tor-project February 2025

tor-project@lists.torproject.org

7 participants
7 discussions

Repurposing the Global South Mailing List
by Za'atar زَعْتَر 04 Feb '25

04 Feb '25

Hello, The Global South mailing list has been quiet for some time, and the Tor community team has decided to repurpose it for Tor partners in the Global South. Moving forward, we will use it to share updates on activities such as online meetups, Privacy Resilience Grants, in-person training-of-trainers opportunities (Tor Training Academy), and more. The list will be refreshed today, Tuesday, February 4th. We invite everyone to join the Tor forum: https://forum.torproject.org/ Thank you, Za'atar

1 0

intrigeri's report, January 2025
by intrigeri 04 Feb '25

04 Feb '25

Hi, User-visible ============ I've reviewed and supported the work of my team-mates on a number of high priority user-visible improvements. User-invisible ============== Apart of the usual amount of KTLO work: - I've been coordinating the search for new maintainers for Metadata Cleaner: https://forum.torproject.org/t/metadata-cleaner-is-looking-for-a-new-co-mai… - I have automated some Git operations that were previously done manually every time we merged changes into our main development branch. - I have fixed several vulnerabilities that were found by Radically Open Security as part of their recent security audit of Tails. Sadly, some of them were similar to those found during their previous audit. We want to learn from this, stay tuned! - I created automation that ensures we won't reintroduce 1 of the types of vulnerability that were found during this audit. Team lead ========= - We, the Tails Team, have been working on our priorities for 2025 together with sajolida (UX). I'll publish a cleaned up version shortly. - I've learned how the grant reporting process works at Tor. - I've deleted or updated public documentation for Tails contributors that was made obsolete by the merge with Tor. Accounting ========== I've reviewed partial books from 1 of Tails' previous fiscal sponsors, as part of the transition to Tails' new nest, the Tor project. Cheers, -- intrigeri

1 0

Nina’s Monthly Status Report, January, 2025
by Nina 03 Feb '25

03 Feb '25

Hi! Below is my January’25 report! In January, I resolved a total of 904 tickets, a decrease of 775 from the previous month (total: 1679): - RT (frontdesk@tpo) - 191 (↓28) - Telegram (@TorProjectSupportBot) - 712 (↓747) - WhatsApp (+447421000612) - 1 (1) - Signal (+17787431312) - 0 (0). My main focus in January (and always) was supporting Russian-speaking users in bypassing internet censorship. So I shared censorship circumvention instructions, helped users resolve any issues they are facing with Tor Browser, and collected their feedback on what worked for them and what didn’t. I also took part in Tor Forum moderation and worked on reviewing Google Play Store users' reviews. For the first in the last six months, we observed a decrease in support tickets from Russian-speaking users. Despite this decrease, the number of tickets is still higher than in July-2024, when new censorship activities by Roskomnadzor were detected[1]. I created a new ticket to track censorship in Russia in 2025[2]. ## Elections in Belarus In January there were Presidential Elections in Belarus [3]. On the eve of the elections many VPN services and websites were blocked in the country [4]. It seems Tor remained accessiblewith bridges[5],however some users reported difficulties in finding working bridges. *##**Google Play Reviews for Tor Browser**(TBA)**and Tor Browser Alpha**for Android* - Tor Browser for Android (TBA) had a Google Play rating of 4.389 (↑) stars in January 2025, which is higher than in December. - Tor Browser for Android (TBA) got 774 (↑17) reviews out of 60,429 for the lifetime. - Tor Browser for Android Alpha (TBA-Alpha) app had a rating of 4.219 (↓) which is lower than in December. - In January, Tor Browser for Android (TBA-Alpha) got 37 (0) reviews out of 8,448 for the lifetime. ## Most common issues on the Google Play store reviews - “Tor Browser doesn’t work”: - often from Russian users, who are struggling to find a way to connect to Tor; - “Tor speed is too slow”: I use a template asking to refresh the Tor circuit or contact Tor Browser support. In the reviews I also encountered an issue of Tor Browserfor Androidfreezes when used on Realme GT NEO 3 smartphone[6]. [1] https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… [2] https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… [3] https://en.wikipedia.org/wiki/2025_Belarusian_presidential_election [4] https://news.zerkalo.io/life/89461.html?tg=4 [5] https://metrics.torproject.org/userstats-bridge-combined.html?start=2024-10… <https://metrics.torproject.org/userstats-bridge-combined.html?start=2024-10…> [6] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43444

1 0

cve's monthly status report
by Clara Engler 03 Feb '25

03 Feb '25

Hello tor-project@, the following contains a summary of the work that I have done in January 2025. ## onionmasq * Integration test for the isolation cookie feature * Requires the use of connected UDP for the existing tests * Wrote unit test for the `config` module * Wrote unit test for the `scaffolding` module * Added IPv6 integration tests alongside all existing IPv4 integration tests * This achieves a full dual-stack testing environment * Added a feature to disable file system permission checks * This feature is crucial for CI integration * Fixed a bug in the arti documentation alongside * **Added integration tests to CI** * Many thanks to micah@ for providing a privileged container * Gives reproducible coverage numbers which is great, currently at >80% * Replaced loopback IP addresses in the integration test suite with real but private IPs * Replaces `127.0.0.1` with `172.23.39.177/12` * Replaces `::1` with `fd5b:955e:ad4d::` * Both IPs have no deep meaning and were randomly generated, with input given by Diziet * Disabled the use of namespaces in CI, as isolation makes no sense there * Fixed a clippy warning * Upgraded various dependencies * More or less finished providing basic test infrastructure * We are currently slightly above 80% coverage, doing more is possible, but probably not sustainable, due to the logarithmic nature of increasing test coverage ## oniux * Began working on a very new prototype for replacing `torsocks` with a namespace based approach * This is still very much WIP, the design concept is done and I am currently working on a prototype * It is open space and I will keep this mailing list informed about further progress * Name is also WIP 🙂 Thank You Clara

1 0

Rhatto's Monthly Status Report, January 2025
by rhatto 03 Feb '25

03 Feb '25

Hi all :) This is my monthly status report for January 2025 with the main relevant activities I have done, was involved or are related to my work during the period. ## Onionbalance docs Onionbalance documentation was refactored and updated: https://onionservices.torproject.org/apps/base/onionbalance/ Highlights: * New Security page, thanks to Pascal Tippe: https://onionservices.torproject.org/apps/base/onionbalance/security/ * Added an API page: https://onionservices.torproject.org/apps/base/onionbalance/api/ * Removed the old v2 docs. ## Onionsite Checklist Improved the Onionsite Checklist with two new sections: * https://onionservices.torproject.org/apps/web/checklist/#general-advice * https://onionservices.torproject.org/apps/web/checklist/#incident-response ## Support Did the ongoing sponsored work with deployment, maintenance and monitoring of Onion Services. -- Silvio Rhatto pronouns he/him Festina lente -- move slow and fix things. I sent this message during my active hours, which might be different from yours. I'm fine if you take your time to answer, and usually takes some time for me to answer.

1 0

Felicia's Montly Status Report, January 2025
by Priscila 03 Feb '25

03 Feb '25

Hi everyone, This is my status report for January 2025. I still have some tasks waiting for review, so the following list is about the new ones that I got to work this month: [1] Improve torconnect layouts for medium and expanded screen sizes: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42429 [2] Decide what to do with the "Choose a bridge for me" button in Connection settings: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42477 [3] Warn users about Connection Assist removing user-added bridges: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42546 [4] Improve the flows for manually added bridges and their validation: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41913 [5] Validate user added bridge lines on Android: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42633 (related to task number 4) [6] Improve Android’s bridge settings UI: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41187 Best, Priscila (aka Felicia) - UX Team

1 0

PieroV's Monthly Status Report, January 2025
by Pier Angelo Vendrame 01 Feb '25

01 Feb '25

Hi everyone! Here is my status report for January 2025. At the beginning of this month, I continued fixing the letterboxing tests needed for the uplift process. There were several platform-specific failures, so I had to set up a Windows build and test environment for Firefox. It was the first time (we usually cross-compile Tor Browser), and it took me some time. Eventually, I got the Bug [0] to add some letterboxing exemptions landed. Then, I opened a stack of patches (authored by ma1) on Phabricator for the next Bug [1]. They have not been merged, yet, because some parts still need the desktop theme reviewers' approval. I also continued to help formalize the RR rebase process, and we merged the first version [2]. After that, I created the first MR to start this process, with the rebase of our patches onto Firefox 129 [3]. I checked the Firefox release calendar [4], and I suggested we keep a pace of one RR rebase every week. If we manage to, we will reach upstream by the end of March, with the rebase onto Firefox 138, and we will have some time in case we have problems with some versions since our objective is to be in sync with Firefox 129b1, which is scheduled for around the end of April. This month, I also tried to continue the fingerprinting fight effort, which involved some investigations that eventually resulted in small tasks. I started with v-sync on Wayland after we got an issue about possible refresh rate leaks [5]. Another task was controlling our macOS font allow list [6]. I had to verify some details in various macOS versions, and eventually, I will have to ask about Japanese fonts to Mozilla experts. Then, I started investigating why new windows are rounded incorrectly [7] and I briefly checked the overlay scrollbars [8]. Apart from this, I also helped with the regular releases. I rebased alpha onto 128.6.0esr at the beginning of the month, and I prepared the 14.5a2 release. Then, at the end of the month, I rebased stable and alpha onto 128.7.0esr and legacy onto 115.20.0esr. Finally, I started writing an uplift wish list for ESR 140 [9]. Best, Pier [0] https://bugzilla.mozilla.org/show_bug.cgi?id=1555815 [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1556016 [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… [3] https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… [4] https://whattrainisitnow.com/ [5] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43236 [6] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43378 [7] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43205 [8] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22137 [9] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40789#n…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

tor-project February 2025