[tor-talk] Tor Weekly News â September 4th, 2013

[Lunar <lunar@xxxxxxxxxxxxxx>]

========================================================================
Tor Weekly News                                      September 4th, 2013
========================================================================

Welcome to the tenth issue of Tor Weekly News, the weekly newsletter
that covers what is happening in the skyrocketing Tor community.

Serious network overload
------------------------

    <borealis> if it really is a coordinated attack from a bot twice the
               size of the regular tor network i'm much surprised tor is
               still usable at all â #tor, 2013-09-02 18:38 UTC

The tremendous influx of new clients that started mid-AugustÂ[1] is
stretching the current Tor network and software to its limits.

Several relay operators reported their relays to be saturatedÂ[2] by the
amount of connections and circuits that relays currently have to
handleÂ[3].

Mike Perry wishing to âcompare load characteristics since 8/19 for nodes
with different types of flagsâ issued a call to relay operatorsÂ[4]:
âespecially useful [are] links/graph images for connection counts,
bandwidth, and CPU load since 8/19.â

It was reported on IRC that on some relays, only one circuit was
successfully created out of four attempts. This unfortunately implies
that clients retry to build more circuits, resulting in even more load
on Tor relays.

The tor 0.2.4 series introduced a new circuit extension handshake dubbed
ântorâÂ[5]. This new handshake is faster (especially on the relay side)
than the original circuit extension handshake, âTAPâ. Roger Dingledine
came up with a patch to prioritize circuit creations using ntor over
TAPÂ[6]. Various observers reported that these overwhelming
unidentified new clients were likely to be using Tor 0.2.3. Prioritizing
ntor is then likely to make them less a burden for the network, and
should help the network to function despite being overloaded by circuit
creations.

Sathya and Isis both reported the patch to work. Nick Mathewson pointed
out a few issues in the current implementationÂ[7] but overall it looks
like a band-aid good enough for the time being.

   [1]Âhttps://metrics.torproject.org/users.html?graph=direct-users&start=2013-08-15&end=2013-09-02#direct-users
   [2]Âhttps://lists.torproject.org/pipermail/tor-relays/2013-August/002594.html
   [3]Âhttps://lists.torproject.org/pipermail/tor-relays/2013-August/002589.html
   [4]Âhttps://lists.torproject.org/pipermail/tor-relays/2013-August/002612.html
   [5]Âhttps://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/216-ntor-handshake.txt
   [6]Âhttps://bugs.torproject.org/9574#comment:10
   [7]Âhttps://bugs.torproject.org/9574#comment:12

Latest findings regarding traffic correlation attacks
-----------------------------------------------------

Erik de Castro Lopo pointed tor-talk readersÂ[8] to a new well written
paper named âUsers Get Routed: Traffic Correlation on Tor by Realistic
Adversaries.âÂ[9] To be presented at the upcoming CCS 2013
conferenceÂ[10] this November in Berlin, Aaron Johnson, Chris Wacek, Rob
Jansen, Micah Sherr, and Paul Syverson describe their experiments on
traffic correlation attacks.

This research paper follows on a long series of earlier research papers
to better understand how Tor is vulnerable to adversaries controlling
portions of the Tor network or monitoring users and relays at the
network level.

Roger DingledineÂwrote to tor-talk readersÂ[11]: âYes, a big enough
adversary can screw Tor users. But we knew that. I think itâs great that
the paper presents the dual risks of relay adversaries and link
adversaries, since most of the time when people are freaking out about
one of them theyâre forgetting the other one. And we really should raise
the guard rotation period. If you do their compromise graphs again with
guards rotated every nine months, they look way different.â

One tricky question with raising guard rotation periodÂ[12] is: âHow do
we keep clients properly balanced to match the guard capacities?âÂ[13]
It is also probably another signal for any Tails supporter that wishes
to help implementing guard persistenceÂ[14].

âI have plans for writing a blog post about the paper, to explain what
it means, what it doesnât mean, what we should do about it, and what
research questions remain openâ wrote Roger. Letâs stay tuned!

   [8]Âhttps://lists.torproject.org/pipermail/tor-talk/2013-September/029755.html
   [9]Âhttp://www.ohmygodel.com/publications/usersrouted-ccs13.pdf
  [10]Âhttp://www.sigsac.org/ccs/CCS2013/
  [11]Âhttps://lists.torproject.org/pipermail/tor-talk/2013-September/029756.html
  [12]Âhttps://bugs.torproject.org/8240
  [13]Âhttps://bugs.torproject.org/9321
  [14]Âhttps://labs.riseup.net/code/issues/5462

A peek inside the Pirate Browser
--------------------------------

Torrent-sharing website The Pirate Bay started shipping a custom
browser â the Pirate Browser â on August 10th. They advertised using Tor
to circumvent censorship but unfortunately did not provide any source
code for their project.

Matt Pagan examined the contents of the packageÂ[15] in order to get a
better idea of what it was. He compared the contents of the Pirate
Browser 0.6b archive using cryptographic checksums to the contents of
the Tor Browser Bundle 2.3.25-12 (en-US version).

According to Mattâs findings the Pirate Browser includes unmodified
versions of tor 0.2.3.25 and Vidalia 0.2.20. The tor configuration
contains slight deviation from the one shipped with the Tor Browser
Bundle. One section labeled âConfigured for speedâ unfortunately shows
wrong understanding of the Tor network. Roger Dingledine commented in a
subsequent emailÂ[16]: âJust for the record, the three lines here donât
help speed much (or maybe at all).â

The remaining configuration change that âprobably has the biggest impact
on performanceâ, according to Roger, excludes exit nodes from Denmark,
Ireland, United Kindgom, the Netherlands, Belgium, Italy, China, Iran,
Finland, and Norway. âWhether it improves or reduces performance [Roger]
cannot say, though. Depends on a lot of complex variables around
Internet topologies.â

The browser itself is based of Firefox 23.0, with FoxyProxy configured
to use Tor only for a few specific addressesÂ[17], and a few extra
bookmarks.

Later, Matt also highlightedÂ[18] that some important extensions of the
Tor Browser, namely HTTPS Everywhere, NoScript, and Torbutton were also
missing from the Pirate Browser.

In any cases, the Pirate Browser is unlikely to explain the sudden
influx of new Tor clients. grarpamp forwarded an email exchanged with
the Pirate Browser admin contactÂ[19] which shows that numbers
(550 000 known direct downloads) and dates (âmost downloads during the
first weekâ) do not match.

  [15]Âhttps://lists.torproject.org/pipermail/tor-talk/2013-August/029703.html
  [16]Âhttps://lists.torproject.org/pipermail/tor-talk/2013-August/029729.html
  [17]Âhttp://piratebrowser.com/piratebrowser_patterns.json
  [18]Âhttps://lists.torproject.org/pipermail/tor-talk/2013-August/029707.html
  [19]Âhttps://lists.torproject.org/pipermail/tor-talk/2013-August/029736.html

Monthly status reports for August 2013
--------------------------------------

The wave of regular monthly reports from Tor project members for the
month of August has begun. Sherief Alaa released his report firstÂ[20],
followed by reports from George KadianakisÂ[21], LunarÂ[22], Arturo
FilastÃÂ[23], Colin C.Â[24], Arlo BreaultÂ[25], Philipp WinterÂ[26],
Roger DingledineÂ[27], Karsten LoesingÂ[28], and Isis LovecruftÂ[29].
The latter also caught up with JuneÂ[30], and JulyÂ[31].

  [20]Âhttps://lists.torproject.org/pipermail/tor-reports/2013-September/000314.html
  [21]Âhttps://lists.torproject.org/pipermail/tor-reports/2013-September/000315.html
  [22]Âhttps://lists.torproject.org/pipermail/tor-reports/2013-September/000316.html
  [23]Âhttps://lists.torproject.org/pipermail/tor-reports/2013-September/000317.html
  [24]Âhttps://lists.torproject.org/pipermail/tor-reports/2013-September/000318.html
  [25]Âhttps://lists.torproject.org/pipermail/tor-reports/2013-September/000319.html
  [26]Âhttps://lists.torproject.org/pipermail/tor-reports/2013-September/000320.html
  [27]Âhttps://lists.torproject.org/pipermail/tor-reports/2013-September/000321.html
  [28]Âhttps://lists.torproject.org/pipermail/tor-reports/2013-September/000322.html
  [29]Âhttps://lists.torproject.org/pipermail/tor-reports/2013-September/000323.html
  [30]Âhttps://lists.torproject.org/pipermail/tor-reports/2013-September/000324.html
  [31]Âhttps://lists.torproject.org/pipermail/tor-reports/2013-September/000325.html

Help Desk Roundup
-----------------

This week Tor help desk saw an increase in the number of users wanting
to download or install Orbot. Orbot can be downloaded from the Google
Play store, the Amazon App store, f-droid.org, and guardianproject.info.
Guides on using Orbot can be found on the Guardian Projectâs Orbot
pageÂ[32], or on the Tor Projectâs Android pageÂ[33]. It looks like
Orbot is currently inaccessible from the Google Play store in Iran.
Please join the discussion on tor-talkÂ[34] if you have input about the
latter.

  [32]Âhttps://guardianproject.info/apps/orbot/
  [33]Âhttps://www.torproject.org/docs/android.html
  [34]Âhttps://lists.torproject.org/pipermail/tor-talk/2013-August/029684.html

All versions of the Tor Browser Bundle which include tor 0.2.4.x have
been reported to work in Iran. This includes the latest Pluggable
Transport Bundle, the 3.0 alpha series, and the 2.4 beta series.  Follow
our Farsi blogÂ[35] for more Iran related news.

  [35]Âhttps://fa-blog.torproject.org/

Miscellaneous news
------------------

The next Tails contributors meetingÂ[36] will happen on IRC on
September 4th at 8pm UTC (10pm CEST). âEvery one interested in
contributing to Tails is welcomeâ to join #tails-dev on the OFTC
network.

  [36]Âhttps://mailman.boum.org/pipermail/tails-dev/2013-August/003523.html

Yawning Angel has been âdesigning a UDP based protocol to serve as the
bulk data transport for something along the lines of âobfs3, but over
UDPâ.â They are soliciting feedback on their initial draft of the
Lightweight Obfuscated Datagram Protocol (LODP)Â[37].

  [37]Âhttps://lists.torproject.org/pipermail/tor-dev/2013-August/005334.html

KÃvin Dunglas announcedÂ[38] their work on a PHP library for the Tor
Control PortÂ[39], released under the MIT license.

  [38]Âhttps://lists.torproject.org/pipermail/tor-dev/2013-August/005340.html
  [39]Âhttps://github.com/dunglas/php-torcontrol/

Kathy Brade and Mark Smith have released a first patchÂ[40] for
Mozillaâs update mechanism which âsuccessfully updated TBB on Linux,
Windows, and Mac OS âin the labâ using both incremental and âfull
replaceâ updates.â This is meant for the 3.x series of the Tor Browser
Bundle and is still a work a progress, but this is a significant
milestone toward streamlined updates for TBB users.

  [40]Âhttps://bugs.torproject.org/4234#comment:19

Erinn Clark announcedÂ[41] that the software powering
trac.torproject.org has been upgraded to version 0.12.3. Among several
other improvements, this new version allowed Erinn to experiment with
the often requested Git integrationÂ[42].

  [41]Âhttps://lists.torproject.org/pipermail/tor-dev/2013-August/005328.html
  [42]Âhttps://lists.torproject.org/pipermail/tor-dev/2013-September/005346.html

David Goulet has released the second release candidate for the 2.0
rewrite of TorsocksÂ[43]: âPlease continue to test, review and
contribute it!â

  [43]Âhttps://lists.torproject.org/pipermail/tor-dev/2013-September/005359.html

Much to her surprise, Erinn Clark found a âfraudulent PGP key with [her]
email addressâ on the keyserversÂ[44]. âDo not under any circumstances
trust anything that may have ever been signed or encrypted with this
keyâ of short id 0xCEE1590D. She reminded that the Tor Project official
signatures are listed on the projectâs websiteÂ[45].

  [44]Âhttps://lists.torproject.org/pipermail/tor-dev/2013-September/005348.html
  [45]Âhttps://www.torproject.org/docs/signing-keys.html

Philipp Winter published the final paper versionÂ[46] of the
ScrambleSuit pluggable transportÂ[47], dubbed âA Polymorphic Network
Protocol to Circumvent Censorshipâ.

  [46]Âhttp://www.cs.kau.se/philwint/pdf/wpes2013.pdf
  [47]Âhttp://www.cs.kau.se/philwint/scramblesuit/

Upcoming events
---------------

Sep 4 8pm | Tor Q&A with Roger Dingledine
          | University of the Sciences, Philadelphia, PA, USA
          | http://www.phillylinux.org/meetings.html
          |
Sep 29-01 | Tor at OpenITP Circumvention Tech Summit IV
          | Berlin, Germany
          | https://www.openitp.org/openitp/circumvention-tech-summit.html
          |
Oct 09-10 | Andrew speaking at Secure Poland 2013
          | Warszawa, Poland
          | http://www.secure.edu.pl/

This issue of Tor Weekly News has been assembled by Lunar, dope457,
mttp, malaparte, Nima, bastik, and Roger Dingledine.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project pageÂ[48], write down your
name and subscribe to the team mailing listÂ[49] if you want to
get involved!

  [48]Âhttps://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
  [49]Âhttps://lists.torproject.org/cgi-bin/mailman/listinfo/news-team

Attachment: signature.asc
Description: Digital signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk