[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor Weekly News â February 11th, 2015



========================================================================
Tor Weekly News                                      February 11th, 2015
========================================================================

Welcome to the sixth issue in 2015 of Tor Weekly News, the weekly
newsletter that covers whatâs happening in the community around Tor,
âyour online an-onionising softwareâ [1].

  [1]: https://theconversation.com/tor-the-last-bastion-of-online-anonymity-but-is-it-still-secure-after-silk-road-35395

The 2015 Tor UX Sprint
----------------------

Many open-source privacy tools struggle with questions of usability: so
much effort goes into ensuring they are secure that few resources are
left over to work on the user experience. But as Linda Lee and David
Fifield write [2], âusability is critical to securityâ: user interface
issues âcan degrade user experience, cause confusion, or even cause
people to accidentally deanonymize themselvesâ.

To explore, and hopefully solve, some of these problems, a group of Tor
developers, designers, users, and researchers met [3] at UC Berkeley at
the start of the month. As part of the weekend, users were asked to walk
through the process of installing and running Tor Browser, noting aloud
their assumptions and reactions as they went.

Issues and âstopping pointsâ (where users find the process too difficult
to continue) discovered during these sessions were noted, and have been
assigned tickets on Torâs bug tracker [4]. For more details of the event
and its outcomes, please see Linda and Davidâs post; âif you are
interested in helping to improve the usability of Tor Browser, get in
touch by email or IRCâ.

  [2]: https://blog.torproject.org/blog/ux-sprint-2015-wrapup
  [3]: https://trac.torproject.org/projects/tor/wiki/org/meetings/2015UXsprint
  [4]: https://trac.torproject.org/projects/tor/query?keywords=~uxsprint2015

Tor and the Library Freedom Project
-----------------------------------

As Tor Weekly News reported last September [5], Massachusetts librarian
and activist Alison Macrina has been leading a campaign to educate
colleagues and library patrons on the state of digital surveillance and
the use of privacy-preserving software such as Tor and Tails. As Alison
and April Glaser wrote at the time, âlibraries provide access to
information and protect patronsâ right to explore new ideas, no matter
how controversial or subversiveâ [6].

These initial workshops formed the basis for the Library Freedom
Project [7], which has just received [8] a grant from the Knight
Foundation to expand its activities beyond the New England region. In a
guest post on the Tor blog [9], Alison introduced the project, the
motivations behind it, and its plans for the next few years, as well as
suggesting some possible areas for collaboration with the Tor community
in the future: âOne specific way that librarians can help the Tor
Project is with usability issues â we have lots of experience helping
ordinary users with common usability problems [â] Librarians can also
run dev sprints, help update documentation, and generally advocate for
tools that help safeguard privacy and anonymity.â

For more information on the Library Freedom Project, or to propose your
own ideas, please see the projectâs website. Thanks to Alison and
colleagues for this important work!

  [5]: https://lists.torproject.org/pipermail/tor-news/2014-September/000063.html
  [6]: http://boingboing.net/2014/09/13/radical-librarianship-how-nin.html
  [7]: https://libraryfreedomproject.org/
  [8]: http://www.knightfoundation.org/grants/201450256/
  [9]: https://blog.torproject.org/blog/guest-post-library-freedom-project-bringing-privacy-and-anonymity-libraries

Vidalia laid to rest
--------------------

Now that Vidalia, the graphical user interface for Tor, has been
completely unmaintained âfor too long to be a recommended solutionâ,
Sebastian Hahn has removed [10] the last links to Vidalia-related
content from the Tor Project website. If you are still using a version
of Tor Browser (outside of Tails) that contains Vidalia, it is almost
certainly too old to be safe, so please upgrade as soon as possible.

Vidalia is still shipped in the latest version of Tails, however, so the
Tails team has been working [11] on a simple interface [12] to replace
one of the most-missed features of the defunct program, the circuit
visualization window. The Tor Browser team have already implemented a
similar per-site circuit diagram [13] in the current 4.5-alpha series,
so there should soon be no reason at all for users to continue
controlling their Tor through Vidalia.

 [10]: https://lists.torproject.org/pipermail/tor-talk/2015-February/036833.html
 [11]: https://mailman.boum.org/pipermail/tails-dev/2015-February/008066.html
 [12]: http://git.tails.boum.org/alan/tor-monitor/
 [13]: https://bugs.torproject.org/8641

More monthly status reports for January 2015
--------------------------------------------

The wave of regular monthly reports from Tor project members for the
month of January continued, with reports from George Kadianakis [14],
Pearl Crescent [15], Michael Schloh von Bennewitz [16], Nick
Mathewson [17], Karsten Loesing [18], and Arlo Breault [19].

Mike Perry reported on behalf of the Tor Browser team [20], and George
Kadianakis sent out the report for SponsorR [21].

 [14]: https://lists.torproject.org/pipermail/tor-reports/2015-February/000754.html
 [15]: https://lists.torproject.org/pipermail/tor-reports/2015-February/000755.html
 [16]: https://lists.torproject.org/pipermail/tor-reports/2015-February/000756.html
 [17]: https://lists.torproject.org/pipermail/tor-reports/2015-February/000757.html
 [18]: https://lists.torproject.org/pipermail/tor-reports/2015-February/000758.html
 [19]: https://lists.torproject.org/pipermail/tor-reports/2015-February/000761.html
 [20]: https://lists.torproject.org/pipermail/tor-reports/2015-February/000759.html
 [21]: https://lists.torproject.org/pipermail/tor-reports/2015-February/000760.html

Miscellaneous news
------------------

George Kadianakis linked [22] to the technical report produced by the
team working on statistics related to the amount of hidden service usage
on the Tor network; Karsten Loesing added [23] some more information
regarding the fraction of network activity this represents. These are
advanced calculations, so if youâre not experienced in data science but
want to know more about this topic, the team will be back shortly with a
more âcasual-reader-friendlyâ analysis of the results.

 [22]: https://lists.torproject.org/pipermail/tor-dev/2015-February/008228.html
 [23]: https://lists.torproject.org/pipermail/tor-dev/2015-February/008249.html

âFresh off a round of real-world intensive testing and debugging using
spotty 2.5G coverage in the foothills of the Himalayasâ, Nathan Freitas
of the ever-intrepid Guardian Project announced [24] the first release
candidate for version 14.1 of ChatSecure, the âmost privateâ messaging
client for Android and iOS, featuring numerous improvements to
usability, stability, and network handling. Please see Nathanâs
announcement for the full changelog.

 [24]: https://lists.mayfirst.org/pipermail/guardian-dev/2015-February/004192.html

Nathan also shared [25] a âvery earlyâ incarnation of PLUTO, âa
simplified means for developers to include traffic obfuscation
capabilities into their applicationsâ with initial support for obfs4 and
meek. âWe think many apps could utilize this approach to defeat DPI
filtering, and that this would be useful to offer decoupled from the way
Tor integrates itâ.

 [25]: https://lists.mayfirst.org/pipermail/guardian-dev/2015-February/004183.html
 
David Fifield posted a tutorial [26] for configuring the meek pluggable
transport to work with hard-to-block HTTPS websites interested in
helping censored Tor users, rather than the large content delivery
networks it currently uses, along with the regular summary [27] of the
costs incurred by meekâs infrastructure last month: âmeek has so far
been a smashing success. Itâs the #2 pluggable transport behind obfs3
and it moved over 5 TB of traffic last month. But the costs are starting
to get serious.â If you have ideas for supporting this vitally important
anti-censorship tool, please see Davidâs message for more details.

 [26]: https://lists.torproject.org/pipermail/tor-dev/2015-February/008239.html
 [27]: https://lists.torproject.org/pipermail/tor-dev/2015-February/008235.html

Also in meek news, Across The Great FireWall published [28] a
Chinese-language introduction to the concepts underpinning this
pluggable transport. Other resources (in Chinese and other languages)
are listed on the wiki [29].

 [28]: http://www.atgfw.org/2015/02/torgfwpk1-meektor.html
 [29]: https://trac.torproject.org/projects/tor/wiki/doc/meek#Quickstart

Nick Mathewson took to the Tor blog [30] to explain exactly what Tor
design proposals are for and how they are written, and offered status
updates (and review recommendations) [31] for some new and still-open
proposals.

 [30]: https://blog.torproject.org/blog/tor-design-proposals-how-we-make-changes-our-protocol
 [31]: https://gitweb.torproject.org/torspec.git/tree/proposals/proposal-status.txt

Nick also asked [32] relay operators to contribute their advice to a
relay hardening guide [33] that could be shipped with Tor.

 [32]: https://lists.torproject.org/pipermail/tor-relays/2015-February/006358.html
 [33]: https://bugs.torproject.org/13703

Arturo Filastà asked for help [34] in coming up with a roadmap for the
future of the Open Observatory of Network Interference, asking for
opinions on a range of possible development, deployment, and research
projects. Feel free to let the ooni-dev list know which of the ideas
catches your attention.

 [34]: https://lists.torproject.org/pipermail/ooni-dev/2015-February/000246.html

After soliciting feedback [35] on including newer pluggable transports
in Tails, the Tails team decided [36] to focus on obfs4 and then
(âtentativelyâ) meek for upcoming versions of the anonymous live
operating system.

 [35]: https://lists.torproject.org/pipermail/tor-talk/2015-January/036549.html
 [36]: https://mailman.boum.org/pipermail/tails-dev/2015-February/008069.html

Tom âTvdWâ van der Woerdt wrote a detailed report [37] on his experience
implementing a Tor client from scratch in the Go programming language,
following Torâs specification document. One instance of âGoTorâ briefly
broke the Tor relay speed record with 250 megabytes/second, but Tom
ultimately decided that Go isnât the right language for such a thing, as
its library support doesnât make it easy enough to do. Thanks to Tom for
running the experiment, and catching some specification errors in the
process!

 [37]: http://www.tvdw.eu/blog/2015/01/24/implementing-a-tor-relay-from-scratch/

Even though Tor Browser is not vulnerable to the recent WebRTC IP attack
proof-of-concept [38], Mike Perry nevertheless invited [39] âinterested
parties to try harder to bypass Tor in a stock Firefox using WebRTC and
associated protocols (RTSP, SCTP) with media.peerconnection.enabled set
to falseâ, before a plan to enable WebRTC-based QRCode bridge address
resolution and sharing in Tor Launcher [40] is implemented.

 [38]: https://github.com/diafygi/webrtc-ips
 [39]: https://lists.torproject.org/pipermail/tor-talk/2015-February/036845.html
 [40]: https://bugs.torproject.org/14837

Shadow, the tool by Rob Jansen that allows full Tor network simulation,
now has a new website [41]. As Rob wrote [42]: âThe new website still
uses the Jekyll engine, and is a stripped down customized version of the
open source SOLID theme. Please send me feedback if you have it.â

 [41]: https://shadow.github.io
 [42]: http://mailman.cs.umn.edu/archives/shadow-dev/2015-February/000081.html

Jillian York of the EFF discussed [43] the problems of over-reliance on
US government funding â and the dearth of other funding streams â for
anti-surveillance tools, including Tor.

 [43]: http://jilliancyork.com/2015/02/06/there-are-other-funding-options-than-the-usg/

Seven of the eleven activists arrested last year in Spain for, amongst
other things, having had email accounts with the technical collective
Riseup â longtime Tor allies and operators of one of the directory
authorities [44] â have been released from prison [45]. As Riseup
wrote [46] following the arrests, âsecurity is not a crimeâ: âGiving up
your basic right to privacy for fear of being flagged as a terrorist is
unacceptable.â

 [44]: https://lists.torproject.org/pipermail/tor-news/2014-November/000073.html
 [45]: https://www.accessnow.org/blog/2015/01/20/spain-targets-vulnerable-users-on-eve-of-review-at-un-human-rights-council
 [46]: https://help.riseup.net/en/about-us/press/security-not-a-crime

Easy development tasks to get involved with
-------------------------------------------

Two problems confronting Mac users who want to download Tor Browser are
the âdisk imageâ format and Appleâs Gatekeeper security system. If these
users try to run Tor Browser directly from the disk image window that
opens after downloading, they will receive an error telling them
âFirefox is already runningâ, and if they correctly move the program to
the Applications folder, Gatekeeper will prevent them from running it
directly anyway.

If you have access to a machine running the latest version of Mac OS X,
and want to spend ten minutes making life easier for Tor users, the Tor
Browser download page [47] would benefit from screenshots showing users
how to drag the program to the Applications folder, and how to disable
Gatekeeper by control-clicking on the Tor Browser icon when running for
the first time. Please see the relevant bug ticket [48] for a nice set
of example screenshots; your contribution will be gratefully received!

 [47]: https://www.torproject.org/download/download-easy
 [48]: https://bugs.torproject.org/14838

Upcoming events
---------------

  Feb 11 13:30 UTC | little-t tor development meeting
                   | #tor-dev, irc.oftc.net
                   |
  Feb 11 16:00 UTC | Pluggable transports meeting
                   | #tor-dev, irc.oftc.net
                   |
  Feb 16 18:00 UTC | Tor Browser online meeting
                   | #tor-dev, irc.oftc.net
                   |
  Feb 16 18:00 UTC | OONI development meeting
                   | #ooni, irc.oftc.net
                   |
  Feb 17 18:00 UTC | little-t tor patch workshop
                   | #tor-dev, irc.oftc.net
                   |
  Mar 01 - 06      | Tor Winter Dev Meeting 2015
                   | Valencia, Spain
                   | https://trac.torproject.org/projects/tor/wiki/org/meetings/2015WinterDevMeeting
                   |
  Mar 24 - 25      | Roger and Jake @ RightsCon 2015
                   | Manila, Philippines
                   | https://www.rightscon.org/manila/


This issue of Tor Weekly News has been assembled by Harmony, Roger
Dingledine, Kate Krauss, and David Fifield.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [49], write down your
name and subscribe to the team mailing list [50] if you want to
get involved!

 [49]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
 [50]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk