======================================================================== Tor Weekly News August 21st, 2013 ======================================================================== Welcome to the eighth issue of Tor Weekly News, the weekly newsletter that covers what is happening in the great Tor community. Future of pluggable transports integration ------------------------------------------ While David Fifield was busy updating the Pluggable Transports Bundle to match the âclassicâ bundle version 0.2.4.16-beta-1Â[1], several discussions took place on how to better integrate pluggable transports in the future. bastik opened #9444Â[2], pointing out that âcurrently TBB with Pluggable Transports are build separately, thus lagging behindâ. Having two separate bundles is also a long standing usability issue, as often users have tried to add âobfsâ bridges to their normal TBBÂ[3]. Mike Perry is fully aware of the issue and stated in the discussion that his âlong term goal is to try to cram all of the pluggable transports into The One True Bundle.â This will require modifications to the new âTor Launcherâ component of the TBB 3.x series in order to allow users to select the bridges and pluggable transports they wish to use. Compromises might be needed on how users should input bridges. BridgeDB recently stopped having the âbridgeâ keyword in front of the addresses it repliesÂ[4] with as Vidalia would not understand it. Mike Perry was thinking in exactly the opposite direction: âtake bridge lines directly from bridgedb [â] verifying only that they start with âbridgeââ. Maybe the transition could be easier if Florian Stinglmayrâs patch to VidaliaÂ[5] was merged so that current bundles would ignore the âbridgeâ keyword when entering bridgesÂ[6]. In any case, Mike wants to solve these issues âbefore we release as beta/stable, to minimize user confusion.â Another tricky part of the âOne True Bundleâ solution is the bundle size, making it harder to circumvent download restrictions through emailÂ[7]. But, as Mike said, âeven if they donât, weâll probably have to find some other solution anyway for gettor, because the intersection of gettor users and PT users is probably high.â [1]Âhttps://www.torproject.org/docs/pluggable-transports.html.en [2]Âhttps://bugs.torproject.org/9444 [3]Âhttps://bugs.torproject.org/9156 [4]Âhttps://gitweb.torproject.org/user/isis/bridgedb.git/commit/792cfd9 [5]Âhttps://github.com/n0la/vidalia/tree/master-bug/6724 [6]Âhttps://bugs.torproject.org/6724 [7]Âhttps://www.torproject.org/projects/gettor.html Extended ORPort land in tor 0.2.5 --------------------------------- After more than a year and a half in the making, the Extended ORPort mechanismÂ[8] has been merged by Nick Mathewson into the tor master branchÂ[9]. This will allow pluggable transport proxies to exchange arbitrary operational information and metadata with tor clients and bridges. Such plumbing was needed in order to make some pluggable transports easier to use or to allow Tor to gather more data about the state of the transports used. obfsproxy has supported this new communication channelÂ[10] for a little while and was only waiting for tor to catch up. George Kadianakis thus asked obfsbridge operators to upgrade their tor to git master to enable client statisticsÂ[11]. Once they do, their bridges will send statistics on users per transport to the bridge authority, and they will be published on metrics.torproject.orgÂ[12]. This helps track deployment of pluggable transports in the future. [8]Âhttps://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/196-transport-control-ports.txt [9]Âhttps://gitweb.torproject.org/tor.git/commit/74262f15 [10]Âhttps://gitweb.torproject.org/pluggable-transports/obfsproxy.git/blob/HEAD:/obfsproxy/network/extended_orport.py [11]Âhttps://lists.torproject.org/pipermail/tor-relays/2013-August/002477.html [12]Âhttps://metrics.torproject.org/users.html?graph=userstats-bridge-transport&transport=obfs3#userstats-bridge-transport A new implementation for the web side of check.torproject.org ------------------------------------------------------------- Arlo Breault wrote a new implementation for the web component of check.torproject.org in the Go programming languageÂ[13], in response to Roger Dingledineâs appeal: âCheck could really use some love. Any volunteers please?â.Â[14,15] There is already a ticket to replace the check.torproject.org servers with Arloâs Go versionÂ[16]. Andrew Lewman stated again that âAs for check.tpo website, it shouldnât exist at allâ, as it is an architectural issue to âhave the entire tor browser userbase hit a single website to learn âTor or notââ. Until all clients are changed to stop using check, deploying a new code base would only make sense if it was at least able to handle â500 requests per second on really busy timesâ. More benchmarks are probably needed with Arloâs implementation. On another front, tup, the initial author of TorDNSELÂ[17], has resurfaced to offerÂ[18] to update the code to work with newer Haskell environments after many years of silence! [13]Âhttps://github.com/arlolra/check/ [14]Âhttps://lists.torproject.org/pipermail/tor-talk/2013-August/029306.html [15]Âhttps://bugs.torproject.org/9529 [16]Âhttps://gitweb.torproject.org/tordnsel.git/commit/99d490 [17]Âhttps://bugs.torproject.org/9204#comment:14 Tor exit crowdfunding --------------------- Moritz Bartl from torservers.netÂ[18] posted an updateÂ[19] on their ongoing crowdfunding campaign to support Tor exit bandwidth. The fund just went over â3000, and there are still a few days left! For more information, and ways to contribute, please visit the Indiegogo pageÂ[20]. [18]Âhttps://www.torservers.net/ [19]Âhttps://lists.torproject.org/pipermail/tor-talk/2013-August/029431.html [20]Âhttp://www.indiegogo.com/projects/tor-anti-censorship-and-anonymity-infrastructure/ A Flattr-like incentive for Tor relays? --------------------------------------- While torservers.net is presently collecting euros, George Kadianakis asked for comments from the Tor community about âa practical crowdfunded Flattr-like incentive scheme for Tor relaysâ, dubbed FlattorÂ[21]. Georgeâs proposal is meant to solve âone of the problems of scaling Tor to tens of millions of usersâ, that âTorâs bandwidth capacity is finiteâ. He observes that âlately the bandwidth coming out of Tor-friendly organizations (like torservers.net, universities, etc.) seems to increaseâ and is worried that âTor might end up looking like the Bitcoin network â where a number of organizations (mining pools) drive the network.â What George would like to see is incentives for contributing to the network. After studying schemes proposed in the past, all deemed âhard to implement and deployâ, George proposes a simple approach: users can opt to spend a fixed amount of bitcoins to support the Tor network, and their donation will be divided according to the bandwidth of each relay. Obviously, relay operators who wish to receive such contributions would need to publish a bitcoin address, probably in the âcontactâ field. There might be some concerns with such scheme, or any monetary incentives scheme, as George summarized: âIf relay operators start getting money for their bandwidth, we might end up with relay operators that are just in for the money. It might then be easier for a three-letter org to persuade those relay operators to snoop on their users (by giving them double the money they are currently getting).â Moritz Bartl commentedÂ[22] that the idea was already quite close to torservers.net current plan, to the extent that donations were distributed âacross all participating organizations based on [â] advertised bandwidth and a country-specific factor.â Moritz also pointed out that similar discussions had already happened in the past when a sponsor wished to fund faster exit relaysÂ[23]. George concluded his mail by saying that he is ânot even sure if such an incentive scheme is a good idea, but posting bad ideas to mailing lists is what the Internet is for, right?â Feel free to join the discussion, or hack wildly. [21]Âhttps://lists.torproject.org/pipermail/tor-talk/2013-August/029419.html [22]Âhttps://lists.torproject.org/pipermail/tor-talk/2013-August/029421.html [23]Âhttps://blog.torproject.org/blog/turning-funding-more-exit-relays Miscellaneous news ------------------ The new release of Orbot 12.0.3 comes with a shiny new icon and graphics, bugfixes, and Tor 0.2.4.16-rc. You can download the update via Google PlayÂ[24] or straight from Guardian Projectâs websiteÂ[25]. [24]Âhttps://play.google.com/store/apps/details?id=org.torproject.android [25]Âhttps://guardianproject.info/releases/orbot-latest.apk Andrew Lewman has published the financial reports of the Tor Project for the year 2012Â[26]. [26]Âhttps://blog.torproject.org/blog/transparency-openness-and-our-2012-financial-docs Arturo has sent his report for July 2013Â[27]. [27]Âhttps://lists.torproject.org/pipermail/tor-reports/2013-August/000313.html Runa Sandvik reported on her trip to Black Hat & DEF CONÂ[28]. She managed to fill âthe Penn & Teller theater (~1500 people)â for a talkÂ[29] about âthe safety of the Tor network which focused on network diversity, relay operators, and misbehaving relays.â The former Tor GSoC student Brandon Wiley also gave an updateÂ[30] on Dust â âan Internet protocol designed to resist a number of attacks currently in active use to censor Internet communication.âÂ[31] [28]Âhttps://lists.torproject.org/pipermail/tor-reports/2013-August/000312.html [29]Âhttps://www.defcon.org/html/defcon-21/dc-21-speakers.html#Sandvik [30]Âhttps://www.defcon.org/html/defcon-21/dc-21-speakers.html#Wiley [31]Âhttps://github.com/blanu/Dust/ Karsten Loesing has made progress on âexperimenting with a client and private bridge connected over uTPâÂ[32]. The connection can be established, but strange timing issues remain to be solved. [32]Âhttps://trac.torproject.org/projects/tor/ticket/9166#comment:23 George Kadianakis has sent two new proposals to improve hidden service identity key securityÂ[33] and prevent address enumerationÂ[34]. TWN will cover these proposals in detail once the draft deployment strategy is published. Feel free to help refine the proposals in the meantime! [33]Âhttps://lists.torproject.org/pipermail/tor-dev/2013-August/005279.html [34]Âhttps://lists.torproject.org/pipermail/tor-dev/2013-August/005280.html Help Desk Roundup ----------------- Users experience confusion when trying to update the Tor Browser Bundle. Users are not always aware that the Tor Browser Bundle does not have an autoupdate function. Some users will download the latest release from the Tor Project website, then ask âOk, what do I do now?â. We recommend closing the browser, then deleting oneâs current Tor Browser folder before unpacking the new download. One person asked for help while using the Pirate Browser. Torrent-sharing website The Pirate Bay released the Pirate Browser this week as a fork of the Tor Browser Bundle. The Pirate Browser is not endorsed or recommended by the Tor Project. It is unclear what the advantages are compared to using the Tor Browser Bundle and no source code is available. This issue of Tor Weekly News has been assembled by Lunar, dope457, malaparte, mttp, Karsten Loesing, and harmony. Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project pageÂ[35], write down your name and subscribe to the team mailing-listÂ[36] if you want to get involved! [35]Âhttps://trac.torproject.org/projects/tor/wiki/TorWeeklyNews [36]Âhttps://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
Attachment:
signature.asc
Description: Digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk