- tor-project - lists.torproject.org

PieroV's Monthly Status Report, June 2025
by Pier Angelo Vendrame 02 Jul '25

02 Jul '25

Hi everyone, Here is my status report for June 2025. During the first week of the month, I attended the web engines hack fest [wehf]. After I came back, I've worked only on the ESR transition. First, I've finalized the toolchain updates [tor-browser-build!1212] [tor-browser-build!1232]. It took me a while to complete the MR for Android because we might have a reproducibility problem caused by the R8 optimizer [tor-browser-build#41495]. Eventually, I decided to send the MR for review, and to come back to reproducibility problems we might find when building 15.0a1. Also, I investigated our new APK sizing problems and modified our scripts to build little-t-tor and its dependencies with clang's option `-Oz` [tor-browser-build!1242]. In this way, we saved almost 400kB, which is not bad at all, considering our limit is 100MB. Then, when 140.0esr was released upstream, I rebased onto it. However, I still haven't opened an MR because we are switching to Firefox's new git history for it, and we needed to assess the effects on our infrastructure first. Finally, I commented the HTML version of the range-diff between 128 and 140-based Tor Browser, for making the review easier [tor-browser#43852]. Best, Pier [tor-browser#43852] https://gitlab.torproject.org/tpo/applications/tor-browser/-/work_items/438… [tor-browser-build#41495] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… [tor-browser-build!1212] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_re… [tor-browser-build!1232] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_re… [tor-browser-build!1242] https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_re… [wehf] https://webengineshackfest.org/

1 0

Rhatto's Monthly Status Report, June 2025
by rhatto 27 Jun '25

27 Jun '25

Hi all :) This is my monthly status report for June 2025 with the main relevant activities I have done, was involved or are related to my work during the period. * Revived Chutney functional tests: https://gitlab.torproject.org/tpo/onion-services/onionbalance/-/issues/4 Example job: https://gitlab.torproject.org/rhatto/onionbalance/-/jobs/1033518 * Ongoing sponsored work with deployment, maintenance and monitoring of Onion Services. * Also took some time to improve my workflow. -- Silvio Rhatto pronouns he/him

1 0

sajolida's report for June 2025
by sajolida 26 Jun '25

26 Jun '25

Tails ===== Merge ----- - Did an inventory of the 200+ pages in our Contribute section and discussed how to integrate with the contributors doc at Tor. (#20768) Project P165 ------------ - Released the navigation and accessibility improvements to the website. Example: https://tails.net/doc/persistent_storage/additional_software Details: https://gitlab.tails.boum.org/tails/tails/-/ - Researched and discussed changes to Tails 7.0: * Replace GNOME Terminal with GNOME Console (#20161) * Consider adopting GNOME's design for Power Off (#20960) * unar is not installed on Trixie for special RAR archives (#20946) * Consider refreshing improve-window-list-styling.diff patch (#20903) - Fixed documentation issues identified through user support: * Document better the lack of support for Apple chips (#20807) https://tails.net/install/mac/ * Document the different tools to edit PDFs (#21021) https://tails.net/doc/sensitive_documents/pdf/ * Data is not securely erased when installing (#20749) https://gitlab.tails.boum.org/tails/tails/-/commit/24fddd86 * Document Microsoft Recall (#21000) https://gitlab.tails.boum.org/tails/tails/-/commit/edb47860 - Made translations easier by simplifying ~500 wordy bits of HTML/CSS in our documentation. (#21035) - Clarified how we update our list of "UX Debt". (#20779) https://gitlab.tails.boum.org/tails/team/-/wikis/task_management/#ux-debt -- sajolida The Tor Project — UX Designer

1 0

Anti-censorship team meeting notes, 2025-06-26
by onyinyang 26 Jun '25

26 Jun '25

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-06-26-16.00.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, July 11 16:00 UTC Facilitator:shelikhoo ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator:onyinyang == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * Mid-year Tor AFK Jun 30-Jul 5, no meeting July 4 == Discussion == * Iran network situation (updates from last week) * references * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * https://github.com/net4people/bbs/issues/484 * https://ntc.party/t/network-shutdown-in-iran-since-2025-06-18/17068 * https://ioda.inetintel.cc.gatech.edu/country/IR?from=1750090308 * network is coming back so there is more information available about how/why snowflake is overloaded * broker or proxy pool is very overloaded * restricted proxy pool is totally exhausted * equal number of matched vs idle proxies * number of clients has doubled since 2025-06-20 https://metrics.torproject.org/userstats-bridge-transport.html?start=2025-0… * snowflake-01 https://metrics.torproject.org/rs.html#details/5481936581E23D2D178105D44DB6… * snowflake-02 https://metrics.torproject.org/rs.html#details/91DA221A149007D0FD9E5515F578… * community team is asking for more specific+actionable information from the anti-censorship team: not just that we need proxies, but how many proxies? how many users are there in Iran right now? the information needs to be appealing to people outside the tor community. * https://mastodon.social/@torproject/114745109066226826 outreach: "We're still in need of more #snowflake extensions to help keep Iranians connected during this critical time." * our prometheus metrics are the best source of real-time proxy usage, but they are not publicly available. could share screenshots to show the number of matched clients. * Has information on polls per country * https://snowflake-broker.torproject.net/prometheus * snowflake_rounded_client_poll_total has a "cc" field * snowflake-stats metrics in CollecTor * https://gitlab.torproject.org/tpo/community/relays/-/issues/116 "[Snowflake] We need more snowflake proxies" * we now have access to a vantage point: * investigate if snowflake is being blocked by fingerprint or listing proxies * there are reports that google might be reachable in Iran * if so maybe ampcache works and things like champa are useful for people to reach the rest of internet * https://repo.or.cz/champa.git * https://github.com/net4people/bbs/issues/485 * This did indeed work, to a very limited extent. Enough to get connected to Telegram for 10 minutes. * webtunnel bridges block in Russia * https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss… * the block seems to be SNI based * the censor is likely to be listing and blocking bridges == Actions == == Interesting links == * https://github.com/pion/webrtc/wiki/Release-WebRTC@v4.0.0#dtls-provides-hoo… == Reading group == * We will discuss "A Wall Behind A Wall: Emerging Regional Censorship in China (Henan firewall)" on June 26 * https://gfw.report/publications/sp25/en/ * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2025-06-26 Last week: - merged and deployed broker metrics rewrite (snowflake#40458) - discussed broker metrics interpretation - https://gitlab.torproject.org/dcf/snowflake-graphs/-/merge_requests/1 - reached out to new conjure bridge operator with installation instructions - monitored snowflake overload situation - opened issue to change proxy NAT reassignment (snowflake-webext#118) This week: - follow up on snowflake rendezvous failures - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2025-06-26 Last week: - reviewed snowflake-graphs MR to add client-polls data https://gitlab.torproject.org/dcf/snowflake-graphs/-/merge_requests/1 - refactoring in snowflake-graphs - support during Iran network shutdown Next week: - re-reduce snowflake broker resource allocation https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2024-06-26 Last week: - merge the contaners of rdsys and bridgestrap, the staging server is life... - investigate the changes in webtunnel used in russia to bypass censors (censorship-analisys#40064) - test snowflake proxy patch for Iran (snowflake#40465) - support grant writting Next week: - AFK Shelikhoo: 2024-06-26 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - Snowfalke Staging Server Experiment - [Deploy] Add Domain Fronting Testing Support to logcollector - [Invesgate] Meek-CDN77 stop working in China (https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/162) - Merge request reviews Next (working) Week/TODO: - Merge request reviews - Support the Testing of domain fronting sites ( https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/… ) (cont.) onyinyang: 2025-06-26 Last week(s): - Started looking into unresolved lox issues, signalling channel library - Pivoted to webtunnel distribution through telegram: -https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/158#note_3210454 -https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/merge_requests/534 Next week: Mid-year break Finish up webtunnel work on rdsys Switch back to some of these: As time allows: - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2025-06-12 Last weeks: - Applying for funding from NLnet to implement DTLS 1.3 in Pion. Got through the first round. - Writing paper for FOCI: continuation of master thesis about reducing distinguishability of DTLS in Snowflake by implementing covert-dtls, further analysis of collected browser fingerprint and stability test of covert-dtls in snowflake proxies. Draft: https://theodorsm.net/FOCI25 - Key takeaways: * covert-dtls is stable when mimicking DTLS 1.2 handshakes, while the randomization approach— though more resistant to fingerprinting — tends to be less stable. * Chrome webextensions are more unstable than standalone proxies * covert-dtls should be integrated in Snowflake proxies as they produce the ClientHello messages during the DTLS handshake. * Chrome randomizes the order of extension list. * Firefox uses DTLS 1.3 by default in WebRTC. * A prompt adoption of DTLS 1.3 in both Snowflake and our fingerprint-resistant library is needed to keep up with browsers * The evolution of browsers’ fingerprints had no noticeable effect on Snowflake’s number of daily users over the last year. * Even with a sharp drop in the amount of proxies, it does not seem to affect the number of Snowflake users. * Browser extensions make Snowflake resistant to ClientHello fingerprinting. * Standalone proxies can serve more Snowflake clients per volunteer than webextensions. * We need metrics on which types of proxies are actually being matched and successfully used by clients. Next weeks: - Getting paper camera ready. - Fix merge conflicts in MR (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Help with: - Should we do user testing of covert-dtls? Facilitator Queue: meskio onyinyang shelikhoo 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue -- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036

1 0

Changing Applications Team Meeting
by Morgan 26 Jun '25

26 Jun '25

Hi everyone, The Applications Team will no longer be holding our weekly team planning meetings in #tor-meeting on Mondays. Instead, we will be holding office-hours in #tor-meeting on Wednesdays from 1700 to 1800 UTC. Our first office-hours will be on 9 July after our break next week. We are of course also available in #tor-browser-dev throughout the work-week. See you all on the internet .o/ best, -morgan

1 0

Anti-censorship team meeting notes, 2025-06-19
by Shelikhoo 19 Jun '25

19 Jun '25

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-06-19-16.00.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, June 26 16:00 UTC Facilitator: onyinyang ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: shelikhoo == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * All Tor AFK Jun 30-Jul 5, no meeting July 4 == Discussion == * Move netlify-reflactor to team namespace * https://gitlab.torproject.org/shelikhoo/netlify-reflector/ * shelikhoo will move the repo to our team namespace * meskio will review the contents and give feedback * Iran network shutdown * https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… * https://github.com/net4people/bbs/issues/484 * https://ioda.inetintel.cc.gatech.edu/country/IR?from=1750090308 * our own vantage point is offline * there are reports that google might be reachable in Iran * if so maybe ampcache works and things like champa are useful for people to reach the rest of internet * https://repo.or.cz/champa.git == Actions == == Interesting links == * == Reading group == * We will discuss "A Wall Behind A Wall: Emerging Regional Censorship in China (Henan firewall)" on June 26 * https://gfw.report/publications/sp25/en/ * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2025-06-12 Last week: - responded to cdn77 outage - updated SQS costs https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… This week: - follow up on snowflake rendezvous failures - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2025-06-19 Last week: - helped with snowflake broker capacity https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2024-06-19 Last week: - staging server has a working webiste https://rdsys-staging.torproject.org/ (rdsys#219) - create merge requests for the rdsys containarization (rdsys!501 bridgestrap!25) - add a merge request to use netlify domain fronting in TB alpha (tor-browser!1539) - investigate the situation in snowflake and iran (snowflake#40465) - deploy snowflake proxies with a "fix" for the STUN request size Next week: - steps towards a rdsys in containers (rdsys#219) - investigate why we don't distribute webtunnel bridges over https some days (rdsys#262) Shelikhoo: 2024-06-19 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - Snowfalke Staging Server Experiment - [Merge Request Done] Add Domain Fronting Testing Support to logcollector - Merge request reviews Next Week/TODO: - Merge request reviews - Support the Testing of domain fronting sites ( https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/… ) (cont.) onyinyang: 2025-06-12 Last week(s): - Completed implementation of conjure DNS registrar - using the min transport https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - Started looking into unresolved lox issues, signalling channel library Next week: Switch back to some of these: As time allows: - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2025-06-12 Last weeks: - Applying for funding from NLnet to implement DTLS 1.3 in Pion. Got through the first round. - Writing paper for FOCI: continuation of master thesis about reducing distinguishability of DTLS in Snowflake by implementing covert-dtls, further analysis of collected browser fingerprint and stability test of covert-dtls in snowflake proxies. Draft: https://theodorsm.net/FOCI25 - Key takeaways: * covert-dtls is stable when mimicking DTLS 1.2 handshakes, while the randomization approach— though more resistant to fingerprinting — tends to be less stable. * Chrome webextensions are more unstable than standalone proxies * covert-dtls should be integrated in Snowflake proxies as they produce the ClientHello messages during the DTLS handshake. * Chrome randomizes the order of extension list. * Firefox uses DTLS 1.3 by default in WebRTC. * A prompt adoption of DTLS 1.3 in both Snowflake and our fingerprint-resistant library is needed to keep up with browsers * The evolution of browsers’ fingerprints had no noticeable effect on Snowflake’s number of daily users over the last year. * Even with a sharp drop in the amount of proxies, it does not seem to affect the number of Snowflake users. * Browser extensions make Snowflake resistant to ClientHello fingerprinting. * Standalone proxies can serve more Snowflake clients per volunteer than webextensions. * We need metrics on which types of proxies are actually being matched and successfully used by clients. Next weeks: - Getting paper camera ready. - Fix merge conflicts in MR (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Help with: - Should we do user testing of covert-dtls? Facilitator Queue: meskio onyinyang shelikhoo 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue

1 0

GitLab confidential notifications now encrypted!
by Antoine Beaupré 19 Jun '25

19 Jun '25

Summary: GitLab now encrypts outgoing email notifications on confidential issues, if your key is in LDAP, OpenPGP keys stored in GitLab will be used soon. **Table of Contents** - Announcement - Affected users - Future work - OpenPGP certificates in GitLab - OpenPGP signatures - Background - History of the confidential issue handling - TPA handling of OpenPGP certificates - OpenPGP implementation details # Announcement Anyone who has dealt with GitLab confidential issues will know this message: > A comment was added to a confidential issue and its content was > redacted from this email notification. If you found that irritating, you're not alone! Rejoice, its time is coming to an end. Starting today (around 2025-06-10 19:00UTC), we have deployed a new encryption system in the GitLab notification pipeline. If your OpenPGP certificate (or "PGP key") is properly setup in LDAP, you will instead receive a OpenPGP-encrypted email with the actual contents. No need to click through anymore! If your key is not available, nothing changes: you will still get the "redacted" messages. If you do *not* control your key, yet it's still valid and in the keyring, you *will* get encrypted email you won't be able to read. In any case, if any of those new changes cause any problems or if you need to send us an OpenPGP certificate (or update it), [file an issue][] or reach out to our [usual support channels][]. [usual support channels]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/support [file an issue]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/new We also welcome constructive feedback on the implementation, relieved thanks and other comments, either here, through the above support channels, or in the [discussion issue][]. [discussion issue]: https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/151 ## Affected users Any GitLab user subscribed to confidential issues and who is interested in not getting "redacted" emails from GitLab. ## Future work ### OpenPGP certificates in GitLab Right now, only "LDAP keys" (technically, the OpenPGP certificates `account-keyring.git` project) are considered for encryption. Only mail delivered to `(a)torproject.org` are considered as well. In the future, we hope to implement a GitLab API lookup that will allow other users to upload OpenPGP certificates through GitLab to use OpenPGP encryption for outgoing mail. This has not been implemented yet because implementing the current backend was vastly easier, but we still hope to implement the GitLab backend. ### OpenPGP signatures Mails are currently encrypted, without signature, which is [actually discouraged][]. We are considering signing outgoing mail, but this needs to be done carefully because we must handle yet another secret, rotation, expiry and so on. [actually discouraged]: https://www.ietf.org/archive/id/draft-ietf-lamps-e2e-mail-guidance-17.html#… This means, among other things, that the OpenPGP messages do not provide any sort of authentication that the message really comes from GitLab. It's still entirely possible for an attacker to introduce "fake" GitLab notifications through this system, so you should still consider notifications to be advisory. The source of truth here is the GitLab web interface. OpenPGP signatures were seen as not absolutely necessary for a first implementation of the encryption system, but may be considered in the future. Note that we do *not* plan on implementing signatures for *all* outgoing mail at the time. # Background ## History of the confidential issue handling GitLab supports "confidential issues" that are accessible only to the issue creator and users with the "reporter" role on a project. It is used to manage security-sensitive issues and any issue that contains privately identifiable information (PII). When someone creates or modifies an issue on GitLab, it sends a notification to users watching the issue. Unfortunately, those notifications are sent by email without any sort of protection. This is a long-standing issue in GitLab (e.g. [gitlab-org/gitlab#19056][], 2017) that doesn't seem to have gotten any interest upstream. [gitlab-org/gitlab#19056]: https://gitlab.com/gitlab-org/gitlab/-/issues/19056 We realized this problem shortly after the GitLab migration, in 2020 ([tpo/tpa/gitlab#23][]), at which time it wasn't clear what we could do about it. [tpo/tpa/gitlab#23]: https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/23 But a few years later (September 2022), Micah actually bit the bullet and started work on patching GitLab itself to at least *identify* confidential issues with a special header. He also provided a prototype filtering script that would *redact* (but not encrypt!) messages on the way out, which anarcat improved on and deployed in production. That was deployed in October 2023 and there were actual [fireworks][] to celebrate this monumental change, which has been working reliably for almost two years at this point. [fireworks]: https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/23#note_2951630 ## TPA handling of OpenPGP certificates We acknowledge our handling of OpenPGP keys (or "certificates") is far from optimal. Key updates require manual work and the whole thing is pretty arcane and weird, even weirder than what OpenPGP actually is, if that's even possible. We have an issue to address that technical debt ([tpo/tpa/team#29671][]) and we're considering this system to be legacy. [tpo/tpa/team#29671]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/29671 We are also aware that the keyring is severely out of date and [requires a serious audit][]. [requires a serious audit]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/31214 The hope, at the moment, is we can ignore that problem and rely on the GitLab API for users to provide key updates for this system, with the legacy keyring only used as a fallback. ## OpenPGP implementation details Programmers might be interested to know this was implemented in an existing Python script, by encrypting mail with a SOP interface ([Stateless OpenPGP][]), which simplified OpenPGP operations tremendously. [Stateless OpenPGP]: https://dkg.gitlab.io/openpgp-stateless-cli/ While SOP is not yet an adopted standards and implementations are completely solid yet, it has provided a refreshing experience in OpenPGP interoperability that actually shows great promise in the standard and its future. PGP/MIME is another story altogether: that's still an horrible mess that required crafting MIME parts by hammering butterflies into melting anvils with deprecated Python blood. But that's just a normal day at the TPA office, don't worry, everything was [PETA][] approved. [PETA]: https://en.wikipedia.org/wiki/People_for_the_Ethical_Treatment_of_Animals The implementation is available in TPA's [fabric-tasks][] repository, currently as [merge request !40][] but will be merged into the main branch once GitLab API support is implemented. [fabric-tasks]: https://gitlab.torproject.org/tpo/tpa/fabric-tasks/ [merge request !40]: https://gitlab.torproject.org/tpo/tpa/fabric-tasks/-/merge_requests/40 Follow the progress on this work in the [discussion issue][]. -- Antoine Beaupré torproject.org system administration

2 3

minutes from the sysadmins
by Antoine Beaupré 16 Jun '25

16 Jun '25

Hello! Here's a healthy dose of minutes from today's meeting. # Roll call: who's there and emergencies anarcat, lavamind, lelutin and zen present # Dashboard review ## Normal per-user check-in * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… * https://gitlab.torproject.org/groups/tpo/-/boards?scope=all&utf8=%E2%9C%93&… ## General dashboards * https://gitlab.torproject.org/tpo/tpa/team/-/boards/117 * https://gitlab.torproject.org/groups/tpo/web/-/boards * https://gitlab.torproject.org/groups/tpo/tpa/-/boards ## Second quarter wrap up https://gitlab.torproject.org/tpo/tpa/team/-/wikis/meeting/2025-04-07#first… so we have two weeks left to wrap up that plan! it's been a heck of a quarter: - trixie batch 2 is wrapping up, maybe not in june for tails - rdsys and snowflake containerization (wrapping up!) - network team test network (VM done, still "needs review") - mail monitoring improvements (stalled) - authentication merge plan (still being developed) - minio cluster in production (currently in development) - puppet merge work has definitely started, steps A-D done, E-K next? - weblate and jenkins upgrades done by next week - confidential tickets encryption - card testing defense work on donate - gitlab crawler bots defense (and publication of asncounter) ## Holidays planning We reviewed the overlaps of the vacations, and we're still okay with the planning. We want to prioritize: - trixie upgrades, batch 2 - trixie upgrades, some of batch 3 (say, maybe puppet and ganeti?) - puppet merge (zen will look at a plan / estimates) # Metrics of the month * host count: 96 * number of Apache servers monitored: 33, hits per second: 694 * number of self-hosted nameservers: 6, mail servers: 96 * pending upgrades: 98, reboots: 55 * average load: 1.77, memory available: 4.3 TB/6.5 TB, running processes: 149 * disk free/total: 68.1 TB/168.8 TB * bytes sent: 542.9 MB/s, received: 378.4 MB/s * [GitLab tickets][]: 241 tickets including... * open: 0 * icebox: 131 * roadmap::future: 45 * needs information: 4 * backlog: 25 * next: 13 * doing: 12 * needs review: 11 * (closed: 4115) * [~Technical Debt][]: 13 * projected completion time of trixie major upgrades: 2025-07-13 [Gitlab tickets]: https://gitlab.torproject.org/tpo/tpa/team/-/boards [~Technical Debt]: https://gitlab.torproject.org/groups/tpo/tpa/-/issues/?state=opened&label_n… Upgrade prediction graph lives at https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/upgrades/trixie/ Note that this is a project based on the current (fast) rate of upgrade, this will slow down and we are still aiming at completing the upgrades before the end of 2025, and certainly not by 2025-07-13. # Number of the month: 4000 We have crossed the 4000-closed-tickets mark in April! It wasn't noticed back then for some reason, but it's pretty neat! This is 2000 closed issues since we started tracking those numbers, 5 years ago. Can't wait for 9000! -- Antoine Beaupré torproject.org system administration

1 0

Anti-censorship team meeting notes, 2025-06-12
by onyinyang 12 Jun '25

12 Jun '25

Hey everyone! Here are our meeting logs: http://meetbot.debian.net/tor-meeting/2025/tor-meeting.2025-06-12-16.01.html And our meeting pad: Anti-censorship work meeting pad -------------------------------- Anti-censorship -------------------------------- Next meeting: Thursday, June 19 16:00 UTC Facilitator: shelikhoo ^^^(See Facilitator Queue at tail) Weekly meetings, every Thursday at 16:00 UTC, in #tor-meeting at OFTC (channel is logged while meetings are in progress) This week's Facilitator: onyinyang == Goal of this meeting == Weekly check-in about the status of anti-censorship work at Tor. Coordinate collaboration between people/teams on anti-censorship at the Tor Project and Tor community. == Links to Useful documents == * Our anti-censorship roadmap: * Roadmap:https://gitlab.torproject.org/groups/tpo/anti-censorship/-/boards * The anti-censorship team's wiki page: * https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/home * Past meeting notes can be found at: * https://lists.torproject.org/pipermail/tor-project/ * Tickets that need reviews: from projects, we are working on: * All needs review tickets: * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/merge_requests?s… * Project 158 <-- meskio working on it * https://gitlab.torproject.org/groups/tpo/anti-censorship/-/issues/?label_na… == Announcements == * == Discussion == * learning from the CDN77 outage * https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/161 * exposing snowflake rendezvous options in the transport selection menu * (to make it easy for someone to activate ampcache, for example, without editing bridge lines and without downloading an update) * we could bake the rendezvous option into the transport name in the dropdown menu, e.g. snowflake-cdn77, snowflake-google-amp, snowflake-amazon-sqs, ... * this could take just a couple of weeks to deploy * possible caveat: circumvention settings may rely on specific transport name labels. E.g., circumvention settings calls meek "meek-azure". * a transport-specific configuration UI (allowing to edit all options, not just the rendezvous method) would take much longer, on the order of months * and would need discussion with the UX team about whether it's even a good idea to present that sort of interface * consensus is to proceed with multiple transport labels * let's diversify our domain fronts * maybe configure some ampcache bridge by default * no ampcache bridge for now, but try to get it included as one of the rendezvous options as discussed above * was there monitoring in place that could have detected it earlier? (we noticed it about 2h after it happened) * we could add an alert in prometheus, for example check for a large drop in the number of requests (such as is visible in the graph at https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/161#note_32…) * netlify is set up now, should we move moat to it, so that snowflake rendezvous and moat are not coupled with regard to failures? * netlify for our use case seems free * 100 GB/month * moat last month used 25.1 GB (seems ok) * snowflake rendezvous used 92.4 GB (that's pretty close to being billable) * moat domain front is not that easy to change: it requires a new TB release * any way to test it before deploying it fully? * alpha only, for a while? * meskio will create an issue * what do we do with moat bridges * https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/233 * we stopped distributing moat bridges 8 months ago (with the deactivation of BridgeDB) * operators of those bridges talk about their not being used * they could be reassigned to another distributor or be used for some other purpose * but there exists the risk that they are already blocking in China and Russia * during the 2021 Tor blocking incident in Russia, meskio checked and most moat bridges were blocked there, whereas bridges of other distributors were not blocked to the same degree * a query is pending with trinity to assess the actual usage level of moat bridges * ggus suggests reassigning half of bridges to telegram, half to circumvention settings * it is so decided, meskio will work on it * also need to notify bridge operators who have manually set their bridges to moat distribution, so they can change it * distribute webtunnel bridges over telegram * https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/158 * currently: webtunnel distributed only through https and settings * community team reports user satisfaction with the telegram distributor, asks if it is possible to distribute webtunnel bridges there * a required first step is to configure rdsys to start collecting (new) webtunnel bridges for the telegram distributor * can't start distributing them until there is a sufficient number * start collecting webtunnel bridges on rdsys and see what happens? (whether there appear enough of them?) * it's also possible to temporarily increase the probability that new bridges get assigned to telegram (the probability distribution is defined by us) * either just new webtunnel bridges, or any kind of bridge (i.e. obfs4 or webtunnel) * probability ratios are not tied to transports, it's not currently possible to increase the ratio just for webtunnel * issue assigned to onyinyang == Actions == == Interesting links == * https://opencollective.com/censorship-circumvention/projects/snowflake-dail… * Snowflake usage in Turkmenistan remains elevated, though not as high as before. * https://ntc.party/t/huge-increase-in-snowflake-users-from-turkmenistan-sinc… * Asked on NTC about Snowflake users in Turkmenistan. * One user points to InviZible Pro (https://invizible.net/en/) which agrees with https://gitlab.torproject.org/tpo/community/support/-/issues/40098#note_319… * https://theodorsm.net/FOCI25 * "Fingerprint-resistant DTLS for usage in Snowflake". (draft) accepted paper to FOCI 25. Condensed master thesis of theodorsm and some further analysis. * Camera-ready deadline 2025-06-22 * Key takeaways: * covert-dtls is stable when mimicking DTLS 1.2 handshakes, while the randomization approach— though more resistant to fingerprinting — tends to be less stable. * Chrome webextensions are more unstable than standalone proxies * covert-dtls should be integrated in Snowflake proxies as they produce the ClientHello messages during the DTLS handshake. * Chrome randomizes the order of extension list. * Firefox uses DTLS 1.3 by default in WebRTC. * A prompt adoption of DTLS 1.3 in both Snowflake and covert-dtls is needed to keep up with browsers * The evolution of browsers’ fingerprints had no noticeable effect on Snowflake’s number of daily users over the last year. * Even with a sharp drop in the amount of proxies, it does not seem to affect the number of Snowflake users. * Browser extensions make Snowflake resistant to ClientHello fingerprinting. * Standalone proxies can serve more Snowflake clients per volunteer than webextensions. * We need metrics on which types of proxies are actually being matched and successfully used by clients. == Reading group == * We will discuss "A Wall Behind A Wall: Emerging Regional Censorship in China (Henan firewall)" on June 19 * https://gfw.report/publications/sp25/en/ * Questions to ask and goals to have: * What aspects of the paper are questionable? * Are there immediate actions we can take based on this work? * Are there long-term actions we can take based on this work? * Is there future work that we want to call out in hopes that others will pick it up? == Updates == Name: This week: - What you worked on this week. Next week: - What you are planning to work on next week. Help with: - Something you need help with. cecylia (cohosh): 2025-06-12 Last week: - responded to cdn77 outage - updated SQS costs https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Snowflake-co… This week: - follow up on snowflake rendezvous failures - take a look at potential snowflake orbot bug - https://github.com/guardianproject/orbot-android/issues/1183 dcf: 2025-06-12 Last week: - assisted with the CDN77 temporary outage issue https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/161 Next week: - open issue to have snowflake-client log whenever KCPInErrors is nonzero https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… - parent: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… Help with: meskio: 2024-06-12 Last week: - staging server is distributing bridges and sends emails (rdsys#219) - servers upgrade to trixie, onbasca broke, but the rest is fine - CDN77 outrage - update telegram distributor config Next week: - steps towards a rdsys in containers (rdsys#219) - investigate why we don't distribute webtunnel bridges over https some days (rdsys#262) Shelikhoo: 2024-06-12 Last Week: - [Testing] Unreliable+unordered WebRTC data channel transport for Snowflake rev2 (cont.)( https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… ) testing environment setup/research - Snowfalke Staging Server Experiment - Emergency fix of CDN77 https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/161#note_32… - Merge request reviews Next Week/TODO: - Merge request reviews - Support the Testing of domain fronting sites ( https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/… ) (cont.) - [Merge Request] Add Domain Fronting Testing Support to logcollector ( https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/… ) onyinyang: 2025-06-12 Last week(s): - Completed implementation of conjure DNS registrar - using the min transport https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/conj… - Started looking into unresolved lox issues, signalling channel library Next week: Switch back to some of these: As time allows: - review Tor browser Lox integration https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - add TTL cache to lox MR for duplicate responses: https://gitlab.torproject.org/tpo/anti-censorship/lox/-/merge_requests/305 - Work on outstanding milestone issues: - key rotation automation Later: pending decision on abandoning lox wasm in favour of some kind of FFI? https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43096) - add pref to handle timing for pubkey checks in Tor browser - add trusted invitation logic to tor browser integration: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42974 - improve metrics collection/think about how to show Lox is working/valuable - sketch out Lox blog post/usage notes for forum (long term things were discussed at the meeting!): - brainstorming grouping strategies for Lox buckets (of bridges) and gathering context on how types of bridges are distributed/use in practice Question: What makes a bridge usable for a given user, and how can we encode that to best ensure we're getting the most appropriate resources to people? 1. Are there some obvious grouping strategies that we can already consider? e.g., by PT, by bandwidth (lower bandwidth bridges sacrificed to open-invitation buckets?), by locale (to be matched with a requesting user's geoip or something?) 2. Does it make sense to group 3 bridges/bucket, so trusted users have access to 3 bridges (and untrusted users have access to 1)? More? Less? theodorsm: 2025-06-12 Last weeks: - Applying for funding from NLnet to implement DTLS 1.3 in Pion. Got through the first round. - Writing paper for FOCI: continuation of master thesis about reducing distinguishability of DTLS in Snowflake by implementing covert-dtls, further analysis of collected browser fingerprint and stability test of covert-dtls in snowflake proxies. Draft: https://theodorsm.net/FOCI25 - Key takeaways: * covert-dtls is stable when mimicking DTLS 1.2 handshakes, while the randomization approach— though more resistant to fingerprinting — tends to be less stable. * Chrome webextensions are more unstable than standalone proxies * covert-dtls should be integrated in Snowflake proxies as they produce the ClientHello messages during the DTLS handshake. * Chrome randomizes the order of extension list. * Firefox uses DTLS 1.3 by default in WebRTC. * A prompt adoption of DTLS 1.3 in both Snowflake and our fingerprint-resistant library is needed to keep up with browsers * The evolution of browsers’ fingerprints had no noticeable effect on Snowflake’s number of daily users over the last year. * Even with a sharp drop in the amount of proxies, it does not seem to affect the number of Snowflake users. * Browser extensions make Snowflake resistant to ClientHello fingerprinting. * Standalone proxies can serve more Snowflake clients per volunteer than webextensions. * We need metrics on which types of proxies are actually being matched and successfully used by clients. Next weeks: - Getting paper camera ready. - Fix merge conflicts in MR (https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow…) Help with: - Should we do user testing of covert-dtls? Facilitator Queue: meskio shelikhoo onyinyang 1. First available staff in the Facilitator Queue will be the facilitator for the meeting 2. After facilitating the meeting, the facilitator will be moved to the tail of the queue -- --- onyinyang GPG Fingerprint 3CC3 F8CC E9D0 A92F A108 38EF 156A 6435 430C 2036

1 0

User Support Report for May 2025
by ebanam 05 Jun '25

05 Jun '25

Hello everyone, Starting this month the Community team will publish one report with all updates related to our user support activities. # Summary of updates from user support ## Farsi-speaking user support - Haidi worked on localized user support for Farsi-speaking users which included but was not limited to helping users to troubleshoot, gather feedback and help with instructions to use censorship circumvention methods in Tor Browser Desktop and Android and other Tor powered apps (like Orbot and Onion Browser). * 36 tickets in total * 2 tickets on email * 34 tickets on Telegram ## Russian-speaking user support - Nina worked on reviewing, answering and processing feedback from Google Play Store comments and localized user support for Russian-speaking users which included but was not limited to helping users with instructions to use censorship circumvention methods in Tor Browser Desktop and Android and other Tor powered apps (like Orbot, Onion Browser, Tails), troubleshoot and gather user feedback. * 1138 tickets in total * 244 tickets on email * 892 tickets on Telegram * 2 tickets on Signal ## General user support - ebanam worked on Tor Browser user support related tasks prior to and after Tor Browser releases; documentation for the upcoming Tor VPN android client[0]; updated user-facing documentation in the Tor Browser User Manual and some small updates to the Support Portal and helping users in regions where Tor is censored which included but was not limited to helping users with instructions to use censorship circumvention methods that work best, troubleshoot, censorship analysis and gathering user feedback. * 708 tickets in total * 571 tickets on email * 119 tickets on Telegram * 5 tickets on WhatsApp * 13 tickets on Signal That's it for the summary, following is a more detailed report about the tickets our user support team worked on last month. # Frontdesk (email user support channel) * 844(↑) RT tickets created * 848(↑) RT tickets resolved Tickets by topics and numbers: 1. 398(↑) tickets: instructions to circumvent censorship for Chinese speaking users. 2. 244(↑) tickets: circumventing censorship in Russian speaking countries. 3. 79(↑) tickets: help with troubleshooting existing Tor Browser install on Desktop (Windows, macOS and Linux). 4. 7(↓) tickets: help with installing Tor Browser on Desktop. 5. 5(↑) tickets: help with troubleshooting existing Tor Browser install on Android. 6. 5(↑) tickets: reports of websites blocking Tor connections. 7. 3(↑) tickets: users seeing a "proxy refused" error when visiting websites on Tor Browser for Android using Samsung devices.[1] 8. 2(↑) tickets: circumventing censorship with Tor in Farsi. 9. 2(↑) tickets: queries from Tor relay operators. 10. 1(↓) ticket: reports of fake apps on iOS AppStore masquerading as official Tor Browser. 11. 1(↓) ticket: questions about onion services and how to access them. 12. 1(↑) ticket: question about contributing to Tor. 13. 1(-) ticket: helping users on iOS, using Onion Browser or Orbot, to use censorship circumvention methods. 14. 1(↑) ticket: help with using Snowflake with Tor to circumvent censorship. 15. 1(-) ticket: help with instructions to use bridges with Orbot. 16. 1(↑) ticket: false positive with anti-virus software when using Tor Browser. 17. 1(↑) ticket: Tor Forum account deletion request. # Telegram, WhatsApp and Signal user support channels * 1128(↑) tickets resolved Breakdown: * 1103(↑) tickets on Telegram * 9(↓) tickets on WhatsApp * 16(↓) tickets on Signal Tickets by topics and numbers: 1. 892(↑) tickets: circumventing censorship in Russian speaking countries. 2. 40(↓) tickets: instructions to circumvent censorship for Chinese speaking users. 3. 34(↓) tickets: circumventing censorship with Tor in Farsi. 4. 22(↑) tickets: helping users on iOS, using Onion Browser or Orbot, to use censorship circumvention methods. 5. 18(↑) tickets: instructions to use WebTunnel pluggable transport with Tor Browser. 6. 17(↑) tickets: help with troubleshooting Tor Browser Android. 7. 17(↑) tickets: instructions on how to get Tor Browser binaries from GetTor. 8. 11(-) tickets: help with troubleshooting Tor Browser Desktop on Windows, macOS and Linux. 9. 7(↑) tickets: help with instructions to use bridges with Tails. 10. 5(↑) tickets: help with instructions to use bridges with Orbot. 11. 3(↓) tickets: questions about onion services and how to access them. 12. 3(↑) tickets: users seeing a "proxy refused" error when visiting websites on Tor Browser for Android using Samsung devices. 13. 2(↑) tickets: reports of fake apps on iOS AppStore masquerading as official Tor Browser. 14. 1(↑) ticket: help with using Snowflake with Tor to circumvent censorship. # Highlights from the Tor Forum * General questions about verifying Tor Browser GPG signature.[2] * Tor Browser and false positives with anti-virus software.[3] * Bridges website hitting an error while fetching bridges with WebTunnel pluggable transport.[4] * Discussion about using Onion Browser and Orbot on iOS.[5] # Highlights from Google Play Store * Tor Browser for Android had a Google Play rating of 4.407 (↓0.009) stars in May, lower as compared to April 25. * In May, Tor Browser for Android (TBA) received 699 (↑74) new reviews. With the total count of reviews for the app standing at 62,556. * Tor Browser for Android Alpha (TBA - Alpha) had a rating of 4.198 (↓0.015) stars in May, lower as compared to April 25. * In May, Tor Browser for Android Alpha (TBA - Alpha) received 33 (↓12) new reviews. With the total count of reviews for the app standing at 8,574. Last month, the major complaints we got about Tor Browser for Android were related to Tor Browser's browsing speed[6]. We got over 40 comments about the browser being extremely slow from users who are not located in regions where Tor is censored. Note: (↑), (↓) and (-) are indicating if the number of tickets we received for these topics have been increasing, decreasing or have been the same from the previous month respectively. Thanks! -- ebanam (on behalf of the Community Team) [0]: https://gitlab.torproject.org/tpo/web/support/-/issues/370 [1]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42714 [2]: https://forum.torproject.org/t/verifying-tor-browser-some-general-questions… [3]: https://forum.torproject.org/t/malware-infected-version-of-tor/18877 [4]: https://forum.torproject.org/t/cant-get-webtunnel-bridges/18803 [5]: https://forum.torproject.org/t/what-is-the-most-secure-way-to-use-onion-bro… [6]: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43841

1 0