February 2020 - tor-commits - lists.torproject.org

[translation/tails-misc] https://gitweb.torproject.org/translation.git/commit/?h=tails-misc
by translation＠torproject.org 04 Feb '20

04 Feb '20

commit 1130c702ace330c228da9ebed55823f21c99667b Author: Translation commit bot <translation(a)torproject.org> Date: Tue Feb 4 13:17:22 2020 +0000 https://gitweb.torproject.org/translation.git/commit/?h=tails-misc --- nl.po | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/nl.po b/nl.po index e90f23a96b..90e59097a4 100644 --- a/nl.po +++ b/nl.po @@ -35,8 +35,8 @@ msgstr "" "Project-Id-Version: Tor Project\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-01-06 11:20+0100\n" -"PO-Revision-Date: 2020-02-01 16:30+0000\n" -"Last-Translator: Meteor0id\n" +"PO-Revision-Date: 2020-02-04 13:11+0000\n" +"Last-Translator: Tonnes <tonnes.mb(a)gmail.com>\n" "Language-Team: Dutch (http://www.transifex.com/otf/torproject/language/nl/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -50,7 +50,7 @@ msgstr "Tor is gereed" #: config/chroot_local-includes/etc/NetworkManager/dispatcher.d/60-tor-ready.sh:43 msgid "You can now access the Internet." -msgstr "U heeft nu toegang tot het internet." +msgstr "U hebt nu toegang tot het internet." #: config/chroot_local-includes/etc/whisperback/config.py:69 #, python-format @@ -517,7 +517,7 @@ msgid "" "${filename}\n" "\n" "Renaming it to keepassx.kdbx would allow KeePassXC to open it automatically in the future." -msgstr "<big>Wilt u uw KeePassXC-database hernoemen?</big>\n\nU heeft een KeePassXC-database in uw map Persistent:\n\n${filename}\n\nHernoemen hiervan naar keepassx.kdbx zorgt ervoor dat KeePassXC deze in de toekomst automatisch kan openen." +msgstr "<big>Wilt u uw KeePassXC-database hernoemen?</big>\n\nU hebt een KeePassXC-database in uw map Persistent:\n\n${filename}\n\nHernoemen hiervan naar keepassx.kdbx zorgt ervoor dat KeePassXC deze in de toekomst automatisch kan openen." #: config/chroot_local-includes/usr/local/bin/keepassxc:23 msgid "Rename" @@ -541,13 +541,13 @@ msgstr "Fout" msgid "" "The device Tails is running from cannot be found. Maybe you used the 'toram'" " option?" -msgstr "Het apparaat waarop Tails wordt uitgevoerd, kan niet worden gevonden. Misschien heeft u de optie 'toram' gebruikt?" +msgstr "Het apparaat waarop Tails wordt uitgevoerd, kan niet worden gevonden. Misschien hebt u de optie 'toram' gebruikt?" #: config/chroot_local-includes/usr/src/perl5lib/lib/Tails/RunningSystem.pm:253 msgid "" "The drive Tails is running from cannot be found. Maybe you used the 'toram' " "option?" -msgstr "Het station waarop Tails wordt uitgevoerd, kan niet worden gevonden. Misschien heeft u de optie 'toram' gebruikt?" +msgstr "Het station waarop Tails wordt uitgevoerd, kan niet worden gevonden. Misschien hebt u de optie 'toram' gebruikt?" #: config/chroot_local-includes/usr/share/gnome-shell/extensions/status-menu-helper@tails.boum.org/extension.js:75 msgid "Lock screen" @@ -1276,7 +1276,7 @@ msgstr "Alle netwerken uitschakelen" msgid "" "You will configure the Tor bridge and local proxy later on after connecting " "to a network." -msgstr "De Tor-bridge en lokale proxy stelt u later in nadat u verbinding met een netwerk heeft gemaakt." +msgstr "De Tor-bridge en lokale proxy stelt u later in nadat u verbinding met een netwerk hebt gemaakt." #: ../config/chroot_local-includes/usr/share/tails/greeter/main.ui.in:152 msgid "Welcome to Tails!"

1 0

[translation/policies-code_of_conducttxtpot] https://gitweb.torproject.org/translation.git/commit/?h=policies-code_of_conducttxtpot
by translation＠torproject.org 04 Feb '20

04 Feb '20

commit e63d3de0d2f27b05e25ff5bdd265b4e212fb3eac Author: Translation commit bot <translation(a)torproject.org> Date: Tue Feb 4 13:17:00 2020 +0000 https://gitweb.torproject.org/translation.git/commit/?h=policies-code_of_co… --- code_of_conduct+nl.po | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/code_of_conduct+nl.po b/code_of_conduct+nl.po index 15a5714434..f1831b3596 100644 --- a/code_of_conduct+nl.po +++ b/code_of_conduct+nl.po @@ -6,8 +6,8 @@ # # Translators: # kwadronaut <kwadronaut(a)autistici.org>, 2019 -# Tonnes <tonnes.mb(a)gmail.com>, 2019 -# Meteor0id, 2020 +# Meteor0id, 2019 +# Tonnes <tonnes.mb(a)gmail.com>, 2020 # #, fuzzy msgid "" @@ -15,7 +15,7 @@ msgstr "" "Project-Id-Version: Code of conduct of the Tor Project\n" "POT-Creation-Date: 2019-08-02 12:00+0000\n" "PO-Revision-Date: 2019-08-27 18:54+0000\n" -"Last-Translator: Meteor0id, 2020\n" +"Last-Translator: Tonnes <tonnes.mb(a)gmail.com>, 2020\n" "Language-Team: Dutch (https://www.transifex.com/otf/teams/1519/nl/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -85,7 +85,7 @@ msgid "" "0. Summary: Don't be a jerk. Be awesome instead.\n" "============================================================\n" msgstr "" -"0. Samenvatting: wees geen eikel. Wees liever lief.\n" +"0. Samenvatting: wees geen eikel. Wees liever geweldig.\n" "============================================================\n" #. type: Plain text @@ -527,7 +527,7 @@ msgstr "" #. type: Bullet: ' - ' #: ../code_of_conduct.txt:203 msgid "if you have questions or concerns about the code of conduct, or" -msgstr "als u vragen of zorgen heeft over de gedragscode, of" +msgstr "als u vragen of zorgen hebt over de gedragscode, of" #. type: Bullet: ' - ' #: ../code_of_conduct.txt:205

1 0

[translation/bridgedb_completed] https://gitweb.torproject.org/translation.git/commit/?h=bridgedb_completed
by translation＠torproject.org 04 Feb '20

04 Feb '20

commit 09bce4ee7dd371d83d5208bb505d48a3e5b0de8f Author: Translation commit bot <translation(a)torproject.org> Date: Tue Feb 4 13:15:21 2020 +0000 https://gitweb.torproject.org/translation.git/commit/?h=bridgedb_completed --- nl/LC_MESSAGES/bridgedb.po | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nl/LC_MESSAGES/bridgedb.po b/nl/LC_MESSAGES/bridgedb.po index 9931a8db94..5e8ff9f79a 100644 --- a/nl/LC_MESSAGES/bridgedb.po +++ b/nl/LC_MESSAGES/bridgedb.po @@ -20,7 +20,7 @@ # Marco Brohet <inactive+therbom(a)transifex.com>, 2012 # Tom Becht <tombecht(a)live.nl>, 2014 # Tonko Mulder <tonko(a)tonkomulder.nl>, 2015 -# Tonnes <tonnes.mb(a)gmail.com>, 2019 +# Tonnes <tonnes.mb(a)gmail.com>, 2019-2020 # math1985 <transifex(a)matthijsmelissen.nl>, 2013 # BBLN <webmaster(a)bbln.nl>, 2014 msgid "" @@ -28,8 +28,8 @@ msgstr "" "Project-Id-Version: Tor Project\n" "Report-Msgid-Bugs-To: 'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB&keywo…'\n" "POT-Creation-Date: 2019-10-19 14:51-0700\n" -"PO-Revision-Date: 2020-02-01 16:27+0000\n" -"Last-Translator: Meteor0id\n" +"PO-Revision-Date: 2020-02-04 13:05+0000\n" +"Last-Translator: Tonnes <tonnes.mb(a)gmail.com>\n" "Language-Team: Dutch (http://www.transifex.com/otf/torproject/language/nl/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n"

1 0

[translation/bridgedb] https://gitweb.torproject.org/translation.git/commit/?h=bridgedb
by translation＠torproject.org 04 Feb '20

04 Feb '20

commit 1d5678a6763a444de1e3fbaf49217263ae22a61a Author: Translation commit bot <translation(a)torproject.org> Date: Tue Feb 4 13:15:14 2020 +0000 https://gitweb.torproject.org/translation.git/commit/?h=bridgedb --- nl/LC_MESSAGES/bridgedb.po | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/nl/LC_MESSAGES/bridgedb.po b/nl/LC_MESSAGES/bridgedb.po index 96e7dc1d6d..13db9ca50f 100644 --- a/nl/LC_MESSAGES/bridgedb.po +++ b/nl/LC_MESSAGES/bridgedb.po @@ -20,7 +20,7 @@ # Marco Brohet <inactive+therbom(a)transifex.com>, 2012 # Tom Becht <tombecht(a)live.nl>, 2014 # Tonko Mulder <tonko(a)tonkomulder.nl>, 2015 -# Tonnes <tonnes.mb(a)gmail.com>, 2019 +# Tonnes <tonnes.mb(a)gmail.com>, 2019-2020 # math1985 <transifex(a)matthijsmelissen.nl>, 2013 # BBLN <webmaster(a)bbln.nl>, 2014 msgid "" @@ -28,8 +28,8 @@ msgstr "" "Project-Id-Version: Tor Project\n" "Report-Msgid-Bugs-To: 'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB&keywo…'\n" "POT-Creation-Date: 2019-10-19 14:51-0700\n" -"PO-Revision-Date: 2020-02-01 16:27+0000\n" -"Last-Translator: Meteor0id\n" +"PO-Revision-Date: 2020-02-04 13:05+0000\n" +"Last-Translator: Tonnes <tonnes.mb(a)gmail.com>\n" "Language-Team: Dutch (http://www.transifex.com/otf/torproject/language/nl/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -337,12 +337,12 @@ msgstr "Selecteer opties voor bridge-type:" #: bridgedb/strings.py:129 msgid "Do you need IPv6 addresses?" -msgstr "Heeft u IPv6-adressen nodig?" +msgstr "Hebt u IPv6-adressen nodig?" #: bridgedb/strings.py:130 #, python-format msgid "Do you need a %s?" -msgstr "Heeft u een %s nodig?" +msgstr "Hebt u een %s nodig?" #: bridgedb/strings.py:134 msgid "Your browser is not displaying images properly."

1 0

[tor/master] Merge branch 'tor-github/pr/1704'
by asn＠torproject.org 04 Feb '20

04 Feb '20

commit 2a5e641cfe8f798c0cdb10f1a9d25b80f089dcce Merge: 6c749bf38 08f31e405 Author: George Kadianakis <desnacked(a)riseup.net> Date: Tue Feb 4 13:09:41 2020 +0100 Merge branch 'tor-github/pr/1704' changes/ticket33139 | 3 ++ src/feature/hs/hs_client.c | 22 ++++++++++ src/feature/hs/hs_client.h | 2 + src/test/test_hs_client.c | 100 +++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 127 insertions(+)

1 0

[tor/master] hs-v3: Purge ephemeral client auth on NEWNYM
by asn＠torproject.org 04 Feb '20

04 Feb '20

commit 08f31e405d34fe47a8a4ae6e304058051c7818b6 Author: David Goulet <dgoulet(a)torproject.org> Date: Mon Feb 3 11:57:30 2020 -0500 hs-v3: Purge ephemeral client auth on NEWNYM Fixes #33139. Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- changes/ticket33139 | 3 ++ src/feature/hs/hs_client.c | 22 ++++++++++ src/feature/hs/hs_client.h | 2 + src/test/test_hs_client.c | 100 +++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 127 insertions(+) diff --git a/changes/ticket33139 b/changes/ticket33139 new file mode 100644 index 000000000..a90ab8f73 --- /dev/null +++ b/changes/ticket33139 @@ -0,0 +1,3 @@ + o Minor bugfixes (Onion service client, authorization): + - On a NEWNYM signal, purge the ephemeral client authorization cache. The + permanent ones are kept. Fixes bug 33139; bugfix on 0.4.3.1-alpha. diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c index bcb0495c6..611cc5430 100644 --- a/src/feature/hs/hs_client.c +++ b/src/feature/hs/hs_client.c @@ -1249,6 +1249,26 @@ can_client_refetch_desc(const ed25519_public_key_t *identity_pk, return 0; } +/** Purge the client authorization cache of all ephemeral entries that is the + * entries that are not flagged with CLIENT_AUTH_FLAG_IS_PERMANENT. + * + * This is called from the hs_client_purge_state() used by a SIGNEWNYM. */ +STATIC void +purge_ephemeral_client_auth(void) +{ + DIGEST256MAP_FOREACH_MODIFY(client_auths, key, + hs_client_service_authorization_t *, auth) { + /* Cleanup every entry that are _NOT_ permanent that is ephemeral. */ + if (!(auth->flags & CLIENT_AUTH_FLAG_IS_PERMANENT)) { + MAP_DEL_CURRENT(key); + client_service_authorization_free(auth); + } + } DIGESTMAP_FOREACH_END; + + log_info(LD_REND, "Client onion service ephemeral authorization " + "cache has been purged."); +} + /** Return the client auth in the map using the service identity public key. * Return NULL if it does not exist in the map. */ static hs_client_service_authorization_t * @@ -2433,6 +2453,8 @@ hs_client_purge_state(void) hs_cache_purge_as_client(); /* Purge the last hidden service request cache. */ hs_purge_last_hid_serv_requests(); + /* Purge ephemeral client authorization. */ + purge_ephemeral_client_auth(); log_info(LD_REND, "Hidden service client state has been purged."); } diff --git a/src/feature/hs/hs_client.h b/src/feature/hs/hs_client.h index 56b24a411..3660bfa96 100644 --- a/src/feature/hs/hs_client.h +++ b/src/feature/hs/hs_client.h @@ -162,6 +162,8 @@ MOCK_DECL(STATIC hs_client_fetch_status_t, STATIC void retry_all_socks_conn_waiting_for_desc(void); +STATIC void purge_ephemeral_client_auth(void); + #ifdef TOR_UNIT_TESTS STATIC void set_hs_client_auths_map(digest256map_t *map); diff --git a/src/test/test_hs_client.c b/src/test/test_hs_client.c index 9f09cc3ec..5f7fe9c40 100644 --- a/src/test/test_hs_client.c +++ b/src/test/test_hs_client.c @@ -80,6 +80,23 @@ mock_networkstatus_get_live_consensus(time_t now) } static int +mock_write_str_to_file(const char *path, const char *str, int bin) +{ + (void) bin; + (void) path; + (void) str; + return 0; +} + +static or_options_t mocked_options; + +static const or_options_t * +mock_get_options(void) +{ + return &mocked_options; +} + +static int helper_config_client(const char *conf, int validate_only) { int ret = 0; @@ -1330,6 +1347,85 @@ test_close_intro_circuit_failure(void *arg) hs_free_all(); } +static void +test_purge_ephemeral_client_auth(void *arg) +{ + ed25519_keypair_t service_kp; + hs_client_service_authorization_t *auth = NULL; + hs_client_register_auth_status_t status; + + (void) arg; + + /* We will try to write on disk client credentials. */ + MOCK(check_private_dir, mock_check_private_dir); + MOCK(get_options, mock_get_options); + MOCK(write_str_to_file, mock_write_str_to_file); + + /* Boggus directory so when we try to write the permanent client + * authorization data to disk, we don't fail. See + * store_permanent_client_auth_credentials() for more details. */ + mocked_options.ClientOnionAuthDir = tor_strdup("auth_dir"); + + hs_init(); + + /* Generate service keypair */ + tt_int_op(0, OP_EQ, ed25519_keypair_generate(&service_kp, 0)); + + /* Generate a client authorization object. */ + auth = tor_malloc_zero(sizeof(hs_client_service_authorization_t)); + + /* Set it up. No flags meaning it is ephemeral. */ + curve25519_secret_key_generate(&auth->enc_seckey, 0); + hs_build_address(&service_kp.pubkey, HS_VERSION_THREE, auth->onion_address); + auth->flags = 0; + + /* Confirm that there is nothing in the client auth map. It is unallocated + * until we add the first entry. */ + tt_assert(!get_hs_client_auths_map()); + + /* Add an entry to the client auth list. We loose ownership of the auth + * object so nullify it. */ + status = hs_client_register_auth_credentials(auth); + auth = NULL; + tt_int_op(status, OP_EQ, REGISTER_SUCCESS); + + /* We should have the entry now. */ + digest256map_t *client_auths = get_hs_client_auths_map(); + tt_assert(client_auths); + tt_int_op(digest256map_size(client_auths), OP_EQ, 1); + + /* Purge the cache that should remove all ephemeral values. */ + purge_ephemeral_client_auth(); + tt_int_op(digest256map_size(client_auths), OP_EQ, 0); + + /* Now add a new authorization object but permanent. */ + /* Generate a client authorization object. */ + auth = tor_malloc_zero(sizeof(hs_client_service_authorization_t)); + curve25519_secret_key_generate(&auth->enc_seckey, 0); + hs_build_address(&service_kp.pubkey, HS_VERSION_THREE, auth->onion_address); + auth->flags = CLIENT_AUTH_FLAG_IS_PERMANENT; + + /* Add an entry to the client auth list. We loose ownership of the auth + * object so nullify it. */ + status = hs_client_register_auth_credentials(auth); + auth = NULL; + tt_int_op(status, OP_EQ, REGISTER_SUCCESS); + tt_int_op(digest256map_size(client_auths), OP_EQ, 1); + + /* Purge again, the entry should still be there. */ + purge_ephemeral_client_auth(); + tt_int_op(digest256map_size(client_auths), OP_EQ, 1); + + done: + client_service_authorization_free(auth); + hs_free_all(); + tor_free(mocked_options.ClientOnionAuthDir); + + UNMOCK(check_private_dir); + UNMOCK(get_options); + UNMOCK(write_str_to_file); +} + struct testcase_t hs_client_tests[] = { { "e2e_rend_circuit_setup_legacy", test_e2e_rend_circuit_setup_legacy, TT_FORK, NULL, NULL }, @@ -1357,5 +1453,9 @@ struct testcase_t hs_client_tests[] = { /* SOCKS5 Extended Error Code. */ { "socks_hs_errors", test_socks_hs_errors, TT_FORK, NULL, NULL }, + /* Client authorization. */ + { "purge_ephemeral_client_auth", test_purge_ephemeral_client_auth, TT_FORK, + NULL, NULL }, + END_OF_TESTCASES };

1 0

[tor/master] Merge branch 'tor-github/pr/1700'
by asn＠torproject.org 04 Feb '20

04 Feb '20

commit 6c749bf38ccf0ed9967482e1f0ca79b41ba7f9c7 Merge: ff5205175 e4245e2a6 Author: George Kadianakis <desnacked(a)riseup.net> Date: Tue Feb 4 13:06:00 2020 +0100 Merge branch 'tor-github/pr/1700' changes/ticket32706 | 4 ++++ src/feature/rend/rendmid.c | 22 +++++++++++----------- 2 files changed, 15 insertions(+), 11 deletions(-)

1 0

[tor/master] hs-v2: Turn logs into protocol warning
by asn＠torproject.org 04 Feb '20

04 Feb '20

commit e4245e2a6b43b7dc9ab1bbc5b6fec13b479d744f Author: David Goulet <dgoulet(a)torproject.org> Date: Thu Jan 30 11:14:50 2020 -0500 hs-v2: Turn logs into protocol warning All of those can be triggered remotely so change them to protocol warnings. Fixes #32706 Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- changes/ticket32706 | 4 ++++ src/feature/rend/rendmid.c | 22 +++++++++++----------- 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/changes/ticket32706 b/changes/ticket32706 new file mode 100644 index 000000000..d330decf3 --- /dev/null +++ b/changes/ticket32706 @@ -0,0 +1,4 @@ + o Minor bugfixes (onion service v2): + - Move a series of warnings to protocol warning level because they can all + be triggered remotely by a malformed request. Fixes bug 32706; bugfix on + 0.1.1.14-alpha. diff --git a/src/feature/rend/rendmid.c b/src/feature/rend/rendmid.c index 752375b6d..a473f0c7e 100644 --- a/src/feature/rend/rendmid.c +++ b/src/feature/rend/rendmid.c @@ -59,7 +59,7 @@ rend_mid_establish_intro_legacy(or_circuit_t *circ, const uint8_t *request, pk = crypto_pk_asn1_decode((char*)(request+2), asn1len); if (!pk) { reason = END_CIRC_REASON_TORPROTOCOL; - log_warn(LD_PROTOCOL, "Couldn't decode public key."); + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Couldn't decode public key."); goto err; } @@ -81,7 +81,7 @@ rend_mid_establish_intro_legacy(or_circuit_t *circ, const uint8_t *request, (char*)request, 2+asn1len+DIGEST_LEN, (char*)(request+2+DIGEST_LEN+asn1len), request_len-(2+DIGEST_LEN+asn1len))<0) { - log_warn(LD_PROTOCOL, + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Incorrect signature on ESTABLISH_INTRO cell; rejecting."); reason = END_CIRC_REASON_TORPROTOCOL; goto err; @@ -162,9 +162,9 @@ rend_mid_introduce_legacy(or_circuit_t *circ, const uint8_t *request, if (request_len < (DIGEST_LEN+(MAX_NICKNAME_LEN+1)+REND_COOKIE_LEN+ DH1024_KEY_LEN+CIPHER_KEY_LEN+ PKCS1_OAEP_PADDING_OVERHEAD)) { - log_warn(LD_PROTOCOL, "Impossibly short INTRODUCE1 cell on circuit %u; " - "responding with nack.", - (unsigned)circ->p_circ_id); + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Impossibly short INTRODUCE1 cell on circuit %u; " + "responding with nack.", (unsigned)circ->p_circ_id); goto err; } @@ -258,7 +258,7 @@ rend_mid_establish_rendezvous(or_circuit_t *circ, const uint8_t *request, } if (circ->base_.n_chan) { - log_warn(LD_PROTOCOL, + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Tried to establish rendezvous on non-edge circuit"); goto err; } @@ -270,8 +270,8 @@ rend_mid_establish_rendezvous(or_circuit_t *circ, const uint8_t *request, } if (hs_circuitmap_get_rend_circ_relay_side(request)) { - log_warn(LD_PROTOCOL, - "Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS."); + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS."); goto err; } @@ -313,9 +313,9 @@ rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request, int reason = END_CIRC_REASON_INTERNAL; if (circ->base_.purpose != CIRCUIT_PURPOSE_OR || circ->base_.n_chan) { - log_info(LD_REND, - "Tried to complete rendezvous on non-OR or non-edge circuit %u.", - (unsigned)circ->p_circ_id); + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Tried to complete rendezvous on non-OR or non-edge circuit %u.", + (unsigned)circ->p_circ_id); reason = END_CIRC_REASON_TORPROTOCOL; goto err; }

1 0

[community/master] Rewrote and reviewed Gettor distribution methods GSoC project
by pili＠torproject.org 04 Feb '20

04 Feb '20

commit fdd0886a289e357d010cedb8d050564d66fafccf Author: Pili Guerra <pili(a)piliguerra.com> Date: Tue Feb 4 12:05:52 2020 +0100 Rewrote and reviewed Gettor distribution methods GSoC project --- content/gsoc/gettor-distribution/contents.lr | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/content/gsoc/gettor-distribution/contents.lr b/content/gsoc/gettor-distribution/contents.lr index 19213f2..b39c92e 100644 --- a/content/gsoc/gettor-distribution/contents.lr +++ b/content/gsoc/gettor-distribution/contents.lr @@ -14,22 +14,37 @@ color: primary --- key: 2 --- -languages: python +languages: +python +ansible --- org: Tor --- -mentors: cohos, hiro +mentors: +cohosh +hiro --- difficulty: --- -title: Implement a new distribution methods for GetTor +title: Implement new distribution methods for GetTor --- subtitle: -This project would implement a feature to distribute Tor Browser downloads through Telegram or Facebook messenger. +This project should implement a feature to distribute Tor Browser downloads through Telegram or Facebook messenger. --- body: +# Problem -Tor Browser ships with a few different anti-censorship tools to allow people free and open access to Internet content. However, some places censor Tor Browser downloads, making it difficult for users to install it in the first place. GetTor is a system for distributing Tor Browser using alternative methods such as email or Twitter to send users authenticated links to Tor Browser binaries. We are looking to expand the ways in which GetTor distributes these binaries. This project would implement a feature to distribute Tor Browser downloads through Telegram or Facebook messenger. \ No newline at end of file +Tor Browser ships with a few different anti-censorship tools to allow people free and open access to Internet content. However, some places censor Tor Browser downloads, making it difficult for users to install it in the first place. + +# Proposal + +[GetTor](https://gettor.torproject.org/) is a system for distributing Tor Browser using alternative methods such as email or Twitter to send users authenticated links to Tor Browser binaries. + +We are looking to expand the ways in which GetTor distributes Tor Browser binaries to make it easier for people to download and install Tor Browser. This project would consist in implementing a feature in GetTor to distribute Tor Browser downloads through Telegram and/or Facebook messenger. + +# Resources + +- GetTor repo on github: https://github.com/torproject/gettor \ No newline at end of file

1 0

[community/master] Update GSoC CF project details
by pili＠torproject.org 04 Feb '20

04 Feb '20

commit ae31484c9b429b1f8b06c1869a6417a99b67f596 Author: Pili Guerra <pili(a)piliguerra.com> Date: Tue Feb 4 12:02:58 2020 +0100 Update GSoC CF project details --- .../gsoc/cloudflare-captcha-monitoring/contents.lr | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/content/gsoc/cloudflare-captcha-monitoring/contents.lr b/content/gsoc/cloudflare-captcha-monitoring/contents.lr index 332ca2a..dbdc7e4 100644 --- a/content/gsoc/cloudflare-captcha-monitoring/contents.lr +++ b/content/gsoc/cloudflare-captcha-monitoring/contents.lr @@ -15,46 +15,47 @@ color: primary key: 1 --- languages: +python javascript --- mentors: GeKo, arma --- difficulty: medium --- -title: Cloudflare Captcha Monitoring +title: Cloudflare CAPTCHA Monitoring --- subtitle: -This project should implement a mechanism to track the rate that Cloudflare fronted webpages return captchas to Tor users over time. +This project should implement a mechanism to track the rate that Cloudflare fronted webpages return CAPTCHAs to Tor users over time. --- body: # Problem -A large number of Tor users report getting hit by infinite captcha loops when visiting webpages fronted by Cloudflare. This makes them feel punished for using Tor to protect their privacy and prevents them from legitimately accessing websites. +A large number of Tor users report getting hit by infinite CAPTCHA loops when visiting webpages fronted by Cloudflare. This makes them feel punished for using Tor to protect their privacy and prevents them from legitimately accessing websites. # Proposal -For this project we would like to track in practice how often Cloudflare fronted webpages return captchas to Tor clients. +For this project we would like to track in practice how often Cloudflare fronted webpages return CAPTCHAs to Tor clients. Our proposed approach consists of: 1. Setting up a very simple static webpage to be fronted by Cloudflare -2. Write an application which small client to periodically fetch this static webpage via Tor and record how often a captcha is returned -3. Record and graph captcha vs real page rates +2. Write a web client to periodically fetch this static webpage via Tor and record how often a CAPTCHA is returned +3. Record and graph CAPTCHA vs real page rates 4. Using the pre-existing architecture, run a second client that does not fetch this webpage via Tor. This will allow us to contrast and compare how Cloudflare responds to Tor Browser vs other browsers. 5. Track and publish these details publicly There are two interesting metrics to track over time: -- the fraction of exit relays that are getting hit with captchas, and -- the chance that a Tor client, choosing an exit relay in the normal weighted faction, will get hit by a captcha. +- the fraction of exit relays that are getting hit with CAPTCHAs, and +- the chance that a Tor client, choosing an exit relay in the normal weighted faction, will get hit by a CAPTCHA. Then there are other interesting patterns to look for: - Are certain IP addresses punished consistently and others never punished? -- Is whether you get a captcha much more probabilistic and transient? +- Is whether you get a CAPTCHA much more probabilistic and transient? - Does that pattern change over time? # Resources

1 0