[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor Weekly News â August 8th, 2015

Tor Weekly News                                         August 8th, 2015

Welcome to the thirtieth issue in 2015 of Tor Weekly News, the weekly
newsletter that covers whatâs happening in the Tor community.


 1. Tor is out
 2. Tor Browser 5.0a4 is out
 3. Random number generation during Tor voting
 4. CameraV (aka InformaCam) is out
 5. Monthly status reports for July month 2015
 6. Miscellaneous news
 7. Upcoming events

Tor is out

Nick Mathewson announced [1] the second alpha release in the Tor 0.2.7.x
series. This version includes improvements to the handling of Torâs
identity keys, which now use the Ed25519 elliptic curve signature
format. It also allows onion service operators to specify a higher
number of introduction points with a special configuration option, if
the service is coming under heavy load, âat the cost of making it more
visible that the hidden service is facing extra loadâ.

For full details of the many other developments in this release, please
see Nickâs announcement. The source code is available as usual from
Torâs distribution directory [2].

  [1]: https://blog.torproject.org/blog/tor-0272-alpha-released
  [2]: https://dist.torproject.org

Tor Browser 5.0a4 is out

The Tor Browser team put out their fourth alpha release [3] in the 5.0
series of the privacy-preserving anonymous browser. âMost notably, this
release contains an experimental defense against font fingerprinting by
using an identical set of shipped fonts on all supported platformsâ,
wrote Georg Koppen. This version also fixes some of the issues created
by the update to Firefox 38ESR, which âbrings us very close to a stable
Tor Browser 5.0, which we aim to release next weekâ.

Get your copy of the new alpha from the project page [4], or via the
incremental updater if you are already using the alpha Tor Browser

  [3]: https://blog.torproject.org/blog/tor-browser-50a4-released
  [4]: https://www.torproject.org/projects/torbrowser.html.en#downloads-alpha

Random number generation during Tor voting

One of the weaknesses of the current onion service design is that parts
of it (such as the relays chosen by a service to upload its descriptor)
rely on a list of Tor relays which is generated in a predictable way.
This makes it possible for people with malicious intentions to insert
their bad relays into the list at points of their choosing, in order to
carry out attacks such as denials-of-service (as some researchers proved
earlier this year [5]). A good way of preventing this is to make Torâs
directory authorities jointly come up with a random number as part of
their regular voting procedure, which is then used by onion services to
choose the directories to which they will upload their descriptor
information, and by clients to find those same directories. It could
also be used by other systems as a shared source of randomness.

George Kadianakis published a draft proposal [6] describing how this
procedure could work. For a period of twelve hours, the directory
authorities send each other a âcommitmentâ, consisting of the hash of a
256-bit value. Once all authorities are aware of the othersâ
commitments, they then reveal to one another the values they committed
to, for another twelve-hour period. At the end of that time, the
revealed values are checked to see if they correspond to the
commitments, and then they are all used to compute that dayâs random
value. This works because although you can use the commitment hash to
verify that the value revealed is the same as the one decided upon
twelve hours ago, you cannot derive the value itself from the

Please see the draft proposal in full for discussion of the finer points
of the proposed system, or if you are a fan of ingenious solutions.

  [5]: https://conference.hitb.org/hitbsecconf2015ams/wp-content/uploads/2015/02/D2T2-Filippo-Valsorda-and-George-Tankersly-Non-Hidden-Hidden-Services-Considered-Harmful.pdf
  [6]: https://lists.torproject.org/pipermail/tor-dev/2015-August/009189.html

CameraV (aka InformaCam) is out

The Guardian Project put out a full release [7] of CameraV (or
InformaCam), a nifty smartphone application that lets you âcapture and
share verifiable photos and video proof on a smartphone or tablet, all
the while keeping it entirely secure and privateâ. It allows you to
prove the authenticity of your photos by using âthe built-in sensors in
modern smartphones for tracking movement, light and other environmental
inputs, along with Wi-Fi, Bluetooth, and cellular network information to
capture a snapshot of the environment around youâ and bundling this
information into the picture file.

As you would expect, InformaCam is fully compatible with the Guardian
Projectâs Tor software offerings for Android, so whether youâre a
citizen journalist or a keen phone photographer who values privacy, take
a look at the CameraV page and try it out for yourself!

  [7]: https://lists.mayfirst.org/pipermail/guardian-dev/2015-July/004466.html

Monthly status reports for July month 2015

The wave of regular monthly reports from Tor project members for the
month of July has begun. Pearl Crescent released their report first [8]
(for work on Tor Browser development), followed by reports from David
Goulet [9] (on onion service research and development), Georg
Koppen [10] (working on Tor Browser), Isabela Bagueros [11] (for overall
project management), Karsten Loesing [12] (working on Tor network tools
and organizational tasks), Damian Johnson [13] (on Nyx and stem
development), and Juha Nurmi [14] (on ahmia.fi development).

The students in this yearâs Tor Summer of Privacy also sent updates
about their progress. Donncha OâCearbhaill gave news of the OnionBalance
load-balancing project [15], while Jesse Victors did the same for the
OnioNS DNS-like system [16], Cristobal Leiva for the relay web status
dashboard [17], and Israel Leiva for continuing development of the
GetTor alternative software distributor [18].

Finally, the Tails team published their June report [19], bringing
updates about outreach, infrastructure, funding, and ongoing discussions
relating to the anonymous live operating system.

  [8]: https://lists.torproject.org/pipermail/tor-reports/2015-July/000882.html
  [9]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000883.html
 [10]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000885.html
 [11]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000888.html
 [12]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000890.html
 [13]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000892.html
 [14]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000893.html
 [15]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000884.html
 [16]: https://lists.torproject.org/pipermail/tor-dev/2015-August/009197.html
 [17]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000886.html
 [18]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000887.html
 [19]: https://tails.boum.org/news/report_2015_06

Miscellaneous news

The participants in the recent onion service hackfest in Washington, DC
published a summary [20] of the exciting progress they made during the

 [20]: https://blog.torproject.org/blog/hidden-service-hackfest-arlington-accords

Arturo Filastà announced [21] that an OONI-related hackathon entitled
âADINA15: A Dive Into Network Anomaliesâ will be held on October 1-2 in
the Chamber of Deputies at the Italian Parliament in Rome. âThis means
that you are all invitedâto put your design and data analysis skills to
the test!â

 [21]: https://lists.torproject.org/pipermail/ooni-dev/2015-July/000307.html

David Fifield published the regular summary of costs [22] incurred by
the infrastructure for meek.

 [22]: https://lists.torproject.org/pipermail/tor-dev/2015-August/009213.html

Nathan Freitas explored [23] possible routes to an Android-compatible
version of Ricochet [24], the exciting new privacy-preserving instant
messaging application based on Tor onion services.

 [23]: https://lists.mayfirst.org/pipermail/guardian-dev/2015-August/004470.html
 [24]: https://ricochet.im

Upcoming events

  Aug 10 09:30 EDT | Roger & others @ 5th USENIX FOCI Workshop / 24th USENIX Security Symposium
                   | Washington, DC, USA
                   | https://blog.torproject.org/events/roger-and-others-foci-usenix-security-dc
  Aug 10 17:00 UTC | OONI development meeting
                   | #ooni, irc.oftc.net
  Aug 10 18:00 UTC | Tor Browser meeting
                   | #tor-dev, irc.oftc.net
  Aug 11 18:00 UTC | little-t tor patch workshop
                   | #tor-dev, irc.oftc.net
  Aug 12 13:30 UTC | little-t tor development meeting
                   | #tor-dev, irc.oftc.net
  Aug 12 14:00 UTC | Measurement team meeting
                   | #tor-project, irc.oftc.net
  Aug 12 19:00 UTC | Tails low-hanging fruit session
                   | #tails-dev, irc.oftc.net
                   | https://mailman.boum.org/pipermail/tails-project/2015-August/000273.html
  Aug 19 02:00 UTC | Pluggable transports/bridges meeting
                   | #tor-dev, irc.oftc.net

This issue of Tor Weekly News has been assembled by BitingBird and

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [25], write down your
name and subscribe to the team mailing list [26] if you want to
get involved!

 [25]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
 [26]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to