[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor Weekly News â November 26th, 2014



========================================================================
Tor Weekly News                                      November 26th, 2014
========================================================================

Welcome to the forty-seventh issue in 2014 of Tor Weekly News, the
weekly newsletter that covers whatâs happening in the Tor community.

A new Tor directory authority
-----------------------------

Tor, being free software, can be used by anyone to set up their own
anonymity network, as Tom Ritter demonstrated last month [1]; but âthe
Tor networkâ as we know it today consists of the 6500+ relays voted on
by nine âdirectory authoritiesâ (or âdirauthsâ) [2], operated by trusted
members of the Tor development team and community [3].

As Mike Perry, a longtime directory authority operator, wished to retire
his machine, âturtlesâ, without unbalancing the number of authorities
producing the consensus [4], a new authority named âlongclawâ [5] was
brought online by the autonomous tech collective Riseup [6], which has
been offering free and secure methods of communication (most of them now
available as hidden services [7]) since 1999.

Thanks to Riseup for playing this key role in the operation of the Tor
network!

  [1]: https://lists.torproject.org/pipermail/tor-dev/2014-October/007613.html
  [2]: https://gitweb.torproject.org/tor.git/blob/HEAD:/src/or/config.c#l823
  [3]: https://www.torproject.org/docs/faq#KeyManagement
  [4]: https://metrics.torproject.org/about.html#consensus
  [5]: https://en.wikipedia.org/wiki/Longclaw
  [6]: https://help.riseup.net/
  [7]: https://help.riseup.net/en/security/network-security/tor#riseups-tor-hidden-services

Miscellaneous news
------------------

Nathan Freitas announced [8] the release of Orbot 14.1.3, which includes
improved handling of background processes; it builds on the earlier
14.1.0 [9], which brought with it support for Android 5.0 Lollipop, as
well as stability fixes. Orweb was brought up to version 0.7, also
introducing support for the new Android release.

  [8]: https://lists.mayfirst.org/pipermail/guardian-dev/2014-November/004068.html
  [9]: https://lists.mayfirst.org/pipermail/guardian-dev/2014-November/004036.html

George Kadianakis sent out [10] a co-authored draft of a proposal for
statistics concerning hidden service activity that relays could collect
and publish without harming the anonymity or security of users and
hidden services, and which might âbe useful to Tor developers and to
people who want to understand hidden services and the onionspace
better.â

 [10]: https://lists.torproject.org/pipermail/tor-dev/2014-November/007863.html

Tom Ritter drafted a proposal [11] exploring methods a hidden service
operator might use to prove to certificate authorities that they control
the serviceâs private key when requesting SSL certificates.

 [11]: https://lists.torproject.org/pipermail/tor-dev/2014-November/007853.html

Karsten Loesing spruced up [12] the documentation on the Tor Metrics
portal [13], including a handy glossary of frequently-used Tor-specific
terms [14].

 [12]: https://lists.torproject.org/pipermail/tor-dev/2014-November/007834.html
 [13]: https://metrics.torproject.org/
 [14]: https://metrics.torproject.org/about.html

Damian Johnson sketched out a roadmap [15] for further development of
Stem [16], the Tor controller library in Python, welcoming âmore general
ideas on directions to take Stem, the tor-prompt, and this whole spaceâ.

 [15]: https://lists.torproject.org/pipermail/tor-dev/2014-November/007831.html
 [16]: https://stem.torproject.org/

Andrew Lewman reported [17] on his experiments in mirroring the Tor
Project website using the Fastly CDN as well as the BitTorrent Sync
application.

 [17]: https://lists.torproject.org/pipermail/tor-mirrors/2014-November/000781.html

Following a suggestion [18] that a guide to server hardening should be
distributed with the tor software package, Libertas drafted [19] a
sample document and asked for reviews. âPlease share any opinions or
contributions you have. This was written in a little more than an hour,
so itâs still a work in progress.â

 [18]: https://bugs.torproject.org/13703
 [19]: https://lists.torproject.org/pipermail/tor-relays/2014-November/005846.html

Libertas also scanned [20] a large number of currently-running Tor
relays to check which ssh access authentication methods their servers
supported, finding 2051 relays that still permitted password-based ssh
authentication. âGenerally, it is far more secure to allow only public
key auth. The Ubuntu help pages have a good guide [21] on setting up
key-based authâ.

 [20]: https://lists.torproject.org/pipermail/tor-relays/2014-November/005759.html
 [21]: https://help.ubuntu.com/community/SSH/OpenSSH/Keys

SiNA Rabbani noted [22] that a large proportion of Tor exit relays are
located in Europe, and called for relay operators to consider running
nodes with US hosts. âI am not sure if the reason is lack of
Tor-friendly ISPs or people are just too freaked out about the summer of
Snowden. I think itâs very wrong to assume that EU countries are not
part of the world-wide-wiretap, packets are going through a few internet
exchanges anyways.â

 [22]: https://lists.torproject.org/pipermail/tor-relays/2014-November/005806.html

Thanks to Andy Weber [23], Matt Kraai [24], Alexander Dietrich [25],
James Murphy [26], Jesse Victors [27], Lucid Networks [28],
mirror-server.de [29], NTU Open Source Society [30], and Justaguy [31]
for running mirrors of the Tor Projectâs website and software!

 [23]: https://lists.torproject.org/pipermail/tor-mirrors/2014-October/000738.html
 [24]: https://lists.torproject.org/pipermail/tor-mirrors/2014-October/000741.html
 [25]: https://lists.torproject.org/pipermail/tor-mirrors/2014-October/000746.html
 [26]: https://lists.torproject.org/pipermail/tor-mirrors/2014-October/000751.html
 [27]: https://lists.torproject.org/pipermail/tor-mirrors/2014-November/000763.html
 [28]: https://lists.torproject.org/pipermail/tor-mirrors/2014-November/000783.html
 [29]: https://lists.torproject.org/pipermail/tor-mirrors/2014-November/000784.html
 [30]: https://lists.torproject.org/pipermail/tor-mirrors/2014-November/000762.html
 [31]: https://lists.torproject.org/pipermail/tor-mirrors/2014-November/000764.html

Tor help desk roundup
---------------------

The help desk commonly sees questions from users who get error messages
when using Vidalia, the graphical Tor controller. Vidalia is
unmaintained and many of its features simply do not work any more, so it
has been deprecated [32]. For web browsing, only the latest version of
Tor Browser [33] should be used. If you were trying to use the (now
also defunct) Vidalia Bridge or Relay Bundles, documentation for how to
set up bridges [34] and regular relays [35] more effectively without
Vidalia can be found on the website.

 [32]: https://www.torproject.org/docs/faq.html#WhereDidVidaliaGo
 [33]: https://www.torproject.org/projects/torbrowser.html
 [34]: https://www.torproject.org/projects/obfsproxy-instructions
 [35]: https://www.torproject.org/docs/tor-relay-debian

Upcoming events
---------------

  Nov 26 13:30 UTC | little-t tor development meeting
                   | #tor-dev, irc.oftc.net
                   |
  Nov 26 16:00 UTC | Pluggable transports meeting
                   | #tor-dev, irc.oftc.net
                   |
  Dec 01 18:00 UTC | Tor Browser online meeting
                   | #tor-dev, irc.oftc.net
                   |
  Dec 01 18:00 UTC | OONI development meeting
                   | #ooni, irc.oftc.net
                   | https://lists.torproject.org/pipermail/tor-dev/2014-November/007852.html
                   |
  Dec 02 17:00 UTC | little-t tor patch workshop
                   | #tor-dev, irc.oftc.net
                   |
  Dec 03 20:00 UTC | Tails contributors meeting
                   | #tails-dev, irc.oftc.net
                   | https://mailman.boum.org/pipermail/tails-dev/2014-November/007418.html


This issue of Tor Weekly News has been assembled by Harmony, Matt Pagan,
Roger Dingledine, and Karsten Loesing.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [36], write down your
name and subscribe to the team mailing list [37] if you want to
get involved!

 [36]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
 [37]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk