tails issueshttps://gitlab.tails.boum.org/tails/tails/-/issues2024-03-27T14:24:49Zhttps://gitlab.tails.boum.org/tails/tails/-/issues/20278Consider disabling Nvidia shader cache2024-03-27T14:24:49ZgroenteConsider disabling Nvidia shader cacheWhile working on #20261 i noticed back in November the Tor folks added the following line to their start-browser script:
``export __GL_SHADER_DISK_CACHE=0``
But this doesn't seem to be reflected in our tor-browser.sh script. Perhaps it...While working on #20261 i noticed back in November the Tor folks added the following line to their start-browser script:
``export __GL_SHADER_DISK_CACHE=0``
But this doesn't seem to be reflected in our tor-browser.sh script. Perhaps it should?
For more info, see https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f72fe52817c9a5eb990a7e070d9b94a369030c8fTails_6.2anonymanonymhttps://gitlab.tails.boum.org/tails/tails/-/issues/20265iBus input switcher in GNOME top bar is hidden while a password input field h...2024-03-14T20:40:52ZmelteddolliBus input switcher in GNOME top bar is hidden while a password input field has the focus in Tor BrowserThis is about the "en" button in the top bar, next to the user menu. It comes back once something else is focused. If I focus a non-password text input field in Tor Browser, such as the search box on our website, the exact same warnings ...This is about the "en" button in the top bar, next to the user menu. It comes back once something else is focused. If I focus a non-password text input field in Tor Browser, such as the search box on our website, the exact same warnings appear in the Journal, but the iBus input selection widget remains visible.
I can reproduce the problem with the Unsafe Browser. But I can't reproduce the problem in few other password fields that I've tried: GNOME Disks, KeePassXC. So it might be specific to Firefox.
On Tails 5.x we don't display that widget when using the default (English US) keyboard layout. And even if I choose a non-default layout in the Welcome Screen, I can't reproduce the bug.
On my sid I can't reproduce this in Tor Browser nor in Chromium.
Somewhat similar/related issues:
- https://askubuntu.com/questions/1214208/input-language-switching-in-password-fields
- https://bugs.launchpad.net/ubuntu-gnome/+bug/1566357
# Original report
Tails 6.0 has an easily reproducible bug where when you click in the “password” box on just about any website, to register or login, the “en” in the top right panel part of the screen will disappear and the following error is shown in ‘journalctl’ and repeats:[1]
amnesia gnome-shell[#####]: The XKEYBOARD keymap compiler (xkbcomp) reports:
amnesia gnome-shell[#####]: > Warning: Unsupported maximum keycode 708, clipping.
amnesia gnome-shell[#####]: > X11 cannot support keycodes above 255.
amnesia gnome-shell[#####]: Errors from xkbcomp are not fatal to the X server
[1] removed date/time and numbers in boxes
When one then clicks anywhere else outside of the password box, the “en” reappears in the panel at the top right.
###
What wasn't tested: I didn't try testing this with another language other than English so I don't know whether or not other languages are impacted.
###
= There is a forum thread about this:
https://forum.torproject.org/t/tails-6-0-bug-clicking-in-password-boxes-on-websites-causes-en-in-panel-to-disappear/11867https://gitlab.tails.boum.org/tails/tails/-/issues/20260(Security bypass) WebGL runs on the Safer security level in some situations2024-03-12T02:05:25Zcypher punks(Security bypass) WebGL runs on the Safer security level in some situationsI think I've accidentally discovered a WebGL bypass in Tor Browser. It allows running WebGL code even if the security level is set "Safer". I can't find a minimal way to reproduce it 100% of the time, but these steps seem to work:
1. Se...I think I've accidentally discovered a WebGL bypass in Tor Browser. It allows running WebGL code even if the security level is set "Safer". I can't find a minimal way to reproduce it 100% of the time, but these steps seem to work:
1. Set the security level to Safer.
2. Upload some file to https://wormhole.app/.
3. Copy the download link that it creates onto a paste website like https://bpa.st/.
4. Highlight the plaintext link with your cursor, right-click, and click "Open link in new tab".
Expected behavior: The website loads with a click-to-play option for WebGL.
Actual behavior: A distracting Doctor Who-esque WebGL-powered swirling wormhole animation plays in the background. This does NOT happen if the link is opened any other way (such as being pasted into the URL bar or clicked as hyperlink) or if webgl.disabled is set to true in about:config.
This doesn't always happen, and it doesn't seem to happen with any other WebGL-enabled sites that I've seen, but the fact that it ever happens when WebGL is disabled via the security level is a problem. It also only seems to happen when opening a download link in a new tab and can't be triggered on the front page.
I can do a screen recording of myself triggering the issue if it is necessary.https://gitlab.tails.boum.org/tails/tails/-/issues/20187Close Tor Connection when the user clicks *Start Tor Browser*2024-02-07T17:59:37Zsajolidasajolida@pimienta.orgClose Tor Connection when the user clicks *Start Tor Browser*Credits: @segfault in https://gitlab.tails.boum.org/tails/tails/-/issues/19603#note_225818.
It would mitigate #19603 in this important scenario. After Tails connected to Tor, the *Tor Connection* window is a bit garbage and users would ...Credits: @segfault in https://gitlab.tails.boum.org/tails/tails/-/issues/19603#note_225818.
It would mitigate #19603 in this important scenario. After Tails connected to Tor, the *Tor Connection* window is a bit garbage and users would close it anyway.https://gitlab.tails.boum.org/tails/tails/-/issues/20144Stop using tails-documentation2024-01-24T10:31:37ZboyskaStop using tails-documentationSince !1341, we don't need `tails-documentation` anymore. It's just legacy.
This issue tracks its removal from every use case we have until we can actually remove it altogether.
A good reason to do this is to avoid using `tails-documen...Since !1341, we don't need `tails-documentation` anymore. It's just legacy.
This issue tracks its removal from every use case we have until we can actually remove it altogether.
A good reason to do this is to avoid using `tails-documentation` more often than it is right now.https://gitlab.tails.boum.org/tails/tails/-/issues/20119New Identity yields default Tor Browser home page2024-01-08T10:57:03ZNathan BrooksNew Identity yields default Tor Browser home page# Description
If I click "New Identity" in Tor Browser, the newly (re)opened window shows the default Tor Browser homepage, with a DuckDuckGo search widget.
# Original report
address is same https://tails.net/home/index.en.html
but i...# Description
If I click "New Identity" in Tor Browser, the newly (re)opened window shows the default Tor Browser homepage, with a DuckDuckGo search widget.
# Original report
address is same https://tails.net/home/index.en.html
but if you launch browser using Tor Connection than it is live page against an offline version when using New identity button which throws the (managed by Tails) banner page.
why two?https://gitlab.tails.boum.org/tails/tails/-/issues/20053Allow loading websites without any images or videos in Tor Browser2023-12-18T11:13:12Zsajolidasajolida@pimienta.orgAllow loading websites without any images or videos in Tor BrowserDuring the interviews for #19472, a journalist who uses Tails to investigate sexual violence asked me whether we could have a tool that would allow loading websites without displaying any image, for both legal and mental health purposes....During the interviews for #19472, a journalist who uses Tails to investigate sexual violence asked me whether we could have a tool that would allow loading websites without displaying any image, for both legal and mental health purposes. That would also be interesting to people like [Daniel](https://tails.net/contribute/how/user_experience/interviews/daniel/).
Could there be an option or tweak in Tor Browser to allow this?https://gitlab.tails.boum.org/tails/tails/-/issues/20039Use more Dogtail in Unsafe Browser scenarios2023-11-15T09:25:56ZanonymUse more Dogtail in Unsafe Browser scenariosRecently new translations have broken Unsafe Browser scenarios since they have affected some reference images, so here we would benefit from using Dogtail instead. Furthermore, since we have migrated to Wayland and we can use Dogtail for...Recently new translations have broken Unsafe Browser scenarios since they have affected some reference images, so here we would benefit from using Dogtail instead. Furthermore, since we have migrated to Wayland and we can use Dogtail for the Unsafe Browser there are quite some steps we could consolidate so they work for all browsers.https://gitlab.tails.boum.org/tails/tails/-/issues/19892Disable showTorWarning in tor browser2023-07-20T21:17:30ZboyskaDisable showTorWarning in tor browserAs suggested by a user, this isn't really relevant in Tails.
Steps to reproduce:
1. Download a file from website (e.g. KeePassXC signature)
2. Click the 'Download Queue' button in the right corner.
Then, a message says "
Be careful ope...As suggested by a user, this isn't really relevant in Tails.
Steps to reproduce:
1. Download a file from website (e.g. KeePassXC signature)
2. Click the 'Download Queue' button in the right corner.
Then, a message says "
Be careful opening downloads
Some files may connect to the internet when opened without using Tor. To be safe, open files while offline or use a portable operating system like Tails."
To disable this, the right option is `browser.download.showTorWarning`https://gitlab.tails.boum.org/tails/tails/-/issues/19694Start Tor Browser button opens multiple browser windows instead of using alre...2023-06-20T10:14:06ZNathan BrooksStart Tor Browser button opens multiple browser windows instead of using already opened one.This behavior of opening multiple windows instead of getting the first already spawned browser window to user can cause confusion as users might think that they are opening a completely new window meaning a new and a separate session ent...This behavior of opening multiple windows instead of getting the first already spawned browser window to user can cause confusion as users might think that they are opening a completely new window meaning a new and a separate session entirely creating a privacy issue. instead a blank tab in current default homepage window can be made to appear or maybe some type of highlight over this first browser window border to alert user that they have already opened it.
To reproduce keep hitting the Start Tor Browser button.https://gitlab.tails.boum.org/tails/tails/-/issues/19603No spinner over another app when starting an app2024-02-09T14:21:42Zsajolidasajolida@pimienta.orgNo spinner over another app when starting an appAffecting especially, the **Start Tor Browser** button in *Tor Connection*. This loading is very long and we need some feedback here.
This worked (kind of) in 4.20 with #18358 but broke again since then.
### User research findings
- D...Affecting especially, the **Start Tor Browser** button in *Tor Connection*. This loading is very long and we need some feedback here.
This worked (kind of) in 4.20 with #18358 but broke again since then.
### User research findings
- During #18648, all 4 participants hammered the "Start Tor Browser" button several times because it gave no visual feedback.https://gitlab.tails.boum.org/tails/tails/-/issues/19465VPN browser2023-08-15T17:20:21Zsajolidasajolida@pimienta.orgVPN browserWe could have another browser in Tails that uses a VPN instead of Tor. The rest of the Tails would keep using Tor only.
Blueprint: https://gitlab.tails.boum.org/tails/blueprints/-/wikis/VPN-supportWe could have another browser in Tails that uses a VPN instead of Tor. The rest of the Tails would keep using Tor only.
Blueprint: https://gitlab.tails.boum.org/tails/blueprints/-/wikis/VPN-supporthttps://gitlab.tails.boum.org/tails/tails/-/issues/19443Sandboxed applications can use IBus without IBus proxy2023-02-13T13:58:54ZsegfaultSandboxed applications can use IBus without IBus proxySee https://gitlab.tails.boum.org/tails/tails/-/merge_requests/1033#note_203182See https://gitlab.tails.boum.org/tails/tails/-/merge_requests/1033#note_203182https://gitlab.tails.boum.org/tails/tails/-/issues/19408Use desktop portals in Tor Browser2024-02-23T15:32:42ZsegfaultUse desktop portals in Tor Browser[[_TOC_]]
# Rationale
Using [desktop portals](https://github.com/flatpak/xdg-desktop-portal) in Tor Browser allows users to open files which Tor Browser usually doesn't have access to (#10422) and provides better integration into the d...[[_TOC_]]
# Rationale
Using [desktop portals](https://github.com/flatpak/xdg-desktop-portal) in Tor Browser allows users to open files which Tor Browser usually doesn't have access to (#10422) and provides better integration into the desktop via other portal interfaces like the [settings interface](https://flatpak.github.io/xdg-desktop-portal/#gdbus-org.freedesktop.portal.Settings) (see #19328).
We have a working PoC (actually two: one which fakes some things to make the portal service and Tor Browser think it's running in a flatpak and one which actually runs Tor Browser in a flatpak) to run Tor Browser with portals.
# Things outside of our control (upstream)
## Regressions
* Opening the file chooser dialog again opens it in `/run/user/1000/doc/${some hash}/`
* Upstream ticket: https://bugzilla.mozilla.org/show_bug.cgi?id=1775497
## Not regressions but unfortunately not fixed by portals (yet)
* drag&drop from directories other than the Tor Browser directories doesn't work. it's not implemented upstream.
* Implemented in GTK 4, will probably not be backported to GTK 3: https://github.com/flatpak/xdg-desktop-portal/issues/99#issuecomment-565264246
* If you try to save a page outside of Tor Browser, it will sometimes fail. If you retry, it will succeed. Not a regression, because we can't do that in Tails currently anyway.
* Reproducible with the official Firefox Flatpak.
* Filed upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1814851
* Does not affect regular downloads, just "Save Page".
# Things under our control
## Regressions
* ~~Opening a web page via double-click on nautilus fails.~~
* Works on `10422-portals-in-tor-browser` and `10422-tor-browser-in-flatpak` as long as the file is accessible by Tor Browser. When it's not accessible by Tor Browser it's not a regression.
* Firefox in Flatpak seems to use the document portal to access arbitrary files -> We might be able to get that to work in Tor Browser too
* ~~Also `/usr/local/bin/tails-documentation`~~
* `tails-documentation` actually works as expected on `10422-portals-in-tor-browser` and `10422-tor-browser-in-flatpak`
# User-visible improvements
* They can now open/save file in every place of $HOME (saving might require retrying) (#10422)
* Settings like the window manager's button layout (minimize maximize buttons) are respected (#19328)
* Whatever other portals Tor Browser uses (not clear)
# FT-visible improvements
* Less NIH: we will get rid of most our own code to sandbox applications (and still allow them access to the resources which they do need access to)
* Probably avoid bugs like #18485, which we suspect is caused by buggy D-Bus proxy handling on our side. Things like that would be taken over by Flatpak.
* `flatpak` has a nice debugging interface, much nicer than what we have now
* In perspective, Flatpak will allow us to restrict AppArmor more → more security, but not now.
* In perspective, Flatpak is a "requirement" to ship Signal #14567
# Archive
Copied from #10422:
> *Originally created by @sajolida on [#10422 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/10422)*
>
> In https://mailman.boum.org/pipermail/tails-ux/2015-September/000645.html we’re been discussing the idea of granting Tor Browser access to files if and only if the user decide to open or otherwise access it.
>
> This would improve on the current control access policy based on a set of folders (/Tor Browser and /Persistent/Tor Browser). This idea is inspired by “Guidelines and Strategies for Secure Interaction Design” by Ka-Ping Yee and also seems to be of interest to GNOME as “Implicit permission grants from interactive operations”:
>
> https://mail.gnome.org/archives/gnome-os-list/2015-March/msg00010.html
>
> We should follow-up on the plans of GNOME regarding this but there’s not much we can do ourselves for the time being.
>
> Existing WIP and discussions:
>
> * https://trac.torproject.org/projects/tor/ticket/25578
> * https://github.com/flathub/flathub/pull/1135
> * https://github.com/micahflee/torbrowser-launcher/issues/407
> * https://bugzilla.redhat.com/show_bug.cgi?id=1731284
> * https://discussion.fedoraproject.org/t/tor-browser-on-silverblue/2032/12
>
> Blueprints:
>
> * Blueprint: https://tails.boum.org/blueprint/Linux_containers/
> * https://tails.boum.org/contribute/design/application_isolation/
>
> Parent Task: tails/tails#15678https://gitlab.tails.boum.org/tails/tails/-/issues/19405Tor Browser: Use Unix socket instead of special network namespace2023-07-07T13:10:51ZsegfaultTor Browser: Use Unix socket instead of special network namespaceUsing a Unix socket instead of a TCP port allows us to restrict access to the socket via the filesystem instead of a special network namespace, which is a lot easier.
Upstream issue: https://gitlab.torproject.org/tpo/applications/tor-br...Using a Unix socket instead of a TCP port allows us to restrict access to the socket via the filesystem instead of a special network namespace, which is a lot easier.
Upstream issue: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41872segfaultsegfaulthttps://gitlab.tails.boum.org/tails/tails/-/issues/19328Tor Browser and Unsafe Browser have no minimize & maximize buttons in the win...2023-12-25T14:17:40ZintrigeriTor Browser and Unsafe Browser have no minimize & maximize buttons in the window titlebarRegression in 5.8 (wb:b841a57a2e3b3d4752a73c974a75e3c5). I suppose that's because we run them as native Wayland apps, so they're responsible for CSD (client-side decoration).
It looks like Firefox tries to honor the system config regard...Regression in 5.8 (wb:b841a57a2e3b3d4752a73c974a75e3c5). I suppose that's because we run them as native Wayland apps, so they're responsible for CSD (client-side decoration).
It looks like Firefox tries to honor the system config regarding titlebar content:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1432090
- `git grep -E 'button-layout|gtk-decoration-layout'` in the Firefox Git repo
Could it be that we block its access to said system config?
### User research findings
- This issue has been pretty loud on our Help Desk since it 5.8.
- During #18648, 3 out of 4 participants wanted to minimize Tor Browser and complained about the lack of minimize button. None of them found the workaround.
### Workaround
Both operations are accessible from the window list.
![Screenshot_from_2022-12-23_15-52-22](/uploads/a816071fd267aa161f5a3a094489071f/Screenshot_from_2022-12-23_15-52-22.png)segfaultsegfaulthttps://gitlab.tails.boum.org/tails/tails/-/issues/19274WebAuthn (aka. Passkey) doesn't work in Tor Browser2024-02-20T11:17:54ZGhost UserWebAuthn (aka. Passkey) doesn't work in Tor BrowserI tried to enable security.webauth.webauthn and security.webauth.webauthn_enable_softtoken, but still no success.I tried to enable security.webauth.webauthn and security.webauth.webauthn_enable_softtoken, but still no success.https://gitlab.tails.boum.org/tails/tails/-/issues/19266"Large text" accessibility feature does not apply to Tor Browser since 5.8~beta12023-06-12T08:54:37Zintrigeri"Large text" accessibility feature does not apply to Tor Browser since 5.8~beta1https://gitlab.tails.boum.org/tails/tails/-/issues/19254Remove the `tor-browser` shortcut from the sidebar in Tor Browser2023-05-09T18:03:24Zsajolidasajolida@pimienta.orgRemove the `tor-browser` shortcut from the sidebar in Tor BrowserIt adds to the big confusion when saving downloads because it returns no error message unlike the other folders.
See #15678.
![Screenshot_from_2022-11-03_14-41-56](/uploads/be27842a3cea66d87bc9507226eba009/Screenshot_from_2022-11-03_14...It adds to the big confusion when saving downloads because it returns no error message unlike the other folders.
See #15678.
![Screenshot_from_2022-11-03_14-41-56](/uploads/be27842a3cea66d87bc9507226eba009/Screenshot_from_2022-11-03_14-41-56.png)https://gitlab.tails.boum.org/tails/tails/-/issues/19164Don't display offline warning of Tor Browser when opening local doc2022-10-12T11:06:34Zsajolidasajolida@pimienta.orgDon't display offline warning of Tor Browser when opening local docDuring #18762, P4 got the offline warning of Tor Browser when opening it from the Unsafe Browser warning to browse the local doc.During #18762, P4 got the offline warning of Tor Browser when opening it from the Unsafe Browser warning to browse the local doc.