[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor Weekly News â December 25th, 2013

Tor Weekly News                                      December 25th, 2013

Welcome to the 26th issue of Tor Weekly News, the weekly newsletter that
covers what is happening in the Tor community.

The 3.x series of the Tor Browser Bundle is now stable

After more than a year of work, Mike Perry has officially blessed the
3.5 release of the Tor Browser Bundle as the new stableÂreleaseÂ[1].
Improving on the previous stable series, it features a deterministic
build systemÂ[2] for distributed trustÂ[3], a new integrated interface
to interact with TorÂ[4] and all the improvements from Tor 0.2.4Â[5].

Users of the previous 2.x series might be a little disoriented by the
user interface changes. David Fifield, Matt Pagan and others have been
compiling the most frequent questionsÂ[6] heard after the switch. Until
the integrated browser interface catches up, new Vidalia bundles are now
availableÂ[7] for those who need them. Erinn Clark is ironing out the
remaining integration issues.

With the discontinuation of Firefox 17 ESR, the new release had to be
pushed to users to avoid exposing them to security holes. Firefox 24
ESR, on which the Tor Browser is now based, should be supported by
Mozilla for approximately one year. This will leave our browser hackers
some time to focus more on user experience improvements, test
automation, and better resistance to fingerprinting issues.

Several tutorials, videos, and bits of documentation might now in one
way or another be out-of-date in many places. Please help report them
or, even better, write up some updated versions.

This release is quite a milestone for the project. Update and enjoy!


The Tor Project now accepts donation in Bitcoin

As is often pointed out in the press, the majority of the Tor Projectâs
financial support comes from US government-linked organizations. In the
ongoing effort to offer as many possible ways for individuals and
organizations to give help to the project, Bitcoin donations are now
being acceptedÂ[8].

As Roger Dingledine wrote in a subsequent comment: âWe really need to
get some funding for core Tor development, and especially for improving
Torâs anonymity, because none of our current funders care enough about
the anonymity side of Tor. Outreach and blocking-resistance are great
topics, but we canât let the anonymity part rot.â

Head over to the donations pageÂ[9] to learn more about how to chip in
with Bitcoins or other currencies.


Tor is out

The first update to the new stable branch of Tor has been releasedÂ[10]
on December 23rd. It fixes an issue that would create more preemptive
circuits than actually need, and a security issue related to poor random
number generation.

The latter affects âusers who 1) use OpenSSL 1.0.0 or later, 2) set
âHardwareAccel 1â in their torrc file, 3) have âSandy Bridgeâ or âIvy
Bridgeâ Intel processors, and 4) have no state file in their
DataDirectory (as would happen on first start). Users who generated
relay or hidden service identity keys in such a situation should discard
them and generate new ones.â

The source code is already available from the usual locationÂ[11].
Update packages and bundles should be ready soon.


Tor events at the 30th Chaos Communication Congress

The Chaos Computer Club will be holding its 30th CongressÂ[12] in
Hamburg between the 27th and the 30th of December, and as usual there
are a number of Tor-related talks and events scheduled.

Following their session on the Tor ecosystem at 29c3Â[13], Tor Project
members Roger Dingledine and Jacob Appelbaum will be giving a talk
entitled âThe Tor Network: Weâre living in interesting timesâÂ[14], in
which they discuss the Projectâs work over the last few years, with
special reference to âmajor cryptographic upgrades in the Tor network,
interesting academic papers in attacking the Tor network, major high
profile users breaking news about the network itself, discussions about
funding, FBI/NSA exploitation of Tor Browser users, botnet related load
on the Tor network, and other important topicsâ.

Their talk will be followed by a discussion involving everyone
interested in helping TorÂ[15] at the NoisySquare assembly. The Tor
ecosystem is now made up of more than forty different projects, and
there are sure to be ways you can help. Bring your skills and your

Torservers.net will be holding a meeting of Tor relay operators and
organizationsÂ[16], featuring âquick presentations on recent and future
activities around Torservers.netâ, to be followed by the official
membersâ meeting of the German Torservers.net partner organization,
Zwiebelfreunde e.V.

#youbroketheinternet will hold a session on the future of crypto routing
backendsÂ[17]: âEven the IETF is now considering that Onion Routing
should be a fundamental capability of the Internet. How would that look
in practice?â

If you are attending the Congress, feel free to come along and
participate in these sessions; if not, you should be able to catch up
with the talks online.


Miscellaneous news

Anthony G. Basile released version 20131216Â[18] of Tor-ramdisk, a
âuClibc-based micro Linux distribution whose only purpose is to host a
Tor server in an environment that maximizes security and privacy.â This
new release is the first to ship the 0.2.4 branch of Tor.


For those who like hazardous experiments, intrigeri sent a call for
testingÂ[19] an experimental Tails image with preliminary UEFI supportÂâ
users of Apple hardware should be particularly interested. anonym also
announcedÂ[20] that test images from the MAC spoofing branch were


Nick Mathewson sent his now-monthly review of the status of Torâs
proposalsÂ[21]. Karsten Loesing followed-up by commenting on several
of those related to the directory protocol. Have a look, you might also
be able to move things forward!


Many thanks to John Sweeney of otivpn.comÂ[22], Jeremy J. Olson of
EPRCIÂ[23], and les.netÂ[24] for running mirrors of the Tor Project


Karsten Loesing has been experimenting with replacementsÂ[25] for the
âfast exitsâ graphs that would convey a better feeling of the network
growth. He also deployed a new visualization for the fraction of
connections used uni-/bidirectionallyÂ[26].


Tor help desk roundup

Multiple users have now emailed the help desk regarding a particular
type of âransomwareâÂ[27] that encrypts the hard drive of Windows
computers and wonât give users the decryption key until a payment is
made. Victims of this malware have emailed the help desk because the
ransomware message includes a link to a tor hidden service site. Malware
victims wanted to know how to install the Tor Browser, or thought the
Tor Project was the source of the malware.

The Tor Project does not make malware; in the past Tor developers have
worked with anti-virus developers to help stop other types of malware.
Users affected might find useful information in the guide assembled by
BleepingComputer.comÂ[28]. If you have not been affected, the story
might be a good reminder to think about your backups.


Upcoming events

Dec 27-30 | Tor @ 30th Chaos Communication Congress
          | Hamburg, Germany
          | https://events.ccc.de/congress/2013/
Jan 13-15 | Tor @ Real World Crypto 2014
          | New York City, USA
          | https://realworldcrypto.wordpress.com/

This issue of Tor Weekly News has been assembled by Lunar, harmony,
Matt Pagan and dope457.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project pageÂ[29], write down your
name and subscribe to the team mailing listÂ[30] if you want to
get involved!


Attachment: signature.asc
Description: Digital signature

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to