7f244e15e7460@torproject.org> References: <051.60890efa353a0e8879a7f244e15e7460@torproject.org> Message-ID: <066.6b9094b857cf1737fb2c3d107ef193d7@torproject.org> #17898: Firefox new Tracking Protection -------------------------+-------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: ff45-esr | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by gk): Replying to [comment:3 mcs]: > Replying to [comment:2 gk]: > > Well, the security slider (as the name says) is for security related things while tracking protection aims at defending against cross-origin tracking. These are different things and I think we should not mix them. This would further complicate things and would make an analysis of the properties Tor Browser provides even harder. Thus, no, there are no plans to expose this in the slider. > > I agree that we should not mix privacy related things into the security slider settings. But if features such as tracking protection break a lot of websites, we may eventually want to provide a way for users to choose how much privacy protection they need. That said, at this point in time I do not I am a bit confused because we want to *disable* it by default. And that should not break anything as this is the default mode (outside of PB). And then there is section 2.3.5 of the Tor Browser design documentation. :) So, I kind of repurposed this bug to make sure we have the new tracking protection in PB disabled as well in ESR45 (seems I was not clear enough). -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 20:44:17 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 20:44:17 -0000 Subject: [tbb-bugs] #18005 [Tor Browser]: Set India IP - Takes Japan IP In-Reply-To: <046.fe0aa2288ca245c9b5a6ac678a4a475a@torproject.org> References: <046.fe0aa2288ca245c9b5a6ac678a4a475a@torproject.org> Message-ID: <061.7e6324b2ae63dc11a444892d4a5d279b@torproject.org> #18005: Set India IP - Takes Japan IP -------------------------+-------------------------- Reporter: patkim | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by kleft): I can imagine this could may be an inaccuracy of the geoip-db used by Tor. Several public db lists contain an indian location for 120.29.212.x - 120.29.221.x although they are actually operated from different countries according to the APNIC Whois. Traceroutes from de_DE to .217 end up in Tokyo while connections to .212 were served from Mumbai. inetnum netname country nic-hdl 120.29.212.0/24 VOICEPE2_CHN-TATAC IN IA75-AP 120.29.213.0/24 VOICEPE2_MUM-TATAC IN IA75-AP 120.29.214.0/24 SGP-SVQ-TATAC SG IA75-AP 120.29.215.0/24 SGP-SVQ-TATAC SG IA75-AP 120.29.216.0/24 HONGKONG-HK2-TATAC HK IA75-AP 120.29.217.0/24 TOKYO-TV2-TATAC JP IA75-AP 120.29.218.0/24 VOICEPE_MUM-TATAC IN IA75-AP 120.29.219.0/24 SYDNEY-1MH-TATAC AU IA75-AP 120.29.220.0/24 VOICEPE_CHN-TATAC IN IA75-AP 120.29.221.0/24 SYDNEY_NGN_GEAR-TATAC AU IA75-AP 120.29.222.0/24 BANGKOK-BK7-TATAC TH IA75-AP -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 5 21:57:40 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 05 Jan 2016 21:57:40 -0000 Subject: [tbb-bugs] #16322 [Tor Browser]: Use duckduckgo hidden service instead of clearnet one In-Reply-To: <051.5810ff9538412abf72de785e36c71990@torproject.org> References: <051.5810ff9538412abf72de785e36c71990@torproject.org> Message-ID: <066.45b594cb51623189b2273e8c4e76e449@torproject.org> #16322: Use duckduckgo hidden service instead of clearnet one -------------------------------------------------+------------------------- Reporter: cypherpunks | Owner: tbb- Type: enhancement | team Priority: Very High | Status: new Component: Tor Browser | Milestone: Severity: Normal | Version: Keywords: duckduckgo, hidden service, | Resolution: clearnet | Actual Points: Parent ID: | Points: Sponsor: | -------------------------------------------------+------------------------- Changes (by jah): * severity: => Normal Comment: Performing a DuckDuckGo search from the search bar after setting the Tor Browser security slider to "High" results in a search result page which states:- "This page requires JavaScript. Get the non-JS version here" and links to the "html" version of the search page: https://duckduckgo.com/html/?q=search+term The .onion site already uses the html version so bundling Tor Browser with a search add-on for the .onion site would be a welcome improvement in usability. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 6 09:18:05 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 06 Jan 2016 09:18:05 -0000 Subject: [tbb-bugs] #11506 [Tor Browser]: Users are confused by the 2000-01-01 00:00 UTC timestamp In-Reply-To: <045.c85c0e9da13579171d8560515374a85e@torproject.org> References: <045.c85c0e9da13579171d8560515374a85e@torproject.org> Message-ID: <060.469b4e1a8c652991990c83dcdded2384@torproject.org> #11506: Users are confused by the 2000-01-01 00:00 UTC timestamp -------------------------------------------------+------------------------- Reporter: lunar | Owner: tbb- Type: defect | team Priority: Medium | Status: new Component: Tor Browser | Milestone: Severity: Normal | Version: Keywords: tbb-helpdesk-frequent, tbb-gitian, | Resolution: TorBrowserTeam201601, GeorgKoppen201601 | Actual Points: Parent ID: | Points: Sponsor: | -------------------------------------------------+------------------------- Changes (by gk): * keywords: tbb-helpdesk-frequent, tbb-gitian => tbb-helpdesk-frequent, tbb-gitian, TorBrowserTeam201601, GeorgKoppen201601 * severity: => Normal Comment: This got fixed upstream it seems: https://github.com/devrandom/gitian- builder/commit/bb4f92f6cbde6ee78e39ae35b0934da3b55e154d. Might be just a matter of cherry-picking the respective commit. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 6 09:46:50 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 06 Jan 2016 09:46:50 -0000 Subject: [tbb-bugs] #16990 [Tor Browser]: Circuit visualizer stops working after some time In-Reply-To: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> References: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> Message-ID: <066.476dc8c892d398a5d9a5c986f0bb481b@torproject.org> #16990: Circuit visualizer stops working after some time -------------------------------------------------+------------------------- Reporter: cypherpunks | Owner: tbb- Type: defect | team Priority: Medium | Status: Component: Tor Browser | assigned Severity: Normal | Milestone: Keywords: tbb-torbutton tbb-circuit-display | Version: TorBrowserTeam201516 tbb-5.5 | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Changes (by gk): * keywords: tbb-torbutton tbb-circuit-display TorBrowserTeam201511R => tbb-torbutton tbb-circuit-display TorBrowserTeam201516 tbb-5.5 * status: needs_information => assigned Comment: Replying to [comment:10 gk]: > Replying to [comment:9 cypherpunks]: > > This problem is still present in 5.0.6. GNU/Linux, x64, English locale. > > How do I reproduce your issue? Okay, I found a way to reproduce at least one issue: 1) Open a new tab and go to https://bugzilla.mozilla.org/ (after it loaded the circuit should be visible) 2) Choose Search -> Advanced Search 3) Click on Detailed Bug Information and enter `[tor]` in the Whiteboard row 4) Click on Search and after you got your results checking the circuit display does not show any curcuit anymore Reloading does not help either. I am not sure if this is caused by our fixup done in this bug yet or whether that is an additional issue we overlooked so far. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 6 11:42:00 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 06 Jan 2016 11:42:00 -0000 Subject: [tbb-bugs] #16747 [Tor Browser]: Tor-browser downloads favicon twice (and over different circuits) In-Reply-To: <051.9c42f0514996fd8cc9e3577b00ebb256@torproject.org> References: <051.9c42f0514996fd8cc9e3577b00ebb256@torproject.org> Message-ID: <066.79a8b74d5d3bf893af28e7195c7f0df9@torproject.org> #16747: Tor-browser downloads favicon twice (and over different circuits) -----------------------------+----------------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: needs_information Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Major | Resolution: Keywords: tbb-linkability | Actual Points: Parent ID: | Points: Sponsor: | -----------------------------+----------------------------------- Comment (by cypherpunks): Replying to [comment:6 gk]: > So, there are two things here: 1) Downloading the favicon twice. I'd guess this is an underlying Mozilla problem: https://bugzilla.mozilla.org/show_bug.cgi?id=583351. 2) Downloading the favicon over a different circuit. I can observe 1), too, on some websites but it seems all those second requests go over the same circuit. Is 2) reproducible for you? If so, do you have an example site allowing us to debug the Tor Browser behavior? Sorry for the late reply. I doubt 1) is the cause here, ticket:17998#comment:2 would be my guess, too. 2) It is reproducible, but: It happens only on the first request to the site, I could not trigger it a second time in the same Tor Browser session. Reloading, getting a new circuit in torbutton, closing/reopening tabs... nada. Requests to the favicon don't show up in any FF DevTool. Considering I don't reference the favicon in my HTML, Mozilla is doing some magic here. A quick search turned up complaints about it on Bugzilla reaching back to FF 0.10, it looks like preffing off browser.chrome.favicons disables this behavior and leaves correctly referenced favicons intact. So this might be a cheap and easy fix at the cost of loosing favicons on sites which simply dump it in their web-root directory and expect it to work (besides me and mozilla.org, nobody really seems to be doing this). I couldn't get my TB to log to a file as per your instruction in the other ticket, do you still want a testcase with all this info? Btw: opening 'Page Info' triggers resource fetches via unrelated circuits, too. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 6 11:43:33 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 06 Jan 2016 11:43:33 -0000 Subject: [tbb-bugs] #18005 [Tor]: Set India IP - Takes Japan IP In-Reply-To: <046.fe0aa2288ca245c9b5a6ac678a4a475a@torproject.org> References: <046.fe0aa2288ca245c9b5a6ac678a4a475a@torproject.org> Message-ID: <061.4ed7c367900f7dfd9b89c8c92048af7f@torproject.org> #18005: Set India IP - Takes Japan IP --------------------+------------------------------------ Reporter: patkim | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Tor: 0.2.8.x-final Component: Tor | Version: Tor: 0.2.6.10 Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | --------------------+------------------------------------ Changes (by teor): * version: => Tor: 0.2.6.10 * component: Tor Browser => Tor * milestone: => Tor: 0.2.8.x-final Comment: This is not a bug with Tor Browser, it is an issue with tor's GeoIP files. Unfortunately, GeoIP lists are somewhat inaccurate, and are becoming more so as IPv4 addresses are transferred around the world due to the IPv4 address shortage. Also, some IP addresses have a GeoIP location based on the location of the company that controls the address, rather than the server the address is assigned to. We regularly update the GeoIP files that are distributed with Tor, and those updates are picked up by Tor Browser. (The GeoIP files in Tor Browser 5.0.6 were updated on 1 December 2015.) You might try reporting these issues to MaxMind. (Tor sources its GeoIP data from MaxMind.) https://support.maxmind.com/geoip-data-correction-request/ Otherwise, I'm not sure there is anything else we can do about this, but I'm leaving this issue open in case anyone else has any suggestions. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 6 11:46:56 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 06 Jan 2016 11:46:56 -0000 Subject: [tbb-bugs] #16747 [Tor Browser]: Tor-browser downloads favicon twice (and over different circuits) In-Reply-To: <051.9c42f0514996fd8cc9e3577b00ebb256@torproject.org> References: <051.9c42f0514996fd8cc9e3577b00ebb256@torproject.org> Message-ID: <066.57de47447c0cab790f3dbeb82512974a@torproject.org> #16747: Tor-browser downloads favicon twice (and over different circuits) -----------------------------+----------------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: needs_information Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Major | Resolution: Keywords: tbb-linkability | Actual Points: Parent ID: | Points: Sponsor: | -----------------------------+----------------------------------- Comment (by teor): Replying to [comment:8 cypherpunks]: > Replying to [comment:6 gk]: > > So, there are two things here: 1) Downloading the favicon twice. I'd guess this is an underlying Mozilla problem: https://bugzilla.mozilla.org/show_bug.cgi?id=583351. 2) Downloading the favicon over a different circuit. I can observe 1), too, on some websites but it seems all those second requests go over the same circuit. Is 2) reproducible for you? If so, do you have an example site allowing us to debug the Tor Browser behavior? > > Sorry for the late reply. > I doubt 1) is the cause here, ticket:17998#comment:2 would be my guess, too. They could well be the same issue. > 2) It is reproducible, but: > It happens only on the first request to the site, I could not trigger it a second time in the same Tor Browser session. Reloading, getting a new circuit in torbutton, closing/reopening tabs... nada. > Requests to the favicon don't show up in any FF DevTool. > > Considering I don't reference the favicon in my HTML, Mozilla is doing some magic here. A quick search turned up complaints about it on Bugzilla reaching back to FF 0.10, it looks like preffing off browser.chrome.favicons disables this behavior and leaves correctly referenced favicons intact. > So this might be a cheap and easy fix at the cost of loosing favicons on sites which simply dump it in their web-root directory and expect it to work (besides me and mozilla.org, nobody really seems to be doing this). See https://en.wikipedia.org/wiki/Favicon#How_to_use for a list of how browsers look for favicons. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 6 11:48:37 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 06 Jan 2016 11:48:37 -0000 Subject: [tbb-bugs] #16322 [Tor Browser]: Use duckduckgo hidden service instead of clearnet one In-Reply-To: <051.5810ff9538412abf72de785e36c71990@torproject.org> References: <051.5810ff9538412abf72de785e36c71990@torproject.org> Message-ID: <066.8849febf35e43c70ed07be9d62932fc3@torproject.org> #16322: Use duckduckgo hidden service instead of clearnet one -------------------------------------------------+------------------------- Reporter: cypherpunks | Owner: tbb- Type: enhancement | team Priority: Very High | Status: new Component: Tor Browser | Milestone: Severity: Normal | Version: Keywords: duckduckgo, hidden service, | Resolution: clearnet | Actual Points: Parent ID: | Points: Sponsor: | -------------------------------------------------+------------------------- Comment (by teor): Replying to [comment:3 jah]: > Performing a DuckDuckGo search from the search bar after setting the Tor Browser security slider to "High" results in a search result page which states:- > > "This page requires JavaScript. Get the non-JS version here" > > and links to the "html" version of the search page: https://duckduckgo.com/html/?q=search+term This is so annoying. It would be great to get it fixed. > > The .onion site already uses the html version so bundling Tor Browser with a search add-on for the .onion site would be a welcome improvement in usability. > And security and privacy. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 6 13:04:04 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 06 Jan 2016 13:04:04 -0000 Subject: [tbb-bugs] #16990 [Tor Browser]: Circuit visualizer stops working after some time In-Reply-To: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> References: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> Message-ID: <066.a7cab16bfceff76fa9ec2d1759eeb835@torproject.org> #16990: Circuit visualizer stops working after some time -------------------------------------------------+------------------------- Reporter: cypherpunks | Owner: tbb- Type: defect | team Priority: Medium | Status: Component: Tor Browser | assigned Severity: Normal | Milestone: Keywords: tbb-torbutton tbb-circuit-display | Version: TorBrowserTeam201601 tbb-5.5 | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Changes (by gk): * keywords: tbb-torbutton tbb-circuit-display TorBrowserTeam201516 tbb-5.5 => tbb-torbutton tbb-circuit-display TorBrowserTeam201601 tbb-5.5 -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 6 15:46:47 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 06 Jan 2016 15:46:47 -0000 Subject: [tbb-bugs] #16747 [Tor Browser]: Tor-browser downloads favicon twice (and over different circuits) In-Reply-To: <051.9c42f0514996fd8cc9e3577b00ebb256@torproject.org> References: <051.9c42f0514996fd8cc9e3577b00ebb256@torproject.org> Message-ID: <066.7986dd920427d67a51fb2899b8369aed@torproject.org> #16747: Tor-browser downloads favicon twice (and over different circuits) -----------------------------+----------------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: needs_information Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Major | Resolution: Keywords: tbb-linkability | Actual Points: Parent ID: | Points: Sponsor: | -----------------------------+----------------------------------- Comment (by gk): Replying to [comment:8 cypherpunks]: > Replying to [comment:6 gk]: > > So, there are two things here: 1) Downloading the favicon twice. I'd guess this is an underlying Mozilla problem: https://bugzilla.mozilla.org/show_bug.cgi?id=583351. 2) Downloading the favicon over a different circuit. I can observe 1), too, on some websites but it seems all those second requests go over the same circuit. Is 2) reproducible for you? If so, do you have an example site allowing us to debug the Tor Browser behavior? > > Sorry for the late reply. > I doubt 1) is the cause here, ticket:17998#comment:2 would be my guess, too. > > 2) It is reproducible, but: > It happens only on the first request to the site, I could not trigger it a second time in the same Tor Browser session. Reloading, getting a new circuit in torbutton, closing/reopening tabs... nada. > Requests to the favicon don't show up in any FF DevTool. Interesting. FWIW: I see favicon requests in the browser console. Still, looking at the log output visiting mozilla.org shows everything goes over the same circuit. What OS are you on? > Considering I don't reference the favicon in my HTML, Mozilla is doing some magic here. A quick search turned up complaints about it on Bugzilla reaching back to FF 0.10, it looks like preffing off browser.chrome.favicons disables this behavior and leaves correctly referenced favicons intact. > So this might be a cheap and easy fix at the cost of loosing favicons on sites which simply dump it in their web-root directory and expect it to work (besides me and mozilla.org, nobody really seems to be doing this). > > I couldn't get my TB to log to a file as per your instruction in the other ticket, do you still want a testcase with all this info? Yes, please. I assumed you were using Linux. If you extract the Tor Browser and change into the tor-browser_LOCALE directory, starting Tor Browser with `./start-tor-browser.desktop --log` should give you a `tor- browser.log` file in the same directory. If you set the Torbutton logging to level 3 as described you should see the circuit isolation at work. > Btw: opening 'Page Info' triggers resource fetches via unrelated circuits, too. Yeah, that's annoying and #15555 assuming you meant the view-source feature. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 6 19:13:12 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 06 Jan 2016 19:13:12 -0000 Subject: [tbb-bugs] #18005 [Tor]: Set India IP - Takes Japan IP In-Reply-To: <046.fe0aa2288ca245c9b5a6ac678a4a475a@torproject.org> References: <046.fe0aa2288ca245c9b5a6ac678a4a475a@torproject.org> Message-ID: <061.e195b0a369c5630a1ac582d279f05543@torproject.org> #18005: Set India IP - Takes Japan IP --------------------+------------------------------------ Reporter: patkim | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Tor: 0.2.8.x-final Component: Tor | Version: Tor: 0.2.6.10 Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | --------------------+------------------------------------ Comment (by patkim): Thank you so much for the detailed explanation. This prompted me to comment out those lines in the geoip file against IN. Now when I run Tor browser, it takes some other IP for India that actually originates in India. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 6 19:24:11 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 06 Jan 2016 19:24:11 -0000 Subject: [tbb-bugs] #16990 [Tor Browser]: Circuit visualizer stops working after some time In-Reply-To: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> References: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> Message-ID: <066.1c4a821874dbd91417674b86fdb1c962@torproject.org> #16990: Circuit visualizer stops working after some time -------------------------------------------------+------------------------- Reporter: cypherpunks | Owner: tbb- Type: defect | team Priority: Medium | Status: Component: Tor Browser | needs_review Severity: Normal | Milestone: Keywords: tbb-torbutton tbb-circuit-display | Version: TorBrowserTeam201601R, tbb-5.5 | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Changes (by arthuredelstein): * keywords: tbb-torbutton tbb-circuit-display TorBrowserTeam201601 tbb-5.5 => tbb-torbutton tbb-circuit-display TorBrowserTeam201601R, tbb-5.5 * status: assigned => needs_review Comment: Replying to [comment:11 gk]: > Replying to [comment:10 gk]: > > Replying to [comment:9 cypherpunks]: > > > This problem is still present in 5.0.6. GNU/Linux, x64, English locale. > > > > How do I reproduce your issue? > > Okay, I found a way to reproduce at least one issue: > > 1) Open a new tab and go to https://bugzilla.mozilla.org/ (after it loaded the circuit should be visible) > 2) Choose Search -> Advanced Search > 3) Click on Detailed Bug Information and enter `[tor]` in the Whiteboard row > 4) Click on Search and after you got your results checking the circuit display does not show any curcuit anymore > > Reloading does not help either. I am not sure if this is caused by our fixup done in this bug yet or whether that is an additional issue we overlooked so far. I found that browsing to the URL https://bugzilla.mozilla.org/buglist.cgi?a reproduces the error. For each loaded document, the tor circuit display looks up the SOCKS user name and password. Normally it calls `getSOCKSCredentials(browser)` which does the equivalent of: {{{ currentDocumentChannel.QueryInterface(Ci.nsIProxiedChannel).proxyInfo }}} It turns out that that the offending URL causes an nsIMultiPartChannel instead of an nsIHttpChannel to be associated with the document, so that `currentDocumentChannel.QueryInterface(Ci.nsIProxiedChannel)` fails. But the main nsIHttpChannel can be found at nsIMultiPartChannel.baseChannel. So in that situation we need to use something like {{{ currentDocumentChannel.QueryInterface(Ci.nsIMultiPartChannel).baseChannel.QueryInterface(Ci.nsIProxiedChannel).proxyInfo }}} Here's a patch to do this: https://github.com/arthuredelstein/torbutton/commit/16990+1 -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 6 19:24:45 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 06 Jan 2016 19:24:45 -0000 Subject: [tbb-bugs] #18004 [Tor Browser]: Remove donation banner from TBB about:tor page when campaign is finished In-Reply-To: <055.0ae7d60d484a10f00eacd6ebcc9facc0@torproject.org> References: <055.0ae7d60d484a10f00eacd6ebcc9facc0@torproject.org> Message-ID: <070.bb7cf20c8683c038c5fa42b797cbfbcc@torproject.org> #18004: Remove donation banner from TBB about:tor page when campaign is finished --------------------------------------------+------------------------------ Reporter: arthuredelstein | Owner: tbb-team Type: defect | Status: needs_review Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: TorBrowserTeam201601R, tbb-5.5 | Actual Points: Parent ID: #17534 | Points: Sponsor: | --------------------------------------------+------------------------------ Changes (by gk): * cc: boklm (added) * keywords: TorBrowserTeam201601 => TorBrowserTeam201601R, tbb-5.5 * status: new => needs_review Comment: FWIW: This will fix the failing dom-objects-enumeration test as well. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 6 19:49:33 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 06 Jan 2016 19:49:33 -0000 Subject: [tbb-bugs] #18010 [Tor Browser]: Tor Browser 5.0.6 + WIN10 (was: TOR 5.0.6 + WIN10) In-Reply-To: <047.d17c22a98e4416c59f147c7b8f610735@torproject.org> References: <047.d17c22a98e4416c59f147c7b8f610735@torproject.org> Message-ID: <062.b1dd37773e10cee204e140ba38979ae5@torproject.org> #18010: Tor Browser 5.0.6 + WIN10 -------------------------+-------------------------- Reporter: Loc_dog | Owner: tbb-team Type: defect | Status: new Priority: High | Milestone: Component: Tor Browser | Version: Severity: Major | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Changes (by cypherpunks): * owner: => tbb-team * component: Tor => Tor Browser -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 6 19:50:41 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 06 Jan 2016 19:50:41 -0000 Subject: [tbb-bugs] #18010 [Tor Browser]: Tor Browser 5.0.6 + WIN10 In-Reply-To: <047.d17c22a98e4416c59f147c7b8f610735@torproject.org> References: <047.d17c22a98e4416c59f147c7b8f610735@torproject.org> Message-ID: <062.8228be9c7485995130936b5a09f53f74@torproject.org> #18010: Tor Browser 5.0.6 + WIN10 ---------------------------+-------------------------- Reporter: Loc_dog | Owner: tbb-team Type: defect | Status: new Priority: High | Milestone: Component: Tor Browser | Version: Severity: Major | Resolution: Keywords: tbb-usability | Actual Points: Parent ID: | Points: Sponsor: | ---------------------------+-------------------------- Changes (by cypherpunks): * keywords: => tbb-usability -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 6 20:11:42 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 06 Jan 2016 20:11:42 -0000 Subject: [tbb-bugs] #18010 [Tor Browser]: Tor Browser 5.0.6 + WIN10 In-Reply-To: <047.d17c22a98e4416c59f147c7b8f610735@torproject.org> References: <047.d17c22a98e4416c59f147c7b8f610735@torproject.org> Message-ID: <062.8836195d4e9d0d64f515b0c82496cc22@torproject.org> #18010: Tor Browser 5.0.6 + WIN10 ---------------------------+-------------------------- Reporter: Loc_dog | Owner: tbb-team Type: defect | Status: new Priority: High | Milestone: Component: Tor Browser | Version: Severity: Major | Resolution: Keywords: tbb-usability | Actual Points: Parent ID: | Points: Sponsor: | ---------------------------+-------------------------- Comment (by Loc_dog): Replying to [comment:1 cypherpunks]: > What keyboard layouts configured for Windows, and which one used? I use QWERTZ layout and I use integrated laptop keyboard. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 6 21:20:53 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 06 Jan 2016 21:20:53 -0000 Subject: [tbb-bugs] #16990 [Tor Browser]: Circuit visualizer stops working after some time In-Reply-To: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> References: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> Message-ID: <066.b3717c26b75a2de49dbdc66ffac8c1b6@torproject.org> #16990: Circuit visualizer stops working after some time -------------------------------------------------+------------------------- Reporter: cypherpunks | Owner: tbb- Type: defect | team Priority: Medium | Status: Component: Tor Browser | needs_review Severity: Normal | Milestone: Keywords: tbb-torbutton tbb-circuit-display | Version: TorBrowserTeam201601R, tbb-5.5 | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Comment (by cypherpunks): Hi, I'm the [comment:9 punk from comment 9]. Replying to [comment:11 gk]: > Okay, I found a way to reproduce at least one issue: > > 1) Open a new tab and go to https://bugzilla.mozilla.org/ (after it loaded the circuit should be visible) > 2) Choose Search -> Advanced Search > 3) Click on Detailed Bug Information and enter `[tor]` in the Whiteboard row > 4) Click on Search and after you got your results checking the circuit display does not show any curcuit anymore > > Reloading does not help either. I am not sure if this is caused by our fixup done in this bug yet or whether that is an additional issue we overlooked so far. This is interesting, it is 100% reproducible for any site that serves Content-Type "multipart/x-mixed-replace", like bugzilla does for the "loading" animation. However, note that in this case the circuit display doesn't get screwed up for the whole browser, only for that single document on that tab. But I think what I observed in 5.0.6 was the same behavior described in the OP (though now I'm doubting). Unfortunately I wouldn't know how to reproduce that. Replying to [comment:13 arthuredelstein]: > Here's a patch to do this: > ?https://github.com/arthuredelstein/torbutton/commit/16990+1 Why {{{getSOCKSCredentialsForBrowser}}} returns 2 values as a single string, "user:pass" i.e. "host:nonce"? That host can include a port which then results in "domain:port:nonce". Afterwards there's a {{{let domain = credentials.split(":")[0];}}} to get the domain, which may be deliberate because later there's {{{domain.endsWith(".onion")}}} so whoever wrote that expects not to have the ":port" part in "domain". But before there's {{{document.getElementById("domain").innerHTML = "(" + domain + "):";}}} which results in the UI only showing the "domain" part and not the ":port" part. But the port is part of the isolation! So shouldn't the user see "domain:port" in the UI? In any case I think it would be clearer to just return a structure not a compound string from {{{getSOCKSCredentialsForBrowser}}}. Unrelated to that: the comment for {{{setupDisplay}}} says "Returns a function..." but that's not true, it doesn't return anything. I guess that's documentation bitrot. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 6 22:10:56 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 06 Jan 2016 22:10:56 -0000 Subject: [tbb-bugs] #16990 [Tor Browser]: Circuit visualizer stops working after some time In-Reply-To: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> References: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> Message-ID: <066.cfd7122d1975e30054b31049f6e4e4f4@torproject.org> #16990: Circuit visualizer stops working after some time -------------------------------------------------+------------------------- Reporter: cypherpunks | Owner: tbb- Type: defect | team Priority: Medium | Status: Component: Tor Browser | needs_review Severity: Normal | Milestone: Keywords: tbb-torbutton tbb-circuit-display | Version: TorBrowserTeam201601R, tbb-5.5 | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Comment (by arthuredelstein): Replying to [comment:14 cypherpunks]: Thanks for the comments. > Why {{{getSOCKSCredentialsForBrowser}}} returns 2 values as a single string, "user:pass" i.e. "host:nonce"? > That host can include a port which then results in "domain:port:nonce". Afterwards there's a While I don't think the host here will include a port, I agree it's safer not to use a colon. So I have changed it to a "|" character. > In any case I think it would be clearer to just return a structure not a compound string from {{{getSOCKSCredentialsForBrowser}}}. Agreed. > Unrelated to that: the comment for {{{setupDisplay}}} says "Returns a function..." but that's not true, it doesn't return anything. I guess that's documentation bitrot. Yes, fixing that. Here's an additional "code cleanup" patch with these changes, on the same branch: ?https://github.com/arthuredelstein/torbutton/commits/16990+1 -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Thu Jan 7 00:30:10 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Thu, 07 Jan 2016 00:30:10 -0000 Subject: [tbb-bugs] #16990 [Tor Browser]: Circuit visualizer stops working after some time In-Reply-To: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> References: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> Message-ID: <066.676aed5a274b18db452b1b4b4701af1a@torproject.org> #16990: Circuit visualizer stops working after some time -------------------------------------------------+------------------------- Reporter: cypherpunks | Owner: tbb- Type: defect | team Priority: Medium | Status: Component: Tor Browser | needs_review Severity: Normal | Milestone: Keywords: tbb-torbutton tbb-circuit-display | Version: TorBrowserTeam201601R, tbb-5.5 | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Comment (by cypherpunks): Replying to [comment:15 arthuredelstein]: > While I don't think the host here will include a port, [...] You are right, sorry about the stupid rant. PS: I now tried it and of course it doesn't include the port. Why was I so sure? I read the C++ definition of {{{getFirstPartyHostForIsolation}}} and saw {{{GetHost}}} being called, this accessor seems to be automatically generated by Mozilla's C++-JS magic glue. So I read the documentation for "host" here: https://developer.mozilla.org/en- US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIURI. Now, I usually prefer to browse with CSS disabled, especially when reading. If you disable CSS in that page you loose the table borders and so I ended up reading the description for "hostPort" instead. -_-" -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Thu Jan 7 08:39:53 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Thu, 07 Jan 2016 08:39:53 -0000 Subject: [tbb-bugs] #18010 [Tor Browser]: Tor Browser 5.0.6 + WIN10 In-Reply-To: <047.d17c22a98e4416c59f147c7b8f610735@torproject.org> References: <047.d17c22a98e4416c59f147c7b8f610735@torproject.org> Message-ID: <062.63b71b3ad68627b73bfa97304f700301@torproject.org> #18010: Tor Browser 5.0.6 + WIN10 ---------------------------+-------------------------- Reporter: Loc_dog | Owner: tbb-team Type: defect | Status: new Priority: High | Milestone: Component: Tor Browser | Version: Severity: Major | Resolution: Keywords: tbb-usability | Actual Points: Parent ID: | Points: Sponsor: | ---------------------------+-------------------------- Comment (by cypherpunks): > but it works for shortcuts(copy, paste, new tab,...) Enter key working too? Can you test keyboard with changed `javascript.use_us_english_locale` pref? Open Notepad and type there: {{{ about:config javascript.use_us_english_locale }}} Copy/paste "about:config" to browser and open it (agree to process warning) Copy/paste "javascript.use_us_english_locale" to "Search:" field and press enter. Toggle "javascript.use_us_english_locale" by mouse's double-click to value "true" to change it to "false" Close browser. (you can to verify keyboard right then, but check it after restart for sure) Start browser, again. Verify keyboard. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Thu Jan 7 09:49:44 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Thu, 07 Jan 2016 09:49:44 -0000 Subject: [tbb-bugs] #18010 [Tor Browser]: Tor Browser 5.0.6 + WIN10 In-Reply-To: <047.d17c22a98e4416c59f147c7b8f610735@torproject.org> References: <047.d17c22a98e4416c59f147c7b8f610735@torproject.org> Message-ID: <062.454d68b8ca485c12c69720a2413de9c4@torproject.org> #18010: Tor Browser 5.0.6 + WIN10 ---------------------------+-------------------------- Reporter: Loc_dog | Owner: tbb-team Type: defect | Status: new Priority: High | Milestone: Component: Tor Browser | Version: Severity: Major | Resolution: Keywords: tbb-usability | Actual Points: Parent ID: | Points: Sponsor: | ---------------------------+-------------------------- Comment (by Loc_dog): Keyboard started working on its own. I restarted laptop yesterday several times and keyboard didnt work. I opened TB today and tried it just out of curiosity and it worked without reboot or changing anything. I have no idea what went wrong yesterday. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Thu Jan 7 09:55:49 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Thu, 07 Jan 2016 09:55:49 -0000 Subject: [tbb-bugs] #18010 [Tor Browser]: Tor Browser 5.0.6 + WIN10 In-Reply-To: <047.d17c22a98e4416c59f147c7b8f610735@torproject.org> References: <047.d17c22a98e4416c59f147c7b8f610735@torproject.org> Message-ID: <062.802f54951171a46898afa5d1c7572b39@torproject.org> #18010: Tor Browser 5.0.6 + WIN10 ---------------------------+---------------------------- Reporter: Loc_dog | Owner: tbb-team Type: defect | Status: closed Priority: High | Milestone: Component: Tor Browser | Version: Severity: Major | Resolution: worksforme Keywords: tbb-usability | Actual Points: Parent ID: | Points: Sponsor: | ---------------------------+---------------------------- Changes (by gk): * status: new => closed * resolution: => worksforme -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Thu Jan 7 12:55:06 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Thu, 07 Jan 2016 12:55:06 -0000 Subject: [tbb-bugs] #17870 [Tor Browser]: Some Windows 10 users experience authenticode errors if Tor Browser is signed on Linux In-Reply-To: <042.b5a281a6ef622a6cb30b9da7e22e7646@torproject.org> References: <042.b5a281a6ef622a6cb30b9da7e22e7646@torproject.org> Message-ID: <057.985009a1e06bc7ff7525b425d7c59ce9@torproject.org> #17870: Some Windows 10 users experience authenticode errors if Tor Browser is signed on Linux -------------------------------------------------+------------------------- Reporter: gk | Owner: tbb- Type: defect | team Priority: High | Status: closed Component: Tor Browser | Milestone: Severity: Major | Version: Keywords: tbb-security, TorBrowserTeam201601, | Resolution: fixed GeorgKoppen201601 | Actual Points: Parent ID: #15538 | Points: Sponsor: | -------------------------------------------------+------------------------- Changes (by gk): * status: new => closed * resolution: => fixed Comment: Replying to [comment:6 cypherpunks]: > To prepare chain before sign: > {{{ > --- AuthenticodeSigning.orig > +++ AuthenticodeSigning > > - convert it to PEM: openssl x509 -in tpo_cert.der -inform der -outform pem \ > -out tpo_cert.crt > +.... > +Get intermediate certificate from eToken or somewhere, > +(https://www.digicert.com/CACerts/DigiCertEVCodeSigningCA-SHA2.crt) > +then if it's in DER format > +.... > +- convert to PEM: openssl x509 -in DigiCertEVCodeSigningCA-SHA2.crt \ > + -inform der -outform pem -out middle_cert.crt > +- append: cat middle_cert.crt >> tpo_cert.crt > + > }}} Thanks, this seems to work. 5.5a6 will be signed this way. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Thu Jan 7 14:13:13 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Thu, 07 Jan 2016 14:13:13 -0000 Subject: [tbb-bugs] #18015 [Tor Browser]: Update prompt should link to the list of changes instead of the project page Message-ID: <045.2c5b48b8103b2ac67c2225388186bc8a@torproject.org> #18015: Update prompt should link to the list of changes instead of the project page -----------------------------+--------------------------- Reporter: lunar | Owner: tbb-team Type: enhancement | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Minor | Keywords: tbb-usability Actual Points: | Parent ID: Points: | Sponsor: -----------------------------+--------------------------- Clicking on the ?Details? link in Tor Bowser update prompt open a window with the project page. It would be more helpful to get a page where I can see what has been changed. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Thu Jan 7 14:14:12 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Thu, 07 Jan 2016 14:14:12 -0000 Subject: [tbb-bugs] #18015 [Tor Browser]: Update prompt should link to the list of changes instead of the project page In-Reply-To: <045.2c5b48b8103b2ac67c2225388186bc8a@torproject.org> References: <045.2c5b48b8103b2ac67c2225388186bc8a@torproject.org> Message-ID: <060.95af17c6454c641a10d46f0389235d65@torproject.org> #18015: Update prompt should link to the list of changes instead of the project page ---------------------------+-------------------------- Reporter: lunar | Owner: tbb-team Type: enhancement | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Minor | Resolution: Keywords: tbb-usability | Actual Points: Parent ID: | Points: Sponsor: | ---------------------------+-------------------------- Description changed by lunar: Old description: > Clicking on the ?Details? link in Tor Bowser update prompt open a window > with the project page. It would be more helpful to get a page where I can > see what has been changed. New description: Clicking on the ?Details? link in Tor Bowser update prompt open a window with the project page. It would be more helpful to get a page where I can see what has been changed. [[Image(prompt.png)]] -- -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Thu Jan 7 14:35:32 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Thu, 07 Jan 2016 14:35:32 -0000 Subject: [tbb-bugs] #18010 [Tor Browser]: Tor Browser 5.0.6 + WIN10 In-Reply-To: <047.d17c22a98e4416c59f147c7b8f610735@torproject.org> References: <047.d17c22a98e4416c59f147c7b8f610735@torproject.org> Message-ID: <062.a4928435444aa1ddd1d18c7c1a970a77@torproject.org> #18010: Tor Browser 5.0.6 + WIN10 ---------------------------+---------------------------- Reporter: Loc_dog | Owner: tbb-team Type: defect | Status: closed Priority: High | Milestone: Component: Tor Browser | Version: Severity: Major | Resolution: worksforme Keywords: tbb-usability | Actual Points: Parent ID: | Points: Sponsor: | ---------------------------+---------------------------- Comment (by cypherpunks): In case it will happen again, could be related to [https://www.reddit.com/r/Windows10/comments/3hen9c/keyboard_stops_working_but_still_works_in_chrome/ AV software] or [https://support.mozilla.org/en-US/questions/1077406 Security software update]. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Thu Jan 7 20:00:17 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Thu, 07 Jan 2016 20:00:17 -0000 Subject: [tbb-bugs] #8725 [Tor Browser]: resource:// URIs leak information In-Reply-To: <046.90a71378e1ba3b8b4dabb70bf7d17d5d@torproject.org> References: <046.90a71378e1ba3b8b4dabb70bf7d17d5d@torproject.org> Message-ID: <061.082cdadc8c788507d50fb95ac36dc49c@torproject.org> #8725: resource:// URIs leak information -------------------------------------------------+------------------------- Reporter: holizz | Owner: tbb- Type: defect | team Priority: High | Status: new Component: Tor Browser | Milestone: Severity: Normal | Version: Keywords: tbb-fingerprinting, tbb-rebase- | Resolution: regression, tbb-testcase, tbb-firefox-patch | Actual Points: Parent ID: | Points: Sponsor: | -------------------------------------------------+------------------------- Changes (by cypherpunks): * severity: => Normal Comment: [https://www.browserleaks.com/firefox This test] shows the bug still exists in current version of the TBB. If JS is enabled, the type of platform is leaked. Adversary can distinguish Windows and Linux users. Maybe canvas [https://www.browserleaks.com/canvas have the same problem] making unique fingerprint for everybody. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Thu Jan 7 20:02:04 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Thu, 07 Jan 2016 20:02:04 -0000 Subject: [tbb-bugs] #18017 [Tor Browser]: Switch to NSS 3.19.2.2 to mitigate SLOTH attack (CVE-2015-7575) Message-ID: <042.e6daa0acc71a6ff18e586ab584581b0b@torproject.org> #18017: Switch to NSS 3.19.2.2 to mitigate SLOTH attack (CVE-2015-7575) -------------------------+------------------------------------------------- Reporter: gk | Owner: tbb-team Type: task | Status: new Priority: Very | Milestone: High | Version: Component: Tor | Keywords: tbb-security, TorBrowserTeam201601, Browser | tbb-5.5 Severity: | Parent ID: Critical | Sponsor: Actual Points: | Points: | -------------------------+------------------------------------------------- Mozilla thinks backporting the fix for CVE-2015-7575 is not important enough and does not do it. I think giving our context we should do it, though. Let's try switching to NSS 3.19.2.2 in the next release (end of January). -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Thu Jan 7 20:07:28 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Thu, 07 Jan 2016 20:07:28 -0000 Subject: [tbb-bugs] #18015 [Tor Browser]: Update prompt should link to the list of changes instead of the project page In-Reply-To: <045.2c5b48b8103b2ac67c2225388186bc8a@torproject.org> References: <045.2c5b48b8103b2ac67c2225388186bc8a@torproject.org> Message-ID: <060.966438afdd06873d45219b2f515029a3@torproject.org> #18015: Update prompt should link to the list of changes instead of the project page ---------------------------+-------------------------- Reporter: lunar | Owner: tbb-team Type: enhancement | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Minor | Resolution: Keywords: tbb-usability | Actual Points: Parent ID: | Points: Sponsor: | ---------------------------+-------------------------- Changes (by gk): * cc: mcs, brade (added) -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 8 10:09:15 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 08 Jan 2016 10:09:15 -0000 Subject: [tbb-bugs] #16990 [Tor Browser]: Circuit visualizer stops working after some time In-Reply-To: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> References: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> Message-ID: <066.a5ba427c00d962da87ddb579fc0871d4@torproject.org> #16990: Circuit visualizer stops working after some time -------------------------------------------------+------------------------- Reporter: cypherpunks | Owner: tbb- Type: defect | team Priority: Medium | Status: Component: Tor Browser | needs_review Severity: Normal | Milestone: Keywords: tbb-torbutton tbb-circuit-display | Version: TorBrowserTeam201601R, tbb-5.5 | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Comment (by gk): ln5 mentions that just using "New Tor circuit for this Site" is working fine for him to reproduce the problem in the description. I wonder whether we overlooked something in our fix, hrm... -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 8 10:13:17 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 08 Jan 2016 10:13:17 -0000 Subject: [tbb-bugs] #18019 [Tor Browser]: Update on non-en-US alpha bundles results in empty dialog being shown Message-ID: <042.edf9b4d5e52e86a070dae2a255f9d4e1@torproject.org> #18019: Update on non-en-US alpha bundles results in empty dialog being shown -----------------------------+------------------------------------- Reporter: gk | Owner: tbb-team Type: defect | Status: new Priority: High | Milestone: Component: Tor Browser | Version: Severity: Major | Keywords: tbb-usablility, tbb-5.5 Actual Points: | Parent ID: Points: | Sponsor: -----------------------------+------------------------------------- If I update a germen 5.5a5 to 5.5a6 I am greeted with the attached image. There is even no button to cancel this dialog which is pretty confusing. Closing it, though, leads to the changelog being shown. I guess this dialog pops up in the first place because of the do-you-want- to-use-english-for-this-site-question which is supposed to be shown. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 8 11:54:28 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 08 Jan 2016 11:54:28 -0000 Subject: [tbb-bugs] #17989 [Tor Browser]: TorBrowser hangs when download of file is finished In-Reply-To: <051.b9277472f310334c9d026fd084e5e898@torproject.org> References: <051.b9277472f310334c9d026fd084e5e898@torproject.org> Message-ID: <066.fe669e4621deb6c0d6b8692f0fa33741@torproject.org> #17989: TorBrowser hangs when download of file is finished ----------------------------------+----------------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: needs_information Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: torbrowser, tbb-hang | Actual Points: Parent ID: | Points: Sponsor: | ----------------------------------+----------------------------------- Comment (by cypherpunks): >Have you checked to see if the "Open File" dialog is behind your browser window or offscreen? The dialog is OK. TBB hangs when a download finishes (its progress becomes 100%), not when it is started. And it hangs not every time a download finishes, but quite often. >More information needs. (OS, URLs, etc) Windows 8.1. It hangs randomly on any URL you try to download. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 8 11:57:23 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 08 Jan 2016 11:57:23 -0000 Subject: [tbb-bugs] #17898 [Tor Browser]: Firefox new Tracking Protection In-Reply-To: <051.60890efa353a0e8879a7f244e15e7460@torproject.org> References: <051.60890efa353a0e8879a7f244e15e7460@torproject.org> Message-ID: <066.c9ce310863cd000705c7fac60e20c543@torproject.org> #17898: Firefox new Tracking Protection -------------------------+-------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: ff45-esr | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by cypherpunks): These lists must be disabled, because they are fingerprintable. That's why we advice not to use adblockers. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 8 12:05:45 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 08 Jan 2016 12:05:45 -0000 Subject: [tbb-bugs] #18010 [Tor Browser]: Tor Browser 5.0.6 + WIN10 In-Reply-To: <047.d17c22a98e4416c59f147c7b8f610735@torproject.org> References: <047.d17c22a98e4416c59f147c7b8f610735@torproject.org> Message-ID: <062.01fd2e4395deb6e499294e9f30694281@torproject.org> #18010: Tor Browser 5.0.6 + WIN10 ---------------------------+---------------------------- Reporter: Loc_dog | Owner: tbb-team Type: defect | Status: closed Priority: High | Milestone: Component: Tor Browser | Version: Severity: Major | Resolution: worksforme Keywords: tbb-usability | Actual Points: Parent ID: | Points: Sponsor: | ---------------------------+---------------------------- Comment (by cypherpunks): I don't think Windows 10 is a good choice for activities requiring Tor because espionage is now the integral part of it. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 8 12:08:20 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 08 Jan 2016 12:08:20 -0000 Subject: [tbb-bugs] #8725 [Tor Browser]: resource:// URIs leak information In-Reply-To: <046.90a71378e1ba3b8b4dabb70bf7d17d5d@torproject.org> References: <046.90a71378e1ba3b8b4dabb70bf7d17d5d@torproject.org> Message-ID: <061.45dc9765e266d07cdbaba52051514285@torproject.org> #8725: resource:// URIs leak information -------------------------------------------------+------------------------- Reporter: holizz | Owner: tbb- Type: defect | team Priority: High | Status: new Component: Tor Browser | Milestone: Severity: Normal | Version: Keywords: tbb-fingerprinting, tbb-rebase- | Resolution: regression, tbb-testcase, tbb-firefox-patch | Actual Points: Parent ID: | Points: Sponsor: | -------------------------------------------------+------------------------- Comment (by cypherpunks): >Opened 3 years ago Why isn't it fixed yet? -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 8 12:12:58 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 08 Jan 2016 12:12:58 -0000 Subject: [tbb-bugs] #17904 [Tor Browser]: Use sufficient window dimensions in Privacy and Security Settings In-Reply-To: <051.f88da6edcf39556d844f44479192078d@torproject.org> References: <051.f88da6edcf39556d844f44479192078d@torproject.org> Message-ID: <066.1f81e84b21f377cde237603d737a0007@torproject.org> #17904: Use sufficient window dimensions in Privacy and Security Settings ---------------------------------+-------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: new Priority: Low | Milestone: Component: Tor Browser | Version: Severity: Minor | Resolution: Keywords: tbb-security-slider | Actual Points: Parent ID: | Points: Sponsor: | ---------------------------------+-------------------------- Comment (by cypherpunks): Why not to allow the user to scale the window as he wants but conserving aspect ratio and internally transform the values visible to webpage (a multiplication and a rounding) in the way it should be indistinguishable from unscaled window. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 8 12:20:54 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 08 Jan 2016 12:20:54 -0000 Subject: [tbb-bugs] #17898 [Tor Browser]: Firefox new Tracking Protection In-Reply-To: <051.60890efa353a0e8879a7f244e15e7460@torproject.org> References: <051.60890efa353a0e8879a7f244e15e7460@torproject.org> Message-ID: <066.2e65b8c53297e2d50a9f7a8493c7de8b@torproject.org> #17898: Firefox new Tracking Protection -------------------------+-------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: ff45-esr | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by cypherpunks): Replying to [comment:6 cypherpunks]: > These lists must be disabled, because they are fingerprintable. That's why we advice not to use adblockers. That's because not everyone uses adblockers. Protection lists are default in Firefox private browsing now. How much more/less fingerprintable will TBB users be with these lists off than on? -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 8 12:25:06 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 08 Jan 2016 12:25:06 -0000 Subject: [tbb-bugs] #8725 [Tor Browser]: resource:// URIs leak information In-Reply-To: <046.90a71378e1ba3b8b4dabb70bf7d17d5d@torproject.org> References: <046.90a71378e1ba3b8b4dabb70bf7d17d5d@torproject.org> Message-ID: <061.2336960d04f98ea1f0956e45a5eae199@torproject.org> #8725: resource:// URIs leak information -------------------------------------------------+------------------------- Reporter: holizz | Owner: tbb- Type: defect | team Priority: Very High | Status: new Component: Tor Browser | Milestone: Severity: Major | Version: Keywords: tbb-fingerprinting, tbb-rebase- | Resolution: regression, tbb-testcase, tbb-firefox-patch | Actual Points: Parent ID: | Points: Sponsor: | -------------------------------------------------+------------------------- Changes (by cypherpunks): * priority: High => Very High * severity: Normal => Major -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 8 13:06:52 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 08 Jan 2016 13:06:52 -0000 Subject: [tbb-bugs] #17895 [Tor Browser]: Tor Browser Bundle installer subject to DLL hijacking In-Reply-To: <047.e563a8d35d2a1ce60d8cab26793ecac3@torproject.org> References: <047.e563a8d35d2a1ce60d8cab26793ecac3@torproject.org> Message-ID: <062.5e4f20f8dece10281614b90339a29f60@torproject.org> #17895: Tor Browser Bundle installer subject to DLL hijacking -------------------------------------------------+------------------------- Reporter: ericlaw | Owner: tbb- Type: defect | team Priority: High | Status: new Component: Tor Browser | Milestone: Severity: Major | Version: Keywords: tbb-gitian, tbb-security, | Resolution: TorBrowserTeam201601, GeorgKoppen201601 | Actual Points: Parent ID: | Points: Sponsor: | -------------------------------------------------+------------------------- Comment (by cypherpunks): Need to update to 2.50 as that is the latest and also includes some minor fixes relating to this. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 8 14:59:40 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 08 Jan 2016 14:59:40 -0000 Subject: [tbb-bugs] #16747 [Tor Browser]: Tor-browser downloads favicon twice (and over different circuits) In-Reply-To: <051.9c42f0514996fd8cc9e3577b00ebb256@torproject.org> References: <051.9c42f0514996fd8cc9e3577b00ebb256@torproject.org> Message-ID: <066.b33ebfa2f0a083ae3c4a635edb005380@torproject.org> #16747: Tor-browser downloads favicon twice (and over different circuits) -----------------------------+----------------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: needs_information Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Major | Resolution: Keywords: tbb-linkability | Actual Points: Parent ID: | Points: Sponsor: | -----------------------------+----------------------------------- Comment (by cypherpunks): Replying to [comment:10 gk]: > Interesting. FWIW: I see favicon requests in the browser console. Still, looking at the log output visiting mozilla.org shows everything goes over the same circuit. What OS are you on? I'm on Win10 x64 and you can scratch my previous observations, I was testing a bunch of sites after flipping the aforementioned pref, obviously the requests on my site went away but mozilla.org didn't break because they don't reference a favicon, but because the secondary circuit must have timed out. > Yes, please. I assumed you were using Linux. If you extract the Tor Browser and change into the tor-browser_LOCALE directory, starting Tor Browser with `./start-tor-browser.desktop --log` should give you a `tor- browser.log` file in the same directory. If you set the Torbutton logging to level 3 as described you should see the circuit isolation at work. Can't get this to work on Windows. > > Btw: opening 'Page Info' triggers resource fetches via unrelated circuits, too. > Yeah, that's annoying and #15555 assuming you meant the view-source feature. No, I'm talking about Tools >> Page Info, or right-clicking in a page >> View Page Info, clicking the lock or globe in the URL-bar >> more information is another way to open this, don't even need to select the media tab there. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 8 16:26:05 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 08 Jan 2016 16:26:05 -0000 Subject: [tbb-bugs] #18015 [Tor Browser]: Update prompt should link to the list of changes instead of the project page In-Reply-To: <045.2c5b48b8103b2ac67c2225388186bc8a@torproject.org> References: <045.2c5b48b8103b2ac67c2225388186bc8a@torproject.org> Message-ID: <060.b5fd44697e9561c6ee1a06952f77bf6b@torproject.org> #18015: Update prompt should link to the list of changes instead of the project page ---------------------------+-------------------------- Reporter: lunar | Owner: tbb-team Type: enhancement | Status: closed Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Minor | Resolution: fixed Keywords: tbb-usability | Actual Points: Parent ID: | Points: Sponsor: | ---------------------------+-------------------------- Changes (by brade): * status: new => closed * resolution: => fixed Comment: Most people will have automatic updates set [1] so they will not see this prompt. The URL that the Details button points to is controlled by the torproject.org servers and our release process. In 5.0.*, the update response [2] sends people to a generic page: https://www.torproject.org/projects/torbrowser.html.en In 5.5* and going forward, the update response will point to the blog post, e.g.,: https://blog.torproject.org/blog/tor-browser-55a6-released I think this bug can be resolved as fixed (or as a duplicate of the bug where it was fixed, but I can't find that bug at the moment). [1] preferences: app.update.enabled=true, app.update.auto=true See also: https://wiki.mozilla.org/Software_Update:Checking_For_Updates [2] https://gitweb.torproject.org/builders/tor-browser- bundle.git/tree/tools/update-responses/config.yml -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 8 16:56:23 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 08 Jan 2016 16:56:23 -0000 Subject: [tbb-bugs] #18017 [Tor Browser]: Switch to NSS 3.19.2.2 to mitigate SLOTH attack (CVE-2015-7575) In-Reply-To: <042.e6daa0acc71a6ff18e586ab584581b0b@torproject.org> References: <042.e6daa0acc71a6ff18e586ab584581b0b@torproject.org> Message-ID: <057.6e44accd367d793fdbd81ff2b653e8c9@torproject.org> #18017: Switch to NSS 3.19.2.2 to mitigate SLOTH attack (CVE-2015-7575) -------------------------------------------------+------------------------- Reporter: gk | Owner: tbb- Type: task | team Priority: Very High | Status: new Component: Tor Browser | Milestone: Severity: Critical | Version: Keywords: tbb-security, TorBrowserTeam201601, | Resolution: tbb-5.5 | Actual Points: Parent ID: | Points: Sponsor: | -------------------------------------------------+------------------------- Changes (by mcs): * cc: mcs (added) -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 8 20:01:56 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 08 Jan 2016 20:01:56 -0000 Subject: [tbb-bugs] #18019 [Tor Browser]: Update on non-en-US alpha bundles results in empty dialog being shown In-Reply-To: <042.edf9b4d5e52e86a070dae2a255f9d4e1@torproject.org> References: <042.edf9b4d5e52e86a070dae2a255f9d4e1@torproject.org> Message-ID: <057.63ee35158a631efd3824c09acc9533f5@torproject.org> #18019: Update on non-en-US alpha bundles results in empty dialog being shown -------------------------------------+----------------------------------- Reporter: gk | Owner: tbb-team Type: defect | Status: needs_information Priority: High | Milestone: Component: Tor Browser | Version: Severity: Major | Resolution: Keywords: tbb-usablility, tbb-5.5 | Actual Points: Parent ID: | Points: Sponsor: | -------------------------------------+----------------------------------- Changes (by mcs): * status: new => needs_information Comment: I am able to reproduce this problem. You are correct -- it is the "Spoof English?" prompt. I am not sure why promptService.confirmEx() locks up the UI without allowing the prompt dialog to be rendered, but it does on Linux at least (not on Mac OS for what that is worth). Just before the code in torbutton_new_tab() that opens the prompt, there is a comment that reads: {{{ // XXX: This is possibly slightly the wrong place to do this check, // but we know the TabOpen effect is late enough to provide the popup // after firefox is visible, which makes it more clear whose popup this is. // // Ask the user if they want to make "English requests" if their default // language isn't English and the prompt hasn't been displayed before. }}} Can we move the code that displays the prompt somewhere else? Would it be acceptable to display the prompt the first time the browser is opened, even if the user never opens a new tab? Currently, users can browser without seeing the prompt as long as they do not open a new tab, which seems like a bad thing. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 8 21:23:48 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 08 Jan 2016 21:23:48 -0000 Subject: [tbb-bugs] #16990 [Tor Browser]: Circuit visualizer stops working after some time In-Reply-To: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> References: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> Message-ID: <066.efa1250cf62e854f5ecf4c19e93db68f@torproject.org> #16990: Circuit visualizer stops working after some time -------------------------------------------------+------------------------- Reporter: cypherpunks | Owner: tbb- Type: defect | team Priority: Medium | Status: Component: Tor Browser | needs_review Severity: Normal | Milestone: Keywords: tbb-torbutton tbb-circuit-display | Version: TorBrowserTeam201601R, tbb-5.5 | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Changes (by arthuredelstein): * cc: ln5 (added) Comment: Replying to [comment:17 gk]: > ln5 mentions that just using "New Tor Circuit for this Site" is working fine for him to reproduce the problem in the description. I wonder whether we overlooked something in our fix, hrm... I tried this several times but I couldn't reproduce it. ln5, what platform and TBB version are you using? Any other clues? -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Sat Jan 9 09:09:50 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Sat, 09 Jan 2016 09:09:50 -0000 Subject: [tbb-bugs] #16990 [Tor Browser]: Circuit visualizer stops working after some time In-Reply-To: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> References: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> Message-ID: <066.ea8666026bb75337bf24b7fc7d7c2c5b@torproject.org> #16990: Circuit visualizer stops working after some time -------------------------------------------------+------------------------- Reporter: cypherpunks | Owner: tbb- Type: defect | team Priority: Medium | Status: Component: Tor Browser | needs_review Severity: Normal | Milestone: Keywords: tbb-torbutton tbb-circuit-display | Version: TorBrowserTeam201601R, tbb-5.5 | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Comment (by cypherpunks): Replying to [comment:14 cypherpunks]: > Replying to [comment:11 gk]: > > [...] > > This is interesting, it is 100% reproducible for any site that serves Content-Type "multipart/x-mixed-replace", like bugzilla does for the "loading" animation. > > However, note that in this case the circuit display doesn't get screwed up for the whole browser, only for that single document on that tab. '''But I think what I observed in 5.0.6 was the same behavior described in the OP (though now I'm doubting).''' Unfortunately I wouldn't know how to reproduce that. Alright, no more doubts: Right now on 5.0.7 the circuit display is borked exactly like described in the OP: For all tabs, for any document, "New identity" doesn't help, neither does "New circuit for this site". So the same problem exists and the one related to "multipart/x-mixed- replace" discovered by gk is a different one. I will leave this browser like this in case you want me to try some live experiments. Note, though, that this is not a debug build nor anything like that. It's a normal 5.0.7 release version which (I think) has been auto-updated since 5.0.4 (or maybe even earlier). -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Sat Jan 9 10:05:31 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Sat, 09 Jan 2016 10:05:31 -0000 Subject: [tbb-bugs] #17917 [Tor Browser]: Changelog after update is empty if JS is disabled In-Reply-To: <042.708b744b13d5b24982ef59222fd7ad42@torproject.org> References: <042.708b744b13d5b24982ef59222fd7ad42@torproject.org> Message-ID: <057.54f7a11a1c3c84ad1bd631f0ccfbd6a2@torproject.org> #17917: Changelog after update is empty if JS is disabled -------------------------------------------+-------------------------- Reporter: gk | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-5.5, TorBrowserTeam201601 | Actual Points: Parent ID: | Points: Sponsor: | -------------------------------------------+-------------------------- Comment (by mikeperry): I again hit this on the 5.5a6 upgrade. Scripts were disabled because I was on high security level. Clicking NoScipt to allow all scripts caused the notes to load. Not sure if they would not have loaded anyway, or if clicking reload was all I needed, though. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Sun Jan 10 17:54:04 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Sun, 10 Jan 2016 17:54:04 -0000 Subject: [tbb-bugs] #18027 [Tor Browser]: Tor Browser canvas fingerprint pop should have "not ever" option Message-ID: <051.2b34b5a59854e311aff44b923a9eb636@torproject.org> #18027: Tor Browser canvas fingerprint pop should have "not ever" option -----------------------------+---------------------- Reporter: Aranjedeath | Owner: tbb-team Type: enhancement | Status: new Priority: Low | Milestone: Component: Tor Browser | Version: Severity: Normal | Keywords: Actual Points: | Parent ID: Points: | Sponsor: -----------------------------+---------------------- Hi. Currently, when accessing a site Tor Browser thinks is doing canvas fingerprinting, it pops up a little thing asking if you'd like to allow it: 1. not now (default) 2. never for this site 3. allow in the future This is excellent, and I'm super excited we're given such granular choices. I'd like an additional option, which is: 4. Block all canvas fingerprinting, on any site, ever. There exists no scenario where I wish to be fingerprinted through canvas feature usage. I've spoken to others who feel the same. It makes sense to me to place it either in the about:config or the security slider (perhaps enabled at any setting higher than "low"). -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Mon Jan 11 02:55:43 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Mon, 11 Jan 2016 02:55:43 -0000 Subject: [tbb-bugs] #18027 [Tor Browser]: Tor Browser canvas fingerprint pop should have "not ever" option In-Reply-To: <051.2b34b5a59854e311aff44b923a9eb636@torproject.org> References: <051.2b34b5a59854e311aff44b923a9eb636@torproject.org> Message-ID: <066.6c86f76ad42d270a58589d9785176b1e@torproject.org> #18027: Tor Browser canvas fingerprint pop should have "not ever" option -------------------------+-------------------------- Reporter: Aranjedeath | Owner: tbb-team Type: enhancement | Status: new Priority: Low | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by cypherpunks3): I can recall needing to enable the canvas stuff on two sites: twitter, to upload a userpic (it requires you to crop the image using a canvas-based image editing thing) and some meme generator (which apparently composits the text over images in-browser). With the current warning, though, I'm pretty sure the vast majority of tor browser users would just assume these sites are broken and have no idea that it has anything to do with that irritating box that always pops up. So +1 from this anon for a "nevar again" option (though it should still show the little easel icon in the url bar from which it can be allowed sometimes). -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Mon Jan 11 08:24:33 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Mon, 11 Jan 2016 08:24:33 -0000 Subject: [tbb-bugs] #18027 [Tor Browser]: Tor Browser canvas fingerprint pop should have "not ever" option In-Reply-To: <051.2b34b5a59854e311aff44b923a9eb636@torproject.org> References: <051.2b34b5a59854e311aff44b923a9eb636@torproject.org> Message-ID: <066.7dca0940a182404644f4c635dfa8b5b6@torproject.org> #18027: Tor Browser canvas fingerprint pop should have "not ever" option ---------------------------+-------------------------- Reporter: Aranjedeath | Owner: tbb-team Type: enhancement | Status: new Priority: Low | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-usability | Actual Points: Parent ID: | Points: Sponsor: | ---------------------------+-------------------------- Changes (by gk): * keywords: => tbb-usability -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Mon Jan 11 08:25:20 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Mon, 11 Jan 2016 08:25:20 -0000 Subject: [tbb-bugs] #17989 [Tor Browser]: TorBrowser hangs when download of file is finished In-Reply-To: <051.b9277472f310334c9d026fd084e5e898@torproject.org> References: <051.b9277472f310334c9d026fd084e5e898@torproject.org> Message-ID: <066.81792cfa2abc21d7688db8dd9b4f2ac0@torproject.org> #17989: TorBrowser hangs when download of file is finished ----------------------------------+-------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: assigned Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: torbrowser, tbb-hang | Actual Points: Parent ID: | Points: Sponsor: | ----------------------------------+-------------------------- Changes (by gk): * status: needs_information => assigned * cc: gk (added) -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Mon Jan 11 09:40:19 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Mon, 11 Jan 2016 09:40:19 -0000 Subject: [tbb-bugs] #17989 [Tor Browser]: TorBrowser hangs when download of file is finished In-Reply-To: <051.b9277472f310334c9d026fd084e5e898@torproject.org> References: <051.b9277472f310334c9d026fd084e5e898@torproject.org> Message-ID: <066.0b2be3bff1406e041620b281689b6cd2@torproject.org> #17989: TorBrowser hangs when download of file is finished ----------------------------------+-------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: assigned Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: torbrowser, tbb-hang | Actual Points: Parent ID: | Points: Sponsor: | ----------------------------------+-------------------------- Comment (by cypherpunks-duplicate): > Windows 8.1. It hangs randomly on any URL you try to download. AntiViruses, etc, [http://forums.sandboxie.com/phpBB3/viewtopic.php?f=11&t=21989 Sandboxie]? -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Mon Jan 11 12:25:15 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Mon, 11 Jan 2016 12:25:15 -0000 Subject: [tbb-bugs] #18030 [Tor Browser]: Favicons loaded via the Page Info dialog are not going over the same circuit as the URL bar domain Message-ID: <042.da46469295a491111340a5e8b8ca1dcf@torproject.org> #18030: Favicons loaded via the Page Info dialog are not going over the same circuit as the URL bar domain -----------------------------+----------------------------- Reporter: gk | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Keywords: tbb-linkability Actual Points: | Parent ID: Points: | Sponsor: -----------------------------+----------------------------- Loading https://trac.torproject.org and observe that the favicons are loaded over the circuit used for the all the other resources of trac.torproject.org. Now, open Page Info dialog and the favicon that gets loaded again goes over the catch-all circuit. I think the expected behavior is to let the request go over the circuit for the URL bar domain of the page in question as well. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Mon Jan 11 12:25:47 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Mon, 11 Jan 2016 12:25:47 -0000 Subject: [tbb-bugs] #16747 [Tor Browser]: Tor-browser downloads favicon twice (and over different circuits) In-Reply-To: <051.9c42f0514996fd8cc9e3577b00ebb256@torproject.org> References: <051.9c42f0514996fd8cc9e3577b00ebb256@torproject.org> Message-ID: <066.fa0adb4ac70a7efadced4e3bf5490bb4@torproject.org> #16747: Tor-browser downloads favicon twice (and over different circuits) -----------------------------+----------------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: needs_information Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Major | Resolution: Keywords: tbb-linkability | Actual Points: Parent ID: | Points: Sponsor: | -----------------------------+----------------------------------- Comment (by gk): Replying to [comment:11 cypherpunks]: > Replying to [comment:10 gk]: > > Yes, please. I assumed you were using Linux. If you extract the Tor Browser and change into the tor-browser_LOCALE directory, starting Tor Browser with `./start-tor-browser.desktop --log` should give you a `tor- browser.log` file in the same directory. If you set the Torbutton logging to level 3 as described you should see the circuit isolation at work. > > Can't get this to work on Windows. Ah, okay. After setting the log level to 3 you should be able to see the log in the browser console as well. If you need to increase the log lines available `devtools.hud.loglimit.console` is your friend. > > > Btw: opening 'Page Info' triggers resource fetches via unrelated circuits, too. > > Yeah, that's annoying and #15555 assuming you meant the view-source feature. > > No, I'm talking about Tools >> Page Info, or right-clicking in a page >> View Page Info, clicking the lock or globe in the URL-bar >> more information is another way to open this, don't even need to select the media tab there. Thanks, that is #18030. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Mon Jan 11 12:27:43 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Mon, 11 Jan 2016 12:27:43 -0000 Subject: [tbb-bugs] #18030 [Tor Browser]: Favicons loaded via the Page Info dialog are not going over the same circuit as the URL bar domain In-Reply-To: <042.da46469295a491111340a5e8b8ca1dcf@torproject.org> References: <042.da46469295a491111340a5e8b8ca1dcf@torproject.org> Message-ID: <057.ac12e93060418c4be6b315c934e5c87e@torproject.org> #18030: Favicons loaded via the Page Info dialog are not going over the same circuit as the URL bar domain -----------------------------+-------------------------- Reporter: gk | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-linkability | Actual Points: Parent ID: | Points: Sponsor: | -----------------------------+-------------------------- Description changed by gk: Old description: > Loading https://trac.torproject.org and observe that the favicons are > loaded over the circuit used for the all the other resources of > trac.torproject.org. Now, open Page Info dialog and the favicon that gets > loaded again goes over the catch-all circuit. I think the expected > behavior is to let the request go over the circuit for the URL bar domain > of the page in question as well. New description: Load https://trac.torproject.org and observe that the favicon is getting loaded over the circuit used for all the other resources of trac.torproject.org. Now, open the Page Info dialog and the favicon that gets loaded again goes over the catch-all circuit. I think the expected behavior is to let the request go over the circuit for the URL bar domain of the page in question as well. -- -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Mon Jan 11 13:43:44 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Mon, 11 Jan 2016 13:43:44 -0000 Subject: [tbb-bugs] #18004 [Tor Browser]: Remove donation banner from TBB about:tor page when campaign is finished In-Reply-To: <055.0ae7d60d484a10f00eacd6ebcc9facc0@torproject.org> References: <055.0ae7d60d484a10f00eacd6ebcc9facc0@torproject.org> Message-ID: <070.a4db4544e8bfd4832680a752aa3b1e4d@torproject.org> #18004: Remove donation banner from TBB about:tor page when campaign is finished --------------------------------------------+-------------------------- Reporter: arthuredelstein | Owner: tbb-team Type: defect | Status: closed Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: fixed Keywords: TorBrowserTeam201601R, tbb-5.5 | Actual Points: Parent ID: #17534 | Points: Sponsor: | --------------------------------------------+-------------------------- Changes (by gk): * status: needs_review => closed * resolution: => fixed Comment: Fixed with commit b079df979ff5d2f2e30324be927edadc3e41aa1f. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Mon Jan 11 19:51:18 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Mon, 11 Jan 2016 19:51:18 -0000 Subject: [tbb-bugs] #17989 [Tor Browser]: TorBrowser hangs when download of file is finished In-Reply-To: <051.b9277472f310334c9d026fd084e5e898@torproject.org> References: <051.b9277472f310334c9d026fd084e5e898@torproject.org> Message-ID: <066.4f29136231698264bdf9a9f3686c3316@torproject.org> #17989: TorBrowser hangs when download of file is finished ----------------------------------+-------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: assigned Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: torbrowser, tbb-hang | Actual Points: Parent ID: | Points: Sponsor: | ----------------------------------+-------------------------- Comment (by cypherpunks): >?Sandboxie? Sandboxie. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Mon Jan 11 19:57:04 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Mon, 11 Jan 2016 19:57:04 -0000 Subject: [tbb-bugs] #17967 [Tor Browser]: Tor searches GeoIP file in wrong location by default (at least in some cases) In-Reply-To: <045.6e6ee1c01d6e29d367c44743e300b1d4@torproject.org> References: <045.6e6ee1c01d6e29d367c44743e300b1d4@torproject.org> Message-ID: <060.04c3688525f27055e83f33c8b45f7383@torproject.org> #17967: Tor searches GeoIP file in wrong location by default (at least in some cases) ---------------------------+-------------------------- Reporter: germn | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: GeoIP, GeoIP6 | Actual Points: Parent ID: | Points: Sponsor: | ---------------------------+-------------------------- Comment (by mcs): Replying to [comment:1 germn]: > I just saw, that in "torrc" locations are correct: > ... Does this mean that the tor daemon is ignoring the GeoIPFile directive? That is surprising, but if tor is ignoring that config directive then this ticket should be switched to component=Tor instead of component=Tor Browser. If Tor Browser/Tor Launcher is specifying the wrong path for GeoIPFile then this ticket should stay as a Tor Browser one. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Mon Jan 11 19:59:57 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Mon, 11 Jan 2016 19:59:57 -0000 Subject: [tbb-bugs] #17955 [Tor Browser]: overlap french about:tor In-Reply-To: <045.1dac699d3304ad31a0da1e4fb6cc0b88@torproject.org> References: <045.1dac699d3304ad31a0da1e4fb6cc0b88@torproject.org> Message-ID: <060.a1228d5e864a59506a2ba92fcbd02bd4@torproject.org> #17955: overlap french about:tor ----------------------------+-------------------------- Reporter: tscpd | Owner: tbb-team Type: defect | Status: new Priority: Very Low | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: overlap french | Actual Points: Parent ID: | Points: Sponsor: | ----------------------------+-------------------------- Changes (by mcs): * cc: arthuredelstein (added) Comment: The next release of Tor Browser will not have the donation banner. Arthur, should we keep this ticket open or resolve it as 'wontfix'? -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Mon Jan 11 21:24:52 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Mon, 11 Jan 2016 21:24:52 -0000 Subject: [tbb-bugs] #18033 [Tor Browser]: Some TBB windows stay open after New identity Message-ID: <051.312db86248f958bcd86bdbdda217c5b7@torproject.org> #18033: Some TBB windows stay open after New identity -----------------------------+---------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Keywords: Actual Points: | Parent ID: Points: | Sponsor: -----------------------------+---------------------- Say you open some specific windows (e.g. view-source of a page, any extra installed addon page/window) once you click New Identity (or close TBB completely) these stay open with the TBB icon. Is it not safer to close these as well? -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 06:48:11 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 06:48:11 -0000 Subject: [tbb-bugs] #16926 [Tor Browser]: Multiple OS: Tor Browser leaks domains to system DNS management. In-Reply-To: <053.d86e01fce2839f7337ee608552e685df@torproject.org> References: <053.d86e01fce2839f7337ee608552e685df@torproject.org> Message-ID: <068.56b3323edafaa54da686af34411d5ba7@torproject.org> #16926: Multiple OS: Tor Browser leaks domains to system DNS management. ---------------------------+---------------------------------- Reporter: DrMikeTwiddle | Owner: tbb-team Type: defect | Status: new Priority: Very High | Milestone: Component: Tor Browser | Version: Tor: unspecified Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | ---------------------------+---------------------------------- Changes (by bugzilla): * severity: => Normal Comment: My HIPS detected that TBB is using RPC / DNS Client Service on Win (and similar caching facilities of other OSes) during initialization. It can be that FF fetchs something from DNS cache in early stages (hardcoded) or not. But TBB is definitely not required this common FF's RPC/other "channel" to system DNS services. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 07:15:00 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 07:15:00 -0000 Subject: [tbb-bugs] #8928 [Tor Browser]: Anonymity has been abruptly unmasked In-Reply-To: <046.72de865bd759102bbef18c19400d7337@torproject.org> References: <046.72de865bd759102bbef18c19400d7337@torproject.org> Message-ID: <061.caea9904048f6234083945cd5c53ec2e@torproject.org> #8928: Anonymity has been abruptly unmasked --------------------------+----------------------------------- Reporter: shogun | Owner: tbb-team Type: defect | Status: needs_information Priority: Very High | Milestone: Component: Tor Browser | Version: Tor: 0.2.3.25 Severity: Normal | Resolution: Keywords: needs-triage | Actual Points: Parent ID: | Points: Sponsor: | --------------------------+----------------------------------- Changes (by bugzilla): * severity: => Normal Comment: Needs information? OK. It seems to be that Tor "requires" FAQ for online security check services ;) , because: behaviour, desribed by the user, was seen on ip-check.info when it "detected" that user had 2 different IP addresses simultaneously: usually one "strange" and one from the same subnet as exitnode. Also there is another situation: service doesn't recognize IP as Tor exitnode and gives not optimal recommendations. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 07:21:58 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 07:21:58 -0000 Subject: [tbb-bugs] #8928 [Tor Browser]: Anonymity has been abruptly unmasked In-Reply-To: <046.72de865bd759102bbef18c19400d7337@torproject.org> References: <046.72de865bd759102bbef18c19400d7337@torproject.org> Message-ID: <061.cb82cb136706549f07a601a53bc566c4@torproject.org> #8928: Anonymity has been abruptly unmasked --------------------------+-------------------------- Reporter: shogun | Owner: tbb-team Type: defect | Status: new Priority: Very High | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: needs-triage | Actual Points: Parent ID: | Points: Sponsor: | --------------------------+-------------------------- Changes (by bugzilla): * status: needs_information => new * version: Tor: 0.2.3.25 => -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 07:37:17 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 07:37:17 -0000 Subject: [tbb-bugs] #16977 [Tor Browser]: Resizing Tor Browser window ruins default screen size, leaking it In-Reply-To: <051.a3194ac3fc9d38373dd319f9c30e7930@torproject.org> References: <051.a3194ac3fc9d38373dd319f9c30e7930@torproject.org> Message-ID: <066.e8b46e0f7121554df66b4068443c9462@torproject.org> #16977: Resizing Tor Browser window ruins default screen size, leaking it -------------------------+--------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: closed Priority: Very High | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: not a bug Keywords: screen size | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+--------------------------- Changes (by bugzilla): * status: new => closed * resolution: => not a bug * severity: => Normal Comment: Surely "automated resize" resizes window as any other resize! It is your responsibility. And TBB (5.0.7 for now) is always leaking its real resolution, not when changed. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 08:23:04 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 08:23:04 -0000 Subject: [tbb-bugs] #18033 [Tor Browser]: Some TBB windows stay open after New identity In-Reply-To: <051.312db86248f958bcd86bdbdda217c5b7@torproject.org> References: <051.312db86248f958bcd86bdbdda217c5b7@torproject.org> Message-ID: <066.434580455ae9689e9a802b3459be64b2@torproject.org> #18033: Some TBB windows stay open after New identity -------------------------+--------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: closed Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: duplicate Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+--------------------------- Changes (by gk): * status: new => closed * resolution: => duplicate Comment: Yes, I think so. We are tracking this in #10952. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 08:23:28 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 08:23:28 -0000 Subject: [tbb-bugs] #10952 [Tor Browser]: Tor Browser leaves developer windows open after New Identity In-Reply-To: <044.ca4f4edb6eac2a69861a2d4fe0ae9997@torproject.org> References: <044.ca4f4edb6eac2a69861a2d4fe0ae9997@torproject.org> Message-ID: <059.ff249e8fc894dec809c71a81b03c0d15@torproject.org> #10952: Tor Browser leaves developer windows open after New Identity ---------------------------------------+-------------------------- Reporter: anon | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-newnym, tbb-torbutton | Actual Points: Parent ID: | Points: Sponsor: | ---------------------------------------+-------------------------- Changes (by gk): * severity: => Normal Comment: #18033 is a duplicate, see #5309 as well. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 08:38:19 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 08:38:19 -0000 Subject: [tbb-bugs] #17955 [Tor Browser]: overlap french about:tor In-Reply-To: <045.1dac699d3304ad31a0da1e4fb6cc0b88@torproject.org> References: <045.1dac699d3304ad31a0da1e4fb6cc0b88@torproject.org> Message-ID: <060.36b31136fdcac81fe3de49cb8461acd0@torproject.org> #17955: overlap french about:tor ----------------------------+-------------------------- Reporter: tscpd | Owner: tbb-team Type: defect | Status: closed Priority: Very Low | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: wontfix Keywords: overlap french | Actual Points: Parent ID: | Points: Sponsor: | ----------------------------+-------------------------- Changes (by gk): * status: new => closed * resolution: => wontfix Comment: Replying to [comment:1 mcs]: > The next release of Tor Browser will not have the donation banner. > Arthur, should we keep this ticket open or resolve it as 'wontfix'? The latter I think as the patch for #18004 removes the language strings as well. The same goes for #17954. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 08:38:54 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 08:38:54 -0000 Subject: [tbb-bugs] #17954 [Tor Browser]: typo french about:tor In-Reply-To: <045.5934a8a8896112f4933a6762dcc49023@torproject.org> References: <045.5934a8a8896112f4933a6762dcc49023@torproject.org> Message-ID: <060.871546631f0cb69494bd47f8273df1d9@torproject.org> #17954: typo french about:tor -------------------------+-------------------------- Reporter: tscpd | Owner: tbb-team Type: defect | Status: closed Priority: Very Low | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: wontfix Keywords: typo french | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Changes (by gk): * status: new => closed * resolution: => wontfix Comment: #18004 makes this a WONTFIX. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 08:41:31 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 08:41:31 -0000 Subject: [tbb-bugs] #18027 [Tor Browser]: Tor Browser canvas fingerprint pop up should have "not ever" option and timeout (was: Tor Browser canvas fingerprint pop should have "not ever" option) In-Reply-To: <051.2b34b5a59854e311aff44b923a9eb636@torproject.org> References: <051.2b34b5a59854e311aff44b923a9eb636@torproject.org> Message-ID: <066.91e3b439563a80abe45d84a132ff18e9@torproject.org> #18027: Tor Browser canvas fingerprint pop up should have "not ever" option and timeout ---------------------------+-------------------------- Reporter: Aranjedeath | Owner: tbb-team Type: enhancement | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-usability | Actual Points: Parent ID: | Points: Sponsor: | ---------------------------+-------------------------- Changes (by bugzilla): * priority: Low => Medium Comment: Users definitely don't like pop ups! And most of them don't know what to do with this one. So it is better to set a several seconds timeout timer for this pop up to disappear. Pro users can always click it to pop up again. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 08:57:52 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 08:57:52 -0000 Subject: [tbb-bugs] #17933 [Tor Browser]: Recent Tor Browser isolates the pdf 'download' outcome from the current tab In-Reply-To: <044.6fe0c29e8864c3c8f02f2d7b05e07c31@torproject.org> References: <044.6fe0c29e8864c3c8f02f2d7b05e07c31@torproject.org> Message-ID: <059.148f8865a889fe8fd4f0699eda3a66e8@torproject.org> #17933: Recent Tor Browser isolates the pdf 'download' outcome from the current tab -------------------------+----------------------------------- Reporter: arma | Owner: tbb-team Type: defect | Status: needs_information Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+----------------------------------- Changes (by gk): * status: new => needs_information Comment: Interesting. Do you think you could make the log for this available after setting `extensions.torbutton.loglevel` to `3` and `extensions.torbutton.logmethod` to `0` and restarting tor-browser with the `--log` switch? There should be a tor-browser.log file available this way. I don't have a setup to reproduce that myself. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 08:58:08 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 08:58:08 -0000 Subject: [tbb-bugs] #17933 [Tor Browser]: Recent Tor Browser isolates the pdf 'download' outcome from the current tab In-Reply-To: <044.6fe0c29e8864c3c8f02f2d7b05e07c31@torproject.org> References: <044.6fe0c29e8864c3c8f02f2d7b05e07c31@torproject.org> Message-ID: <059.bdb9bbe813f92948448475ff20902b3a@torproject.org> #17933: Recent Tor Browser isolates the pdf 'download' outcome from the current tab -----------------------------+----------------------------------- Reporter: arma | Owner: tbb-team Type: defect | Status: needs_information Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-linkability | Actual Points: Parent ID: | Points: Sponsor: | -----------------------------+----------------------------------- Changes (by gk): * keywords: => tbb-linkability -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 09:00:26 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 09:00:26 -0000 Subject: [tbb-bugs] #17410 [Tor Browser]: Sometimes Tor Browser bypasses proxy In-Reply-To: <051.add77e69a331cc2ff77912a579b6f039@torproject.org> References: <051.add77e69a331cc2ff77912a579b6f039@torproject.org> Message-ID: <066.49bce4bbe95e2e9749eee2826f1fc2d4@torproject.org> #17410: Sometimes Tor Browser bypasses proxy -------------------------+--------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: closed Priority: Immediate | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: not a bug Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+--------------------------- Changes (by bugzilla): * status: needs_information => closed * resolution: => not a bug Comment: Definitely SPAM! Use default config and no other add-ons / plug-ings! Use security suites to detect and log such issues if any, and post them here. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 09:08:11 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 09:08:11 -0000 Subject: [tbb-bugs] #16926 [Tor Browser]: Multiple OS: Tor Browser leaks domains to system DNS management. In-Reply-To: <053.d86e01fce2839f7337ee608552e685df@torproject.org> References: <053.d86e01fce2839f7337ee608552e685df@torproject.org> Message-ID: <068.0302e0d10f59f544dcfc97f904cfcdd6@torproject.org> #16926: Multiple OS: Tor Browser leaks domains to system DNS management. -------------------------------------------------+------------------------- Reporter: DrMikeTwiddle | Owner: tbb- Type: defect | team Priority: Very High | Status: new Component: Tor Browser | Milestone: Severity: Major | Version: Keywords: tbb-security, TorBrowserTeam201601, | Resolution: tbb-5.5 | Actual Points: Parent ID: | Points: Sponsor: | -------------------------------------------------+------------------------- Changes (by bugzilla): * keywords: => tbb-security, TorBrowserTeam201601, tbb-5.5 * version: Tor: unspecified => * severity: Normal => Major -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 09:34:40 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 09:34:40 -0000 Subject: [tbb-bugs] #16926 [Tor Browser]: Multiple OS: Tor Browser leaks domains to system DNS management. In-Reply-To: <053.d86e01fce2839f7337ee608552e685df@torproject.org> References: <053.d86e01fce2839f7337ee608552e685df@torproject.org> Message-ID: <068.a62e0ea5b61140fbb1fc8df0db10ab25@torproject.org> #16926: Multiple OS: Tor Browser leaks domains to system DNS management. ---------------------------+-------------------------- Reporter: DrMikeTwiddle | Owner: tbb-team Type: defect | Status: new Priority: Very High | Milestone: Component: Tor Browser | Version: Severity: Major | Resolution: Keywords: tbb-security | Actual Points: Parent ID: | Points: Sponsor: | ---------------------------+-------------------------- Changes (by gk): * keywords: tbb-security, TorBrowserTeam201601, tbb-5.5 => tbb-security -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 11:10:54 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 11:10:54 -0000 Subject: [tbb-bugs] #17790 [Tor Browser]: unit tests for keyboard defenses In-Reply-To: <055.34194c4403832370a0d2756f67ba07c3@torproject.org> References: <055.34194c4403832370a0d2756f67ba07c3@torproject.org> Message-ID: <070.4cc388193a9a79909d6e15f6c54a324a@torproject.org> #17790: unit tests for keyboard defenses -----------------------------------+-------------------------------- Reporter: arthuredelstein | Owner: tbb-team Type: defect | Status: needs_revision Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: TorBrowserTeam201601R | Actual Points: Parent ID: | Points: Sponsor: | -----------------------------------+-------------------------------- Changes (by gk): * status: needs_review => needs_revision Comment: e58782ab2034cf30ea548b0f87de122ac4805118 {{{ + // We should only see the modifier key in content if suppression is + // active; otherwise we expect to see the "x" key instead. + let expectedContentKey = suppressModifiers ? "x" : modifierKey; }}} It seems the comment does not match the code? We get "x" if the modifiers are suppressed and the modifier key otherwise (which is intended). So, s/active/not active/ ? More importantly, the behavior of `privacy.suppressModifierKeyEvents` is dependent on the value for `privacy.resistFingerprinting` but the test does not take that into account. I think we should at least assume explicitly that the latter is `true`. It might be good, though, to test as well with the latter being `false` to make sure the code for #17009 is not kicking in even if `privacy.suppressModifierKeyEvents` is `true`. d5481537329a7a77ab597f40892c7df83d0ffcc2 {{{ + // Return a promise that resolves to the event when] }}} s/]// #15646 takes care of more things than `keyCode` and `shiftKey`, e.g: `code` and `loaction` as well and Alt-key handling. What is with those? -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 12:03:33 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 12:03:33 -0000 Subject: [tbb-bugs] #18040 [Tor Browser]: Tor shown as disabled randomly Message-ID: <051.fae8b976449115c60cc35eb210dc4957@torproject.org> #18040: Tor shown as disabled randomly -----------------------------+---------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Keywords: Actual Points: | Parent ID: Points: | Sponsor: -----------------------------+---------------------- I was browsing the bug tracker and suddenly my torbutton said Tor is disabled and torbutton had a big X. Using TBB on Unix 64 with all default settings + high security slider. Didn't investigate further as I closed TBB and didn't want to be deanonymized. After restart TBB is normal. This never happened before and I have no idea why it happened. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 12:14:49 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 12:14:49 -0000 Subject: [tbb-bugs] #18040 [Tor Browser]: Torbutton showed Tor as disabled randomly (was: Tor shown as disabled randomly) In-Reply-To: <051.fae8b976449115c60cc35eb210dc4957@torproject.org> References: <051.fae8b976449115c60cc35eb210dc4957@torproject.org> Message-ID: <066.1ebcbe42486645dc0a5b89d740e3db4a@torproject.org> #18040: Torbutton showed Tor as disabled randomly -------------------------+-------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: new Priority: High | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Changes (by cypherpunks): * priority: Medium => High Comment: Is it possible a malicious (exit) node caused this to happen or is this too much paranoia? -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 12:59:47 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 12:59:47 -0000 Subject: [tbb-bugs] #13952 [Tor Browser]: TOR browser reports wrong resolution In-Reply-To: <044.c52db0cb3aef934de58c3eae6b8bc345@torproject.org> References: <044.c52db0cb3aef934de58c3eae6b8bc345@torproject.org> Message-ID: <059.57c285a5f0bc84d9fe24a96ead61006a@torproject.org> #13952: TOR browser reports wrong resolution -------------------------+---------------------------------- Reporter: yids | Owner: tbb-team Type: defect | Status: closed Priority: Very High | Milestone: Component: Tor Browser | Version: Tor: unspecified Severity: Normal | Resolution: not a bug Keywords: resolution | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+---------------------------------- Changes (by bugzilla): * status: new => closed * resolution: => not a bug * severity: => Normal Comment: TS (yids) wondered why TBB reported resolution of window instead of desktop. Answer: TBB spoofs all resolution requests to reduce fingerprinting. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 13:27:30 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 13:27:30 -0000 Subject: [tbb-bugs] #12977 [Tor Browser]: Fix Firefox's Full Screen Permissions Prompt In-Reply-To: <049.030bf105f2a456619243c6de4b135386@torproject.org> References: <049.030bf105f2a456619243c6de4b135386@torproject.org> Message-ID: <064.3638cc0e6c7521118b56098ba6dcd56e@torproject.org> #12977: Fix Firefox's Full Screen Permissions Prompt -------------------------------------------+-------------------------- Reporter: mikeperry | Owner: tbb-team Type: defect | Status: new Priority: High | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-fingerprinting-resolution | Actual Points: Parent ID: | Points: Sponsor: | -------------------------------------------+-------------------------- Changes (by bugzilla): * severity: => Normal Comment: It is not needed to "fix the full screen permissions prompt", 'cause as you wrote "The full screen code lives in nsDocument::RequestFullScreen()" - is the code for request window only. Full screen should be disabled entirely (until resolution spoofing will be developed). Maybe Mozilla has a beta key in FF' config to do it, or we need to add an immediate return in code responsible for full screen switching. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 13:46:40 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 13:46:40 -0000 Subject: [tbb-bugs] #18042 [Tor Browser]: Make sure certificates signed with SHA-1 are not accepted anymore in ESR 45 Message-ID: <042.71160c40af2eac2e45f1c8587921c3e2@torproject.org> #18042: Make sure certificates signed with SHA-1 are not accepted anymore in ESR 45 -----------------------------+------------------------------------ Reporter: gk | Owner: tbb-team Type: task | Status: new Priority: High | Milestone: Component: Tor Browser | Version: Severity: Major | Keywords: tbb-security, ff45-esr Actual Points: | Parent ID: Points: | Sponsor: -----------------------------+------------------------------------ MOzilla released Firefox 43 which did not accept SHA-1 signed certificates anymore. However, this apparently broke some MITM boxes (https://blog.mozilla.org/security/2016/01/06/man-in-the-middle- interfering-with-increased-security/) and they released a point update reverting this change. We don't want to have this security feature reverted and should make sure our ESR 45 based code is rejecting SHA-1 signed certificates as expected. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 14:00:28 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 14:00:28 -0000 Subject: [tbb-bugs] #9189 [Tor Browser]: Tor Browser forgets zoom level In-Reply-To: <049.6c91ac7082d1a0a78ff9168d49b53160@torproject.org> References: <049.6c91ac7082d1a0a78ff9168d49b53160@torproject.org> Message-ID: <064.44a9061d3ae0c34ee54449cbdcc4568d@torproject.org> #9189: Tor Browser forgets zoom level -------------------------------------------------+------------------------- Reporter: moonchild | Owner: tbb- Type: defect | team Priority: Medium | Status: new Component: Tor Browser | Milestone: Severity: Normal | Version: Keywords: tbb-torbutton, tbb-fingerprinting- | Resolution: resolution, tbb-usability | Actual Points: Parent ID: | Points: Sponsor: | -------------------------------------------------+------------------------- Changes (by bugzilla): * keywords: tbb-torbutton => tbb-torbutton, tbb-fingerprinting-resolution, tbb-usability * severity: => Normal Comment: Confirmed. If to open link in a new tab, result will be the same. Current TBB changes reported desktop screen size when zooming, so never use zoom for now! (But how to do it on a high DPI LCD?!) TBB isn't usable without zoom on high DPI, but reports rare resolutions for fingerprinting with it. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 14:18:12 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 14:18:12 -0000 Subject: [tbb-bugs] #10952 [Tor Browser]: Tor Browser leaves developer windows open after New Identity In-Reply-To: <044.ca4f4edb6eac2a69861a2d4fe0ae9997@torproject.org> References: <044.ca4f4edb6eac2a69861a2d4fe0ae9997@torproject.org> Message-ID: <059.e78b4a6f06c034ef5fcd803d41a4e62c@torproject.org> #10952: Tor Browser leaves developer windows open after New Identity ---------------------------------------+-------------------------- Reporter: anon | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-newnym, tbb-torbutton | Actual Points: Parent ID: | Points: Sponsor: | ---------------------------------------+-------------------------- Changes (by mcs): * cc: brade, mcs (added) -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 14:28:08 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 14:28:08 -0000 Subject: [tbb-bugs] #18043 [Tor Browser]: explain rationale of start-tor-browser.desktop using --deteach Message-ID: <049.84eca829e351d036dabdfab5465e84ff@torproject.org> #18043: explain rationale of start-tor-browser.desktop using --deteach -----------------------------+---------------------- Reporter: adrelanos | Owner: tbb-team Type: task | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Keywords: Actual Points: | Parent ID: Points: | Sponsor: -----------------------------+---------------------- Could you explain please the rationale of using {{{--deteach}}}? (Which was decided in #15741.) ----- (I could not reply in #15741. [{{{Warning: The ticket field 'parent' is invalid: The parent ticket (#15747) is not an active ticket (status: closed).}}}] And I thought removing or reopening the parent would not be appreciated.) -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 14:57:35 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 14:57:35 -0000 Subject: [tbb-bugs] #18044 [Tor Browser]: Prompt if Tor Browser is zoomed Message-ID: <048.af33b1db498ab2c7eedb6387b416a7c9@torproject.org> #18044: Prompt if Tor Browser is zoomed -------------------------+------------------------------------------------- Reporter: | Owner: tbb-team bugzilla | Status: new Type: defect | Milestone: Priority: High | Version: Component: Tor | Keywords: tbb-fingerprinting-resolution, tbb- Browser | usability, tbb-bounty, tbb-torbutton Severity: Normal | Parent ID: Actual Points: | Sponsor: Points: | -------------------------+------------------------------------------------- Don't we need to display some kind of toolbar message or otherwise warn the user against zooming their Tor Browser window like in #7255? Because zooming changes resolution to very rare values. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 15:27:20 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 15:27:20 -0000 Subject: [tbb-bugs] #18017 [Tor Browser]: Switch to NSS 3.19.2.2 to mitigate SLOTH attack (CVE-2015-7575) In-Reply-To: <042.e6daa0acc71a6ff18e586ab584581b0b@torproject.org> References: <042.e6daa0acc71a6ff18e586ab584581b0b@torproject.org> Message-ID: <057.eb52c72f8abd8d45260497b54ce810a9@torproject.org> #18017: Switch to NSS 3.19.2.2 to mitigate SLOTH attack (CVE-2015-7575) -------------------------------------------------+------------------------- Reporter: gk | Owner: tbb- Type: task | team Priority: Very High | Status: Component: Tor Browser | needs_review Severity: Critical | Milestone: Keywords: tbb-security, | Version: TorBrowserTeam201601R, tbb-5.5 | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Changes (by gk): * keywords: tbb-security, TorBrowserTeam201601, tbb-5.5 => tbb-security, TorBrowserTeam201601R, tbb-5.5 * status: new => needs_review Comment: bug_18017 in my public tor-browser repo (https://gitweb.torproject.org/user/gk/tor- browser.git/commit/?h=bug_18017) has switch to NSS 3.19.2.2 up for review. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 16:36:17 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 16:36:17 -0000 Subject: [tbb-bugs] #18042 [Tor Browser]: Make sure certificates signed with SHA-1 are not accepted anymore in ESR 45 In-Reply-To: <042.71160c40af2eac2e45f1c8587921c3e2@torproject.org> References: <042.71160c40af2eac2e45f1c8587921c3e2@torproject.org> Message-ID: <057.bab5f3ee2e1c8780f798afdec9ec8d23@torproject.org> #18042: Make sure certificates signed with SHA-1 are not accepted anymore in ESR 45 ------------------------------------+-------------------------- Reporter: gk | Owner: tbb-team Type: task | Status: new Priority: High | Milestone: Component: Tor Browser | Version: Severity: Major | Resolution: Keywords: tbb-security, ff45-esr | Actual Points: Parent ID: | Points: Sponsor: | ------------------------------------+-------------------------- Comment (by bugzilla): The situation is much more complicated (even Mozilla released several out of schedule patches :) It started from M$: they decided to deprecate SHA-1 for CAs from 2016. So Mozilla had to update their distributives. But XP SP2, Vista (SP?), 7 are incompatible with their solution, so they decided to split their development process into two trees: for newer and for older systems (no future updates on main branch since FF 43.0.1). Thinking that deprecation will improve security, Mozilla decided to suppress SHA-1 in certificates (which is not requred by M$). But a lot of software is using it that leads to incompatibility, so another hotfix (43.0.4) was fired. Summary: SHA-1 officially reported as weak but secured. CAs continue to issue SHA-1 certs, but must use SHA-2 certs for themselves. ESR behaviour is still not developed by Mozilla. Reject SHA-1 certs not optionally is definitely wrong solution. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 18:51:49 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 18:51:49 -0000 Subject: [tbb-bugs] #18017 [Tor Browser]: Switch to NSS 3.19.2.2 to mitigate SLOTH attack (CVE-2015-7575) In-Reply-To: <042.e6daa0acc71a6ff18e586ab584581b0b@torproject.org> References: <042.e6daa0acc71a6ff18e586ab584581b0b@torproject.org> Message-ID: <057.0157b54a27f581c6e88bd62ef3255d8e@torproject.org> #18017: Switch to NSS 3.19.2.2 to mitigate SLOTH attack (CVE-2015-7575) -------------------------------------------------+------------------------- Reporter: gk | Owner: tbb- Type: task | team Priority: Very High | Status: Component: Tor Browser | needs_review Severity: Critical | Milestone: Keywords: tbb-security, | Version: TorBrowserTeam201601R, tbb-5.5 | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Comment (by mcs): r=mcs, r=brade The patch looks OK (it matches the one Mozilla applied to Firefox 43.0.x). This security advisory claims this was Firefox in the ESR 38.5.2 release but looking at the Mozilla code, I do not think it was: https://www.mozilla.org/en-US/security/advisories/mfsa2015-150/ -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 19:22:01 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 19:22:01 -0000 Subject: [tbb-bugs] #18047 [Tor Browser]: Performance: Memory leaking in Tor Browser Message-ID: <048.813041c772ce140a646f63cb327f7611@torproject.org> #18047: Performance: Memory leaking in Tor Browser -----------------------------+------------------------------------- Reporter: bugzilla | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Keywords: tbb-performance-leaking Actual Points: | Parent ID: Points: | Sponsor: -----------------------------+------------------------------------- Didn't find any tracking ticket for memory leaks in Tor Browser. So created one. Maybe better rename into Performance like #6548... Report: TBB 5.0.7 (defaults) doesn't free memory. All tabs closed after use, but Commit is 300+ MB. Some unusual things in about:memory : 49.61 MB (33.01%) -- image(chrome://browser/skin/menuPanel.png) 50 MB in memory picture? 16.99 MB ?? gfx-surface-win32 Bugzilla users wrote that it is too much and is pointing to leakage. ?????368.91 MB (18.01%) -- commit ? ???248.55 MB (12.14%) -- private ? ? ???246.86 MB (12.05%) ?? readwrite [979] Unknown object was duplicated 979 times! Some info from https://bugzilla.mozilla.org/show_bug.cgi?id=858615 P.S. sorry for cc: nickm, added to receive your reply. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Tue Jan 12 23:16:08 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Tue, 12 Jan 2016 23:16:08 -0000 Subject: [tbb-bugs] #18017 [Tor Browser]: Switch to NSS 3.19.2.2 to mitigate SLOTH attack (CVE-2015-7575) In-Reply-To: <042.e6daa0acc71a6ff18e586ab584581b0b@torproject.org> References: <042.e6daa0acc71a6ff18e586ab584581b0b@torproject.org> Message-ID: <057.65990aa74295837068879f7f7b42cb57@torproject.org> #18017: Switch to NSS 3.19.2.2 to mitigate SLOTH attack (CVE-2015-7575) -------------------------------------------------+------------------------- Reporter: gk | Owner: tbb- Type: task | team Priority: Very High | Status: Component: Tor Browser | needs_review Severity: Critical | Milestone: Keywords: tbb-security, | Version: TorBrowserTeam201601R, tbb-5.5 | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Comment (by cypherpunks): NSS 3.21 is the latest stable with security fixes, should be updated to that instead. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 13 01:07:04 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 13 Jan 2016 01:07:04 -0000 Subject: [tbb-bugs] #17597 [Tor Browser]: XMLHttpRequest::open throws an exception In-Reply-To: <051.dec2ff561237b7059bbd7821248c7b5c@torproject.org> References: <051.dec2ff561237b7059bbd7821248c7b5c@torproject.org> Message-ID: <066.112713cc8d10cb950a1905fb1415298f@torproject.org> #17597: XMLHttpRequest::open throws an exception ---------------------------------------------+----------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: Priority: Low | needs_information Component: Tor Browser | Milestone: Severity: Normal | Version: Keywords: XMLHttpRequest, JavaScript, API | Resolution: Parent ID: | Actual Points: Sponsor: | Points: ---------------------------------------------+----------------------------- Changes (by cypherpunks): * priority: Medium => Low * severity: Major => Normal Comment: That's the sort of message NoScript produces when it blocks XHR based on its policy (whitelist and/or forbidXHR). This is very likely not a bug. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 13 01:10:06 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 13 Jan 2016 01:10:06 -0000 Subject: [tbb-bugs] #18046 [Tor Browser]: how to protect anonymity of users using menu / bookmarks bars? In-Reply-To: <058.9ceeb26e4c1dbcbf41f399667fde60b8@torproject.org> References: <058.9ceeb26e4c1dbcbf41f399667fde60b8@torproject.org> Message-ID: <073.b8a473e713b7444ccfbafcb65518fe87@torproject.org> #18046: how to protect anonymity of users using menu / bookmarks bars? --------------------------------+-------------------------- Reporter: zorlaguzellikolmaz | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | --------------------------------+-------------------------- Changes (by teor): * owner: => tbb-team * component: - Select a component => Tor Browser -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 13 01:30:19 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 13 Jan 2016 01:30:19 -0000 Subject: [tbb-bugs] #17594 [Tor Browser]: Please reopen existing tabs and windows after upgrade In-Reply-To: <045.eb0ff164c1b95adc77769b9ed9e79ddd@torproject.org> References: <045.eb0ff164c1b95adc77769b9ed9e79ddd@torproject.org> Message-ID: <060.13da9168e6f9ba2377405dbc26f20c76@torproject.org> #17594: Please reopen existing tabs and windows after upgrade ----------------------------------------+-------------------------- Reporter: lunar | Owner: tbb-team Type: enhancement | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-updaters tbb-usability | Actual Points: Parent ID: | Points: Sponsor: | ----------------------------------------+-------------------------- Comment (by cypherpunks): This depends on the user's privacy preferences. "Remember history" is "never" by default (as it should). If you let the browser remember some history, you can then set "Preferences->General->When Tor Browser starts" to "Show windows and tabs from last time". A hack that doesn't require remembering history is temporarily abusing the "home page" preference: before restarting set the home page to all current tabs (it will record them as "url1|url2|..."); then once restarted, load your home page(s) (this will load all the URLs in different tabs); finally, reset the home page preference. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 13 01:59:49 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 13 Jan 2016 01:59:49 -0000 Subject: [tbb-bugs] #17244 [Tor Browser]: Low entropy PRNG usage in Tor Browser? In-Reply-To: <055.0d92fd55ade63805589b50cd65810a2c@torproject.org> References: <055.0d92fd55ade63805589b50cd65810a2c@torproject.org> Message-ID: <070.1cefbfec8349482dfdc874faf562b654@torproject.org> #17244: Low entropy PRNG usage in Tor Browser? -----------------------------+----------------------------------- Reporter: arthuredelstein | Owner: tbb-team Type: defect | Status: needs_information Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-linkability | Actual Points: Parent ID: | Points: Sponsor: | -----------------------------+----------------------------------- Comment (by cypherpunks): Very related: https://lwn.net/Articles/666407/ -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 13 02:26:07 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 13 Jan 2016 02:26:07 -0000 Subject: [tbb-bugs] #17167 [Tor Browser]: Make sure the tracking protection feature is disabled in Tor Browser based on ESR 45 In-Reply-To: <047.c9e1493d22c6b9b4ce4c2a31f200c6d7@torproject.org> References: <047.c9e1493d22c6b9b4ce4c2a31f200c6d7@torproject.org> Message-ID: <062.f525bbf5ed04ceed8ffbe31c0dc8b880@torproject.org> #17167: Make sure the tracking protection feature is disabled in Tor Browser based on ESR 45 -------------------------+-------------------------- Reporter: elypter | Owner: tbb-team Type: task | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: ff45-esr | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Changes (by cypherpunks): * severity: => Normal Comment: Replying to [ticket:17167 elypter]: > don't forget to delete or disable firefoxs new [https://support.mozilla.org/en-US/kb/tracking-protection-firefox tracking protection] I very much disagree. If anything I would vote for ad and tracker blocking by default. > it's breaking sites, I use Firefox's tracking protection and haven't seen any site breakage. > bloats firefox, This is a very weak argument. Firefox is already huge (HUGE). I very much doubt the code for this feature is significant in comparison. Where are your numbers? > cannot be trusted What's the threat here? Can you expand? > and violates tors [https://www.torproject.org/projects/torbrowser/design/#philosophy design philosophy #5] This document (in particular the topic of filtering) is to be revised, possibly amended. See "Add uBlock Origin to the Tor Browser": #17569 Also, remember that this sort of filtering has also performance and bandwidth consumption benefits. See: https://lwn.net/Articles/646339/ -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 13 02:38:12 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 13 Jan 2016 02:38:12 -0000 Subject: [tbb-bugs] #17569 [Tor Browser]: Add UBlock Origin to the Tor Browser In-Reply-To: <050.9cdd409227997267900edab4e71cfe08@torproject.org> References: <050.9cdd409227997267900edab4e71cfe08@torproject.org> Message-ID: <065.1d2c828574e81af813b79134a4b76bff@torproject.org> #17569: Add UBlock Origin to the Tor Browser -------------------------+-------------------------- Reporter: kernelcorn | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by cypherpunks): Related links: - xttp://ieee- security.org/TC/SPW2015/W2SP/papers/W2SP_2015_submission_32.pdf (scheme changed to xttp because trac thinks http is spam) - https://lwn.net/Articles/646339/ -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 13 07:03:42 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 13 Jan 2016 07:03:42 -0000 Subject: [tbb-bugs] #17594 [Tor Browser]: Please reopen existing tabs and windows after upgrade In-Reply-To: <045.eb0ff164c1b95adc77769b9ed9e79ddd@torproject.org> References: <045.eb0ff164c1b95adc77769b9ed9e79ddd@torproject.org> Message-ID: <060.ed728b0a9c7d3d3befc445e65c4c30fb@torproject.org> #17594: Please reopen existing tabs and windows after upgrade ----------------------------------------+-------------------------- Reporter: lunar | Owner: tbb-team Type: enhancement | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-updaters tbb-usability | Actual Points: Parent ID: | Points: Sponsor: | ----------------------------------------+-------------------------- Comment (by teor): I can imagine a few ways this could go wrong - what if the browser crashes during update and leaves disk traces? -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 13 08:30:40 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 13 Jan 2016 08:30:40 -0000 Subject: [tbb-bugs] #18017 [Tor Browser]: Switch to NSS 3.19.2.2 to mitigate SLOTH attack (CVE-2015-7575) In-Reply-To: <042.e6daa0acc71a6ff18e586ab584581b0b@torproject.org> References: <042.e6daa0acc71a6ff18e586ab584581b0b@torproject.org> Message-ID: <057.00c70db567fd34fda10c1dca4a4286f6@torproject.org> #18017: Switch to NSS 3.19.2.2 to mitigate SLOTH attack (CVE-2015-7575) -------------------------------------------------+------------------------- Reporter: gk | Owner: tbb- Type: task | team Priority: Very High | Status: closed Component: Tor Browser | Milestone: Severity: Critical | Version: Keywords: tbb-security, | Resolution: fixed TorBrowserTeam201601R, tbb-5.5 | Actual Points: Parent ID: | Points: Sponsor: | -------------------------------------------------+------------------------- Changes (by gk): * status: needs_review => closed * resolution: => fixed Comment: Replying to [comment:3 mcs]: > r=mcs, r=brade > The patch looks OK (it matches the one Mozilla applied to Firefox 43.0.x). > > This security advisory claims this was Firefox in the ESR 38.5.2 release but looking at the Mozilla code, I do not think it was: > https://www.mozilla.org/en-US/security/advisories/mfsa2015-150/ It was not. The issue just got a sec-moderate which precluded it from getting applied to the ESR series. But somehow there was a communication problem which resulted in the advisory as it is. commit 3cd72f27da803a61e29cdb8db98bb545ef77c1af on tor- browser-38.5.0esr-5.5-2 has the fix. Replying to [comment:4 cypherpunks]: > NSS 3.21 is the latest stable with security fixes, should be updated to that instead. I think it should not. Mozilla engineers said for the ESR 38 3.19.2.2 should be used and this makes sense. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 13 09:08:37 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 13 Jan 2016 09:08:37 -0000 Subject: [tbb-bugs] #17569 [Tor Browser]: Add UBlock Origin to the Tor Browser In-Reply-To: <050.9cdd409227997267900edab4e71cfe08@torproject.org> References: <050.9cdd409227997267900edab4e71cfe08@torproject.org> Message-ID: <065.91baa366eca6ea15eec679ff344ae415@torproject.org> #17569: Add UBlock Origin to the Tor Browser -------------------------+-------------------------- Reporter: kernelcorn | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by gk): Replying to [comment:1 cypherpunks]: > Related links: > > - xttp://ieee- security.org/TC/SPW2015/W2SP/papers/W2SP_2015_submission_32.pdf (scheme changed to xttp because trac thinks http is spam) > - https://lwn.net/Articles/646339/ Your forgot to link to the other W2SP one: https://ieee- security.org/TC/SPW2015/W2SP/papers/W2SP_2015_submission_24.pdf. Its introduction is actually quite interesting, especially the demo aiming to defeat blacklist-based tracking. Yes, we plan to update the No Filters section in our design document pointing to it. See: comment:3:ticket:15988. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 13 09:21:12 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 13 Jan 2016 09:21:12 -0000 Subject: [tbb-bugs] #17898 [Tor Browser]: Disable Firefox' new Tracking Protection in ESR 45 (was: Firefox new Tracking Protection) In-Reply-To: <051.60890efa353a0e8879a7f244e15e7460@torproject.org> References: <051.60890efa353a0e8879a7f244e15e7460@torproject.org> Message-ID: <066.a345690a47acb7b7678b9fac1b6652c3@torproject.org> #17898: Disable Firefox' new Tracking Protection in ESR 45 -------------------------+-------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: ff45-esr | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Changes (by gk): * cc: elypter (added) Comment: See: https://ieee- security.org/TC/SPW2015/W2SP/papers/W2SP_2015_submission_24.pdf and there the introduction (especially the demo) for (additional) arguments against the blacklisting approach. Oh, and you probably know that Mozilla is exempting trackers because those are so important that they can't allow them to be broken (which they would if they just took Disconnect.me's blocklist): https://github.com/mozilla-services/shavar-list-exceptions. See: https://bugzilla.mozilla.org/show_bug.cgi?id=1101005 for all the breakage due to the tracking protection feature. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 13 09:21:39 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 13 Jan 2016 09:21:39 -0000 Subject: [tbb-bugs] #17898 [Tor Browser]: Disable Firefox' new Tracking Protection in ESR 45 In-Reply-To: <051.60890efa353a0e8879a7f244e15e7460@torproject.org> References: <051.60890efa353a0e8879a7f244e15e7460@torproject.org> Message-ID: <066.0e1ceb99fec6b1d2f6c08dafa4453f30@torproject.org> #17898: Disable Firefox' new Tracking Protection in ESR 45 -------------------------+-------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: ff45-esr | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by gk): Resolving #17167 as a duplicate of this one. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 13 09:22:37 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 13 Jan 2016 09:22:37 -0000 Subject: [tbb-bugs] #17167 [Tor Browser]: Make sure the tracking protection feature is disabled in Tor Browser based on ESR 45 In-Reply-To: <047.c9e1493d22c6b9b4ce4c2a31f200c6d7@torproject.org> References: <047.c9e1493d22c6b9b4ce4c2a31f200c6d7@torproject.org> Message-ID: <062.8bbdf28477180b7dc2b47453b05be73a@torproject.org> #17167: Make sure the tracking protection feature is disabled in Tor Browser based on ESR 45 -------------------------+--------------------------- Reporter: elypter | Owner: tbb-team Type: task | Status: closed Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: duplicate Keywords: ff45-esr | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+--------------------------- Changes (by gk): * status: new => closed * resolution: => duplicate Comment: Resolving this one as a duplicate in favor of #17898. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 13 09:43:26 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 13 Jan 2016 09:43:26 -0000 Subject: [tbb-bugs] #11884 [Tor Browser]: Tor Browser: add DuckDuckGo hidden service into default search engines list In-Reply-To: <045.22834c3436ac6179f0fbf51bd391ab69@torproject.org> References: <045.22834c3436ac6179f0fbf51bd391ab69@torproject.org> Message-ID: <060.ec6f077da7e58b4b395ccdb9364be494@torproject.org> #11884: Tor Browser: add DuckDuckGo hidden service into default search engines list -------------------------+--------------------------- Reporter: biosh | Owner: tbb-team Type: enhancement | Status: closed Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: duplicate Keywords: easy | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+--------------------------- Changes (by gk): * keywords: needs-triage easy => easy * status: new => closed * resolution: => duplicate * severity: => Normal Comment: Duplicate of #16322 which has a patch. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 13 09:45:17 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 13 Jan 2016 09:45:17 -0000 Subject: [tbb-bugs] #16322 [Tor Browser]: Use duckduckgo hidden service instead of clearnet one In-Reply-To: <051.5810ff9538412abf72de785e36c71990@torproject.org> References: <051.5810ff9538412abf72de785e36c71990@torproject.org> Message-ID: <066.bf17f63483f01b335a3319f41a06c361@torproject.org> #16322: Use duckduckgo hidden service instead of clearnet one -------------------------------------------------+------------------------- Reporter: cypherpunks | Owner: tbb- Type: enhancement | team Priority: Medium | Status: Component: Tor Browser | needs_review Severity: Normal | Milestone: Keywords: tbb-usability, | Version: TorBrowserTeam201601R | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Changes (by gk): * keywords: duckduckgo, hidden service, clearnet => tbb-usability, TorBrowserTeam201601R * priority: Very High => Medium * status: new => needs_review * cc: biosh (added) Comment: Marked #11884 as a duplicate. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 13 10:00:02 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 13 Jan 2016 10:00:02 -0000 Subject: [tbb-bugs] #18045 [Tor Browser]: Default bowser window is unusably small on Hi-DPI screens In-Reply-To: <058.2e259c9b41264ac2199a8400590726cd@torproject.org> References: <058.2e259c9b41264ac2199a8400590726cd@torproject.org> Message-ID: <073.1808b2a8b45e5f83f02841468c96e69f@torproject.org> #18045: Default bowser window is unusably small on Hi-DPI screens -----------------------------------------------+-------------------------- Reporter: zorlaguzellikolmaz | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Major | Resolution: Keywords: tbb-fingerprinting, tbb-usability | Actual Points: Parent ID: | Points: Sponsor: | -----------------------------------------------+-------------------------- Changes (by gk): * keywords: Hi-DPI, screen, resolution, browser window => tbb- fingerprinting, tbb-usability * owner: => tbb-team * component: - Select a component => Tor Browser * cc: arthuredelstein (added) Comment: Sounds like something that #14229 could fix. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 13 10:34:14 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 13 Jan 2016 10:34:14 -0000 Subject: [tbb-bugs] #16990 [Tor Browser]: Circuit visualizer stops working after some time In-Reply-To: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> References: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> Message-ID: <066.76e7f46a0750b7a6ed9a55ce50ae59ac@torproject.org> #16990: Circuit visualizer stops working after some time -------------------------------------------------+------------------------- Reporter: cypherpunks | Owner: tbb- Type: defect | team Priority: Medium | Status: Component: Tor Browser | needs_review Severity: Normal | Milestone: Keywords: tbb-torbutton tbb-circuit-display | Version: TorBrowserTeam201601R, tbb-5.5 | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Comment (by gk): Replying to [comment:19 cypherpunks]: > I will leave this browser like this in case you want me to try some live experiments. Note, though, that this is not a debug build nor anything like that. It's a normal 5.0.7 release version which (I think) has been auto-updated since 5.0.4 (or maybe even earlier). Could you set `extensions.torbutton.loglevel` to `3` and open a simple site like https://people.torproject.org/~gk/ and send me the output of the browser console (Ctrl + Shift + J)? My mail address is gk [at] torproject.org. I fear, though, that we need much more detailed debug logs in Torbutton. Btw. what is the Torbutton version you have in this 5.0.7 instance (about:addons should show it). -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 13 14:51:30 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 13 Jan 2016 14:51:30 -0000 Subject: [tbb-bugs] #16747 [Tor Browser]: Tor-browser downloads favicon twice (and over different circuits) In-Reply-To: <051.9c42f0514996fd8cc9e3577b00ebb256@torproject.org> References: <051.9c42f0514996fd8cc9e3577b00ebb256@torproject.org> Message-ID: <066.43cfb967cd3534a9e34e550c8cdb7ab4@torproject.org> #16747: Tor-browser downloads favicon twice (and over different circuits) -----------------------------+----------------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: needs_information Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Major | Resolution: Keywords: tbb-linkability | Actual Points: Parent ID: | Points: Sponsor: | -----------------------------+----------------------------------- Comment (by cypherpunks): Replying to [comment:12 gk]: > Ah, okay. After setting the log level to 3 you should be able to see the log in the browser console as well. If you need to increase the log lines available `devtools.hud.loglimit.console` is your friend. Great, I was looking at the Web Console and Network Tools, which show nothing. Here's my log for the first request of the session to check.torproject.org, tor-on.png is used as favicon, not sure if anything but the stuff around the two GETs near the end is relevant: {{{ [01-13 14:32:02] Torbutton INFO: tor SOCKS: https://check.torproject.org/?lang=en_US via torproject.org:0 GET https://check.torproject.org/ [HTTP/1.1 200 OK 9469ms] getFirstPartyURI failed for chrome://browser/content/browser.xul: 0x80070057 [01-13 14:32:02] Torbutton INFO: controlPort >> 650 STREAM 25 NEW 0 check.torproject.org:443 SOURCE_ADDR=127.0.0.1:49929 PURPOSE=USER [01-13 14:32:02] Torbutton INFO: controlPort >> 650 STREAM 25 SENTCONNECT 9 check.torproject.org:443 [01-13 14:32:02] Torbutton INFO: streamEvent.CircuitID: 9 [01-13 14:32:02] Torbutton INFO: controlPort << getinfo circuit-status [01-13 14:32:02] Torbutton INFO: controlPort >> 250+circuit-status= 8 BUILT $18CD08992B2E3EF52C0968E91AA7BDF9D7F9B91E~cocoadrome,$F530691F6850CAFFFCCF247B579FA214CA815105~ThemWaffles,$B486925DC901969CCE2B371E93740CF98C30539D~AS250 BUILD_FLAGS=NEED_CAPACITY PURPOSE=GENERAL TIME_CREATED=2016-01-13T14:24:01.742280 2 BUILT $18CD08992B2E3EF52C0968E91AA7BDF9D7F9B91E~cocoadrome BUILD_FLAGS=ONEHOP_TUNNEL,IS_INTERNAL,NEED_CAPACITY PURPOSE=GENERAL TIME_CREATED=2016-01-13T14:23:01.756129 7 BUILT $18CD08992B2E3EF52C0968E91AA7BDF9D7F9B91E~cocoadrome,$DB19E709C9EDB903F75F2E6CA95C84D637B62A02~wikimediaeqiad1,$278E2E0EE678D3DC807612503CA9FCA78F40B06C~aTomicExitDE2a BUILD_FLAGS=NEED_CAPACITY PURPOSE=GENERAL TIME_CREATED=2016-01-13T14:23:04.365583 SOCKS_USERNAME="--unknown--" SOCKS_PASSWORD="0" 6 BUILT $18CD08992B2E3EF52C0968E91AA7BDF9D7F9B91E~cocoadrome,$951BDBA042A69FE8577129EA301B027A879B985B~SGGSUK7,$231C2B9C8C31C295C472D031E06964834B745996~torpidsDEdomainf BUILD_FLAGS=IS_INTERNAL,NEED_CAPACITY,NEED_UPTIME PURPOSE=GENERAL TIME_CREATED=2016-01-13T14:23:03.740564 5 BUILT $18CD08992B2E3EF52C0968E91AA7BDF9D7F9B91E~cocoadrome,$28DD2A2049E0AE7AB53D6FA38FDB9EAD35BE1FE7~unixio,$E0EB93F8F73F9B3794CCAE08DB1DCFD283F00277~nullstreet BUILD_FLAGS=IS_INTERNAL,NEED_CAPACITY,NEED_UPTIME PURPOSE=GENERAL TIME_CREATED=2016-01-13T14:23:02.740534 9 BUILT $18CD08992B2E3EF52C0968E91AA7BDF9D7F9B91E~cocoadrome,$0744F2AE098BAD9F1A0FEF109C01E621FB6A4600~xkeyscore,$0111BA9B604669E636FFD5B503F382A4B7AD6E80~DigiGesTor1e1 BUILD_FLAGS=NEED_CAPACITY PURPOSE=GENERAL TIME_CREATED=2016-01-13T14:32:02.303309 SOCKS_USERNAME="torproject.org" SOCKS_PASSWORD="0" . 250 OK [01-13 14:32:02] Torbutton INFO: controlPort << getconf bridge [01-13 14:32:02] Torbutton INFO: controlPort >> 250 Bridge [01-13 14:32:02] Torbutton INFO: controlPort << getinfo ns/id/18CD08992B2E3EF52C0968E91AA7BDF9D7F9B91E [01-13 14:32:02] Torbutton INFO: controlPort >> 250+ns/id/18CD08992B2E3EF52C0968E91AA7BDF9D7F9B91E= r cocoadrome GM0ImSsuPvUsCWjpGqe9+df5uR4 bfj6NsawDrOJOEGTpOq+OXdV3jw 2016-01-13 01:45:06 46.101.241.28 9001 9030 s Fast Guard HSDir Running Stable V2Dir Valid w Bandwidth=26100 . 250 OK [01-13 14:32:02] Torbutton INFO: controlPort << getinfo ip-to- country/46.101.241.28 [01-13 14:32:02] Torbutton INFO: controlPort >> 250-ip-to- country/46.101.241.28=de 250 OK [01-13 14:32:02] Torbutton INFO: controlPort << getconf bridge [01-13 14:32:02] Torbutton INFO: controlPort >> 250 Bridge [01-13 14:32:02] Torbutton INFO: controlPort << getinfo ns/id/0744F2AE098BAD9F1A0FEF109C01E621FB6A4600 [01-13 14:32:02] Torbutton INFO: controlPort >> 250+ns/id/0744F2AE098BAD9F1A0FEF109C01E621FB6A4600= r xkeyscore B0TyrgmLrZ8aD+8QnAHmIftqRgA f2lFigU6nLfEFZs8jnAIiyylgYw 2016-01-13 12:45:51 195.154.110.121 443 0 s Fast Running Stable Valid w Bandwidth=4320 . 250 OK [01-13 14:32:02] Torbutton INFO: controlPort << getinfo ip-to- country/195.154.110.121 [01-13 14:32:02] Torbutton INFO: controlPort >> 250-ip-to- country/195.154.110.121=fr 250 OK [01-13 14:32:02] Torbutton INFO: controlPort << getconf bridge [01-13 14:32:02] Torbutton INFO: controlPort >> 250 Bridge [01-13 14:32:02] Torbutton INFO: controlPort << getinfo ns/id/0111BA9B604669E636FFD5B503F382A4B7AD6E80 [01-13 14:32:02] Torbutton INFO: controlPort >> 250+ns/id/0111BA9B604669E636FFD5B503F382A4B7AD6E80= r DigiGesTor1e1 ARG6m2BGaeY2/9W1A/OCpLetboA Ia8AF21GtWWADpmb9sVNMa6cD9g 2016-01-13 07:44:52 176.10.104.240 443 80 s Exit Fast Guard HSDir Running Stable V2Dir Valid w Bandwidth=35900 . 250 OK [01-13 14:32:02] Torbutton INFO: controlPort << getinfo ip-to- country/176.10.104.240 [01-13 14:32:02] Torbutton INFO: controlPort >> 250-ip-to- country/176.10.104.240=ch 250 OK [01-13 14:32:10] Torbutton INFO: controlPort >> 650 STREAM 25 REMAP 9 38.229.72.22:443 SOURCE=EXIT [01-13 14:32:10] Torbutton INFO: controlPort >> 650 STREAM 25 SUCCEEDED 9 38.229.72.22:443 [01-13 14:32:10] Torbutton INFO: tor SOCKS: http://ocsp.digicert.com/ via torproject.org:0 POST http://ocsp.digicert.com/ [HTTP/1.1 200 OK 359ms] [01-13 14:32:10] Torbutton INFO: controlPort >> 650 STREAM 26 NEW 0 ocsp.digicert.com:80 SOURCE_ADDR=127.0.0.1:49930 PURPOSE=USER [01-13 14:32:10] Torbutton INFO: controlPort >> 650 STREAM 26 SENTCONNECT 9 ocsp.digicert.com:80 [01-13 14:32:11] Torbutton INFO: controlPort >> 650 STREAM 26 REMAP 9 72.21.91.29:80 SOURCE=EXIT [01-13 14:32:11] Torbutton INFO: controlPort >> 650 STREAM 26 SUCCEEDED 9 72.21.91.29:80 getFirstPartyURI failed for chrome://browser/content/browser.xul: 0x80070057 [01-13 14:32:11] Torbutton INFO: tor SOCKS: https://check.torproject.org/torcheck/img/tor-on.png via torproject.org:0 GET https://check.torproject.org/torcheck/img/tor-on.png [HTTP/1.1 200 OK 266ms] getFirstPartyURI failed for chrome://browser/content/browser.xul: 0x80070057 getFirstPartyURI failed for https://check.torproject.org/torcheck/img/tor- on.png: 0x80070057 [01-13 14:32:11] Torbutton INFO: Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [mozIThirdPartyUtil.getFirstPartyURIFromChannel] [01-13 14:32:11] Torbutton INFO: tor SOCKS isolation catchall: https://check.torproject.org/torcheck/img/tor-on.png via --unknown--:0 getFirstPartyURI failed for https://check.torproject.org/torcheck/img/tor- on.png: 0x80070057 GET https://check.torproject.org/torcheck/img/tor-on.png [HTTP/1.1 200 OK 1858ms] [01-13 14:32:11] Torbutton INFO: tor SOCKS: https://check.torproject.org/torcheck/img/tor-on.png via torproject.org:0 [01-13 14:32:11] Torbutton INFO: controlPort >> 650 STREAM 27 NEW 0 check.torproject.org:443 SOURCE_ADDR=127.0.0.1:49931 PURPOSE=USER [01-13 14:32:11] Torbutton INFO: controlPort >> 650 STREAM 27 SENTCONNECT 7 check.torproject.org:443 getFirstPartyURI failed for chrome://browser/content/browser.xul: 0x80070057 [01-13 14:32:11] Torbutton INFO: controlPort >> 650 STREAM 27 REMAP 7 38.229.72.22:443 SOURCE=EXIT [01-13 14:32:11] Torbutton INFO: controlPort >> 650 STREAM 27 SUCCEEDED 7 38.229.72.22:443 }}} -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 13 22:07:10 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 13 Jan 2016 22:07:10 -0000 Subject: [tbb-bugs] #18058 [Tor Browser]: Branding: Firefox logo shows up on url bar Message-ID: <045.18dc88dbcd75b759b0acc3928167649e@torproject.org> #18058: Branding: Firefox logo shows up on url bar -----------------------------+------------------------------- Reporter: mrphs | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Keywords: tbb-usability, UX Actual Points: | Parent ID: Points: | Sponsor: -----------------------------+------------------------------- Tor Browser version: 5.5a6 I just noticed the Firefox logo appears on about:tor page. If you look at the attached screenshot, you'd notice the firefox logo on the left side of the URL bar. And while it says Tor Browser in front of it, it clearly has the Firefox identity design. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 13 22:15:25 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 13 Jan 2016 22:15:25 -0000 Subject: [tbb-bugs] #18059 [Tor Browser]: changelog doesn't appear upon update Message-ID: <045.d5cd1923c2057444bef55e712baff665@torproject.org> #18059: changelog doesn't appear upon update -----------------------------+------------------------------- Reporter: mrphs | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Keywords: tbb-usability, UX Actual Points: | Parent ID: Points: | Sponsor: -----------------------------+------------------------------- Tor Browser: 5.5a6 After automatic update, the new page pops up but doesn't show the change log. Please see the attached screen shot. Also where it says "For the most up-to-date information about this release, visit our website." It's not linked to anything. Maybe it should be replaced with "For the most up-to-date information about this release, please visit [https://blog.torproject.org official Tor blog]." -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Wed Jan 13 22:21:55 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Wed, 13 Jan 2016 22:21:55 -0000 Subject: [tbb-bugs] #18059 [Tor Browser]: changelog doesn't appear upon update In-Reply-To: <045.d5cd1923c2057444bef55e712baff665@torproject.org> References: <045.d5cd1923c2057444bef55e712baff665@torproject.org> Message-ID: <060.c2f394ccec64d065dfc8c52b0773b075@torproject.org> #18059: changelog doesn't appear upon update -------------------------------+----------------------------------- Reporter: mrphs | Owner: tbb-team Type: defect | Status: needs_information Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-usability, UX | Actual Points: Parent ID: | Points: Sponsor: | -------------------------------+----------------------------------- Changes (by mcs): * status: new => needs_information Comment: Do you have JaveScript disabled? Probably this is a duplicate of #17917. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Thu Jan 14 02:57:48 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Thu, 14 Jan 2016 02:57:48 -0000 Subject: [tbb-bugs] #16990 [Tor Browser]: Circuit visualizer stops working after some time In-Reply-To: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> References: <051.320ae591bb0d81ba7574f3a39b184c18@torproject.org> Message-ID: <066.81ed1032460c546180937bcc2f8f20df@torproject.org> #16990: Circuit visualizer stops working after some time -------------------------------------------------+------------------------- Reporter: cypherpunks | Owner: tbb- Type: defect | team Priority: Medium | Status: Component: Tor Browser | needs_review Severity: Normal | Milestone: Keywords: tbb-torbutton tbb-circuit-display | Version: TorBrowserTeam201601R, tbb-5.5 | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Comment (by cypherpunks): Too late! I had to reboot the machine. But I'll remember to grab the log next time it happens. TorButton version is 1.9.3.7. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Thu Jan 14 12:25:27 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Thu, 14 Jan 2016 12:25:27 -0000 Subject: [tbb-bugs] #17594 [Tor Browser]: Please reopen existing tabs and windows after upgrade In-Reply-To: <045.eb0ff164c1b95adc77769b9ed9e79ddd@torproject.org> References: <045.eb0ff164c1b95adc77769b9ed9e79ddd@torproject.org> Message-ID: <060.ecafedc9905cfb1133766c1c177ae10d@torproject.org> #17594: Please reopen existing tabs and windows after upgrade ----------------------------------------+-------------------------- Reporter: lunar | Owner: tbb-team Type: enhancement | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-updaters tbb-usability | Actual Points: Parent ID: | Points: Sponsor: | ----------------------------------------+-------------------------- Comment (by lunar): I had more in mind something like using an environment variable or passing data from one process to the next through a dedicated socket, so that nothing gets written on disk. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Thu Jan 14 12:30:12 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Thu, 14 Jan 2016 12:30:12 -0000 Subject: [tbb-bugs] #16747 [Tor Browser]: Tor-browser downloads favicon twice (and over different circuits) In-Reply-To: <051.9c42f0514996fd8cc9e3577b00ebb256@torproject.org> References: <051.9c42f0514996fd8cc9e3577b00ebb256@torproject.org> Message-ID: <066.350f7371e78b2e4565d1c736cec6e759@torproject.org> #16747: Tor-browser downloads favicon twice (and over different circuits) -------------------------------------------------+------------------------- Reporter: cypherpunks | Owner: tbb- Type: defect | team Priority: Medium | Status: Component: Tor Browser | assigned Severity: Major | Milestone: Keywords: tbb-linkability, | Version: TorBrowserTeam201601 | Resolution: Parent ID: | Actual Points: Sponsor: | Points: -------------------------------------------------+------------------------- Changes (by gk): * keywords: tbb-linkability => tbb-linkability, TorBrowserTeam201601 * status: needs_information => assigned * cc: arthuredelstein (added) Comment: Okay, this seems to be a Windows-only issue. Fun. I can see the same behavior on a Windows 8 box but neither on OS X nor Linux. At least we can debug and fix it now, thanks cypherpunk. Oh, and FWIW you might want to consider to change your guard node (e.g. by using a fresh Tor Browser and re-customizing that one, or getting rid of your state file) as you exposed it in your log in comment:13 in case you did not do that already. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Thu Jan 14 20:16:21 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Thu, 14 Jan 2016 20:16:21 -0000 Subject: [tbb-bugs] #17958 [Tor Browser]: can't log into this trac over Tor -- recaptcha hell In-Reply-To: <046.cf1ac31654ad60dd05395545968dfd25@torproject.org> References: <046.cf1ac31654ad60dd05395545968dfd25@torproject.org> Message-ID: <061.2c95c0d308e39a15d0b802078995b628@torproject.org> #17958: can't log into this trac over Tor -- recaptcha hell -------------------------+-------------------------- Reporter: zooko2 | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by zooko3): Hi this is zooko2, but I apparently lost the password for "zooko2", so now I've created zooko3. Thanks for following-up on my bug report! Anyway, first of all I confirmed that I have the same "rerererecaptcha problem". How do I check the current security level? I just explored the UI a bit, and I didn't see a way to view or change the security level to see if it is still "Low". -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Thu Jan 14 21:31:24 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Thu, 14 Jan 2016 21:31:24 -0000 Subject: [tbb-bugs] #18058 [Tor Browser]: Branding: Firefox logo shows up on url bar In-Reply-To: <045.18dc88dbcd75b759b0acc3928167649e@torproject.org> References: <045.18dc88dbcd75b759b0acc3928167649e@torproject.org> Message-ID: <060.ec60f2894cd2fa714ed56430b9d9ae0f@torproject.org> #18058: Branding: Firefox logo shows up on url bar ---------------------------------------------+-------------------------- Reporter: mrphs | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-usability, UX, tbb-branding | Actual Points: Parent ID: | Points: Sponsor: | ---------------------------------------------+-------------------------- Changes (by mcs): * cc: brade, mcs (added) * keywords: tbb-usability, UX => tbb-usability, UX, tbb-branding Comment: This problem also occurs with about:tbupdate, about:addons, about:preferences, and other built-in pages. Our rebranding of Firefox is incomplete and there may be a more general ticket already open for these kind of issues but I could not find it. This particular icon comes from the following two files within our tor- browser repo: `browser/branding/official/content/identity-icons-brand.png` `browser/branding/official/content/identity-icons-brand at 2x.png` -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Thu Jan 14 22:32:26 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Thu, 14 Jan 2016 22:32:26 -0000 Subject: [tbb-bugs] #17958 [Tor Browser]: can't log into this trac over Tor -- recaptcha hell In-Reply-To: <046.cf1ac31654ad60dd05395545968dfd25@torproject.org> References: <046.cf1ac31654ad60dd05395545968dfd25@torproject.org> Message-ID: <061.68f582a0e295656fec7d890597d7c9a3@torproject.org> #17958: can't log into this trac over Tor -- recaptcha hell -------------------------+-------------------------- Reporter: zooko2 | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by cypherpunks): Replying to [comment:4 zooko3]: > How do I check the current security level? I just explored the UI a bit, and I didn't see a way to view or change the security level to see if it is still "Low". TorButton > Privacy and security settings... -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 15 11:22:56 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 15 Jan 2016 11:22:56 -0000 Subject: [tbb-bugs] #18063 [Tor Browser]: how do I run separate profiles? In-Reply-To: <046.01bc4042206463e46e479ab24b861c59@torproject.org> References: <046.01bc4042206463e46e479ab24b861c59@torproject.org> Message-ID: <061.064b6902cc8c438bc503eee0e01a8637@torproject.org> #18063: how do I run separate profiles? -------------------------+-------------------------- Reporter: zooko3 | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Changes (by gk): * owner: => tbb-team * component: - Select a component => Tor Browser -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 15 14:31:06 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 15 Jan 2016 14:31:06 -0000 Subject: [tbb-bugs] #18059 [Tor Browser]: changelog doesn't appear upon update In-Reply-To: <045.d5cd1923c2057444bef55e712baff665@torproject.org> References: <045.d5cd1923c2057444bef55e712baff665@torproject.org> Message-ID: <060.ee0d9709a8b49d4fe4e0d049eacab975@torproject.org> #18059: changelog doesn't appear upon update -------------------------------+--------------------------- Reporter: mrphs | Owner: tbb-team Type: defect | Status: closed Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: duplicate Keywords: tbb-usability, UX | Actual Points: Parent ID: | Points: Sponsor: | -------------------------------+--------------------------- Changes (by mcs): * status: needs_information => closed * resolution: => duplicate Comment: I am taking a chance and closing as a duplicate of #17917. You can confirm by typing about:tbupdate in the URL bar with and without JS enabled (e.g., adjust your security slider). -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 15 15:45:12 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 15 Jan 2016 15:45:12 -0000 Subject: [tbb-bugs] #18063 [Tor Browser]: how do I run separate profiles? In-Reply-To: <046.01bc4042206463e46e479ab24b861c59@torproject.org> References: <046.01bc4042206463e46e479ab24b861c59@torproject.org> Message-ID: <061.49abeaad7aeea40bfa56a90519998d87@torproject.org> #18063: how do I run separate profiles? -------------------------+-------------------------- Reporter: zooko3 | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by brade): Does it help if you edit start-tor-browser (or make a copy) and remove the "-profile TorBrowser/Data/Browser/profile.default" arguments from the 5 places near the end of the file? Note: this may be related (dependent?) on #14981. Tor Browser will not correctly setup a new profile; you will need to copy extensions and configuration manually. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 15 15:46:11 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 15 Jan 2016 15:46:11 -0000 Subject: [tbb-bugs] #14981 [Tor Browser]: Support multiple profiles with a profile template In-Reply-To: <048.5c1b19a52a9b73873860a3014f20a127@torproject.org> References: <048.5c1b19a52a9b73873860a3014f20a127@torproject.org> Message-ID: <063.f6935d57c432ebfa2d68f392c2edd0d3@torproject.org> #14981: Support multiple profiles with a profile template -------------------------+-------------------------- Reporter: krichter | Owner: brade Type: enhancement | Status: assigned Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Changes (by brade): * status: new => assigned * cc: tbb-team, mcs (added) * severity: => Normal * owner: tbb-team => brade -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 15 16:31:09 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 15 Jan 2016 16:31:09 -0000 Subject: [tbb-bugs] #3544 [Tor Browser]: Add to menu option for TBB In-Reply-To: <046.e4646797409e8c56ece176e2284aca0b@torproject.org> References: <046.e4646797409e8c56ece176e2284aca0b@torproject.org> Message-ID: <061.c3db2506340d464cdb36a5f2bebcaa32@torproject.org> #3544: Add to menu option for TBB ---------------------------+-------------------------- Reporter: phobos | Owner: tbb-team Type: enhancement | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-usability | Actual Points: Parent ID: | Points: Sponsor: | ---------------------------+-------------------------- Changes (by lunar): * keywords: needs-triage => tbb-usability * severity: => Normal * milestone: TorBrowserBundle 2.3.x-stable => Comment: There is now a `.desktop` file that works nicely, and even a `--register` command line script that can copy the `.desktop` file in the right location. What is missing is something like a question on the first run where users could opt-in to get the icon added to the menu without having to drop to the command line. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 15 21:17:47 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 15 Jan 2016 21:17:47 -0000 Subject: [tbb-bugs] #9145 [Tor Browser]: Tor Browser for windows is borked because mingw, gcc, and Win32 ABI In-Reply-To: <047.93d46bb1ce41d8ba0af917eae65f985c@torproject.org> References: <047.93d46bb1ce41d8ba0af917eae65f985c@torproject.org> Message-ID: <062.0028cbe7c635576bb60ed8a07111c95f@torproject.org> #9145: Tor Browser for windows is borked because mingw, gcc, and Win32 ABI -------------------------+-------------------------- Reporter: dope457 | Owner: tbb-team Type: defect | Status: assigned Priority: High | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-crash | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Changes (by mcs): * cc: mcs (added) * owner: erinn => tbb-team * status: needs_information => assigned -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 15 21:17:55 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 15 Jan 2016 21:17:55 -0000 Subject: [tbb-bugs] #9145 [Tor Browser]: Tor Browser for windows is borked because mingw, gcc, and Win32 ABI In-Reply-To: <047.93d46bb1ce41d8ba0af917eae65f985c@torproject.org> References: <047.93d46bb1ce41d8ba0af917eae65f985c@torproject.org> Message-ID: <062.25892b1beb5c2dbb62e157d829ec762e@torproject.org> #9145: Tor Browser for windows is borked because mingw, gcc, and Win32 ABI -------------------------+----------------------------------- Reporter: dope457 | Owner: tbb-team Type: defect | Status: needs_information Priority: High | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-crash | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+----------------------------------- Changes (by mcs): * status: assigned => needs_information -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Fri Jan 15 21:23:34 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Fri, 15 Jan 2016 21:23:34 -0000 Subject: [tbb-bugs] #17558 [Tor Browser]: Copying to clipboard is dangerous In-Reply-To: <051.657f1eef2999c622d066e4bb78047b95@torproject.org> References: <051.657f1eef2999c622d066e4bb78047b95@torproject.org> Message-ID: <066.81ccaa3d5f022a950e6443cfe40607b4@torproject.org> #17558: Copying to clipboard is dangerous -------------------------+-------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: new Priority: High | Milestone: Component: Tor Browser | Version: Severity: Major | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by brade): For future reference: dom/base/nsCopySupport.cpp has some relevant code The easiest approach is probably to implement the clipboard hooks in widget/nsIClipboardDragDropHooks.idl; in particular onCopyOrDrag(). -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Sat Jan 16 09:58:46 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Sat, 16 Jan 2016 09:58:46 -0000 Subject: [tbb-bugs] #9145 [Tor Browser]: Tor Browser for windows is borked because mingw, gcc, and Win32 ABI In-Reply-To: <047.93d46bb1ce41d8ba0af917eae65f985c@torproject.org> References: <047.93d46bb1ce41d8ba0af917eae65f985c@torproject.org> Message-ID: <062.f7a13f844362b0b41905ac155bc56fba@torproject.org> #9145: Tor Browser for windows is borked because mingw, gcc, and Win32 ABI -------------------------+-------------------------- Reporter: dope457 | Owner: tbb-team Type: defect | Status: new Priority: High | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-crash | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Changes (by cypherpunks): * status: needs_information => new Comment: [http://sourceforge.net/p/fbc/bugs/799/ This] and [https://internals.rust- lang.org/t/need-custom-calling-convention-for-com/2389 this] for more observations, elaborations and explanations. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Sat Jan 16 12:04:41 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Sat, 16 Jan 2016 12:04:41 -0000 Subject: [tbb-bugs] #18071 [Tor Browser]: Add new obfs4 bridge riemann to Tor Browser Message-ID: <044.bd1dc3c15190723b5852eed59beb56fa@torproject.org> #18071: Add new obfs4 bridge riemann to Tor Browser -----------------------------+------------------------- Reporter: isis | Owner: tbb-team Type: enhancement | Status: new Priority: Immediate | Milestone: Component: Tor Browser | Version: Severity: Normal | Keywords: tbb-bridges Actual Points: | Parent ID: Points: | Sponsor: -----------------------------+------------------------- There's a new default obfs4 bridge running on an unlimited bandwidth university connection. If possible, we should get it added to TB's default set before 25 January. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Sat Jan 16 12:11:38 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Sat, 16 Jan 2016 12:11:38 -0000 Subject: [tbb-bugs] #18071 [Tor Browser]: Add new obfs4 bridge riemann to Tor Browser In-Reply-To: <044.bd1dc3c15190723b5852eed59beb56fa@torproject.org> References: <044.bd1dc3c15190723b5852eed59beb56fa@torproject.org> Message-ID: <059.72960b3c0fb5c2ca8e86b7d6bec968c1@torproject.org> #18071: Add new obfs4 bridge riemann to Tor Browser -------------------------+------------------------------ Reporter: isis | Owner: tbb-team Type: enhancement | Status: needs_review Priority: Immediate | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-bridges | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+------------------------------ Changes (by isis): * status: new => needs_review Comment: The patch is in my `fix/18071-riemann` [https://github.com/isislovecruft /tor-browser-bundle/tree/fix/18071-riemann branch]. It sets riemann as the first bridge since it has unlimited bandwidth capacity and is not currently blocked. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Sat Jan 16 12:16:41 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Sat, 16 Jan 2016 12:16:41 -0000 Subject: [tbb-bugs] #18072 [Tor Browser]: Change Tor Browser's recommended bridge type to obfs4 Message-ID: <044.ed7a039d8c4e6d40246ba564b989cb94@torproject.org> #18072: Change Tor Browser's recommended bridge type to obfs4 -----------------------------+------------------------- Reporter: isis | Owner: tbb-team Type: enhancement | Status: new Priority: High | Milestone: Component: Tor Browser | Version: Severity: Normal | Keywords: tbb-bridges Actual Points: | Parent ID: Points: | Sponsor: -----------------------------+------------------------- After #18071 is merged, I think we should change the recommended bridge type in Tor Browser to obfs4, given that we now have several high capacity obfs4 bridges and obfs4 is more likely to work in more regions than obfs3. Additionally, if we make it the default type, we're signalling to users that it's what they should be using. Also, obfs4 is the default PT type distributed by BridgeDB. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Sat Jan 16 12:19:05 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Sat, 16 Jan 2016 12:19:05 -0000 Subject: [tbb-bugs] #18072 [Tor Browser]: Change Tor Browser's recommended bridge type to obfs4 In-Reply-To: <044.ed7a039d8c4e6d40246ba564b989cb94@torproject.org> References: <044.ed7a039d8c4e6d40246ba564b989cb94@torproject.org> Message-ID: <059.d4df172cc3b46901d31c6371ca709184@torproject.org> #18072: Change Tor Browser's recommended bridge type to obfs4 -------------------------+------------------------------ Reporter: isis | Owner: tbb-team Type: enhancement | Status: needs_review Priority: High | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-bridges | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+------------------------------ Changes (by isis): * status: new => needs_review Comment: Alright? the patch is in my `fix/18072-recommend-obfs4` [https://github.com/isislovecruft/tor-browser-bundle/tree/fix/18072 -recommend-obfs4 branch]. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Sat Jan 16 12:19:55 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Sat, 16 Jan 2016 12:19:55 -0000 Subject: [tbb-bugs] #18071 [Tor Browser]: Add new obfs4 bridge riemann to Tor Browser In-Reply-To: <044.bd1dc3c15190723b5852eed59beb56fa@torproject.org> References: <044.bd1dc3c15190723b5852eed59beb56fa@torproject.org> Message-ID: <059.384e3b06524a76ba56229becb14e5eb5@torproject.org> #18071: Add new obfs4 bridge riemann to Tor Browser -------------------------+------------------------------ Reporter: isis | Owner: tbb-team Type: enhancement | Status: needs_review Priority: Immediate | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-bridges | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+------------------------------ Comment (by isis): Please see also #18072 which (IMO) we'll want to merge at the same time. -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Sat Jan 16 14:30:58 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Sat, 16 Jan 2016 14:30:58 -0000 Subject: [tbb-bugs] #17958 [Tor Browser]: During logon into this trac over Tor - recaptcha hell (was: can't log into this trac over Tor -- recaptcha hell) In-Reply-To: <046.cf1ac31654ad60dd05395545968dfd25@torproject.org> References: <046.cf1ac31654ad60dd05395545968dfd25@torproject.org> Message-ID: <061.351bae0f0a332cd67ff859b3e1253c55@torproject.org> #17958: During logon into this trac over Tor - recaptcha hell -------------------------+----------------------------------- Reporter: zooko2 | Owner: tbb-team Type: defect | Status: needs_information Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+----------------------------------- Changes (by bugzilla): * status: new => needs_information Comment: Description is correct, summary is incorrect -> changed. You have been logged on after the first correct recaptcha was entered. But the page with a new recaptcha appears again (see "logged in as" on top of it to make sure that logon completed). JS on. The bug is on the site (most likely) or CloudFlare, or Tor Browser (not likely) - so, is adding this ticket to Tor Browser correct? -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Sat Jan 16 14:41:45 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Sat, 16 Jan 2016 14:41:45 -0000 Subject: [tbb-bugs] #9145 [Tor Browser]: Tor Browser for windows is borked because mingw, gcc, and Win32 ABI In-Reply-To: <047.93d46bb1ce41d8ba0af917eae65f985c@torproject.org> References: <047.93d46bb1ce41d8ba0af917eae65f985c@torproject.org> Message-ID: <062.124c600fd0c4f1cc9d571c3dc8ad3c17@torproject.org> #9145: Tor Browser for windows is borked because mingw, gcc, and Win32 ABI -------------------------+-------------------------- Reporter: dope457 | Owner: tbb-team Type: defect | Status: new Priority: High | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-crash | Actual Points: Parent ID: | Points: Sponsor: | -------------------------+-------------------------- Comment (by cypherpunks): [https://msdn.microsoft.com/en- us/library/windows/desktop/dd316820%28v=vs.85%29.aspx ID2D1RenderTarget::GetPixelSize] vs. [https://msdn.microsoft.com/en- us/library/windows/desktop/dn914411%28v=vs.85%29.aspx ID3D12Device::GetAdapterLuid] {{{ virtual D2D1_SIZE_U GetPixelSize() const = 0; }}} vs. {{{ LUID GetAdapterLuid(); }}} {{{ STDMETHOD_(D2D1_SIZE_U, GetPixelSize)() CONST PURE; }}} vs. {{{ STDMETHOD(GetAdapterLUID)(THIS_ UINT Adapter,LUID * pLUID) PURE; }}} Mess and sell (c) M$ -- Ticket URL: Tor Bug Tracker & Wiki The Tor Project: anonymity online From blackhole at torproject.org Sat Jan 16 14:53:03 2016 From: blackhole at torproject.org (Tor Bug Tracker & Wiki) Date: Sat, 16 Jan 2016 14:53:03 -0000 Subject: [tbb-bugs] #17959 [Tor Browser]: NoScript's click-to-play is unusable on YouTube in higher security modes In-Reply-To: <044.eddf7f1a5570bc60d8d7f842d48b71a0@torproject.org> References: <044.eddf7f1a5570bc60d8d7f842d48b71a0@torproject.org> Message-ID: <059.453ea511b22ac3843c38d16d41711d09@torproject.org> #17959: NoScript's click-to-play is unusable on YouTube in higher security modes ---------------------------------------------+-------------------------- Reporter: teor | Owner: tbb-team Type: enhancement | Status: new Priority: Medium | Milestone: Component: Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-usability-website, noscript | Actual Points: Parent ID: | Points: Sponsor: | ---------------------------------------------+-------------------------- Changes (by bugzilla): * keywords: tbb-usability-website => tbb-usability-website, noscript * type: defect => enhancement Comment: NOT A BUG: just youtube behaviour. Not in High mode ('cause js off). NoScript asks: Temporarily allow mediasource:https://www.youtube.com/30d855c7-7be4-4658-ae78-40f36e2d4531 (video/ogg