[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] Tor Weekly News -- April 4th, 2016
Tor Weekly News April 4th, 2016
Welcome to the 5th 2016 issue of the Tor Weekly News, bringing you a
collection of Tor-related news at least a couple times per month!
1. OONI Explorer released
2. Tor Browser 5.5.4 and 6.0a4 released
3. Tor 0.2.8.2-alpha released
4. Tor statement on Apple and backdoors
5. CloudFlare debate roundup
6. Miscellaneous News
OONI Explorer released
The Open Observatory of Network Interference (OONI) develops free
software to detect irregular internet conditions. There are currently 15
tests in the suite ; one measures DNS consistency, another measures
HTTP consistency, others check if Tor is blocked, and some try to detect
HTTP-aware middleboxes between the client and the server. Volunteers
around the world can run this software  and report the results back
to OONI, who makes the dataset freely available. Over the last three
years, more than 8.5 million network measurements from 93 countries have
The newly released OONI Explorer  provides a browsable web interface
to the collected dataset. The Highlights page  presents a short
analysis of some interesting anomalies which might be worthy of further
research, and the blog post  has more details.
Tor Browser 5.5.4 and 6.0a4 released
The most recent ESR version of Firefox (38.7.1) disables the Graphite
font rendering library (there have been a number of recent
vulnerabilities in it). Graphite was previously disabled in Tor Browser
if you had the security slider set at "Medium-High" or "High," but now
it is disabled for everyone (stable , unstable , and
unstable-hardened ) so you won't see it mentioned.
Tor 0.2.8.2-alpha released
There's a new alpha release  of "little t tor" that includes a bunch
of bugfixes and new features.
Tor statement on Apple and backdoors
Much has been written after Apple publicly denounced the FBI's request
to develop and sign an iOS update that would let the FBI unlock iPhones
in their possession. While Apple rejected this particular demand, the
saga has cast a light on the single point of failure that is Apple's
signing key. Tor's Leif Ryge wrote a piece  for Ars Technica
pointing out that many pieces of software are built with such single
points of failure (for example, a Debian system will accept as genuine
an update signed by any of several developer keys it knows about).
Tor put out a statement  in solidarity with Apple's position and to
review the ongoing efforts taken to eliminate single points of failure
(deterministic builds, for example, mean a compromised build machine
can't insert what would be a hard-to-detect backdoor during the build
Cloudflare debate roundup
Tor Browser users are probably familiar with the CAPTCHAs CloudFlare
presents to users from IP addresses deemed to have a negative
reputation. There's a 58-point-long aggregation of thoughts from all
sides here . Cloudflare put out a blog post  on March 30, and
Tor responded  on March 31.
There was a Tor presence at LibrePlanet 2016: David Goulet reports on
his discussion  with some activists in Mexico who depend on Tor to
stay safe from a surveillance-equipped triple threat of corporations,
government, and cartels. The Library Freedom Project ("a partnership
among librarians, technologists, attorneys, and privacy advocates which
aims to make real the promise of intellectual freedom in libraries") won
the FSF's Award for Projects of Social Benefit .
Wired has a piece  on the Autonomy Cube , the
Tor-Relay-as-sculpture from Trevor, Leif, and Jake presently installed
in four museums around the world.
There was a mailing list discussion about building a router/gateway that
only allows Tor traffic. Lunar  and Rusty Bird  posted some
setups; both approaches basically creating a firewall whitelist of Tor
relay IPs from the consensus.
Yawning developed and released a Firefox addon  that detects
CloudFlare CAPTCHAs and automatically tries to fetch the page from
Nick posted some ideas  on improving design and modularity in Tor.
A TV producer is looking to interview  an "ordinary" Tor user. "I
think they want someone in the US they can follow around who uses Tor
for what they consider an interesting use case that fits the idea, 'Tor
is for everyone!'"
The Logan Symposium posted their talk recordings ; they're all
really good, but the most Tor-related one is this discussion 
between the developers of a few Tor-enabled operating systems (Tails,
Qubes, and Subgraph).
This issue of Tor Weekly News has been assembled by jl. If you're
interested in contributing, see the wiki page  :)
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to