[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor Weekly News â January 21st, 2015



========================================================================
Tor Weekly News                                       January 21st, 2015
========================================================================

Welcome to the third issue in 2015 of Tor Weekly News, the weekly
newsletter that covers whatâs happening in the boring [1] Tor community.

  [1]: https://guardianproject.info/2015/01/02/2015-is-the-year-of-bore-sec/

Tor Browser 4.0.3 and 4.5a3 are out
-----------------------------------

Georg Koppen announced two new releases by the Tor Browser team. Version
4.0.3 [2] of the privacy-preserving browser is based on Firefox
31.4.0esr, and also contains updates to NoScript, meek, and Tor
Launcher.

The third release in the 4.5-alpha series [3] allows the secure
in-browser update mechanism to handle signed update files, and will
reject unsigned ones from now on. It also restores functionality for
meek, which was broken in previous 4.5-alpha releases, and offers other
improvements and bugfixes â please see Georgâs announcement for the full
changelog.

These releases contain important security updates, so users of both the
stable and alpha series should upgrade as soon as possible. Furthermore,
Tor Browser 4.5a3 is signed by a new Tor Browser Developers signing key
rather than the personal key of an individual developer. If you want to
verify your download of the new alpha (and you should!), you will need
to retrieve the new key (fingerprint EF6E 286D DA85 EA2A 4BA7 DE68 4E2C
6E87 9329 8290) from a keyserver before doing so.

  [2]: https://blog.torproject.org/blog/tor-browser-403-released
  [3]: https://blog.torproject.org/blog/tor-browser-45a3-released

Miscellaneous news
------------------

Anthony G. Basile announced [4] version 20150114 of Tor-ramdisk, the
uClibc-based micro Linux distribution whose only purpose is to host a
Tor relay in an environment that maximizes security and privacy. This
release includes updates to Tor, Libevent, and other key software.

  [4]: https://lists.torproject.org/pipermail/tor-talk/2015-January/036526.html

Nik announced [5] oppy, an onion proxy implemented in Python: âoppy
works like a regular Tor clientâ, though âthere are a number of
simplifications made, with the major ones primarily centering around
circuit management/build logic and how and when network status documents
are collectedâ. Nik also asked for suggestions on how to take the
project forward: âWhether or not I continue hacking on oppy to make it a
solid piece of software (rather than just a prototype) or just leave it
as is as a reference depends on whether or not the Tor development
community sees any real uses or future potential for the projectâ.

  [5]: https://lists.torproject.org/pipermail/tor-dev/2015-January/008174.html

meejah announced [6] a new one-to-one encrypted and anonymous voice chat
feature for âcarmlâ [7], the command-line Tor control utility: â [It]
essentially cross-connects the mic + speakers of each side via an Opus +
OGG stream over a single Tor TCP connection.â As meejah warns, it is
âNOT FOR REAL USE at all yetâ, but if you have experience with gstreamer
and/or OGG then please see meejahâs message for some unresolved
questions.

  [6]: https://lists.torproject.org/pipermail/tor-dev/2015-January/008166.html
  [7]: https://github.com/meejah/carml.git

Following suggestions from Sebastian Urbach [8] and grarpamp [9],
Karsten Loesing altered [10] the main unit of data rate measurement for
the Tor Metrics portal [11] from MiB/s (mebibytes per second) to the
more common Gbit/s (gigabits per second).

  [8]: https://lists.torproject.org/pipermail/tor-relays/2015-January/006240.html
  [9]: https://lists.torproject.org/pipermail/tor-relays/2015-January/006248.html
 [10]: https://bugs.torproject.org/14257
 [11]: https://metrics.torproject.org/

Philipp Winter published [12] preliminary statistics and analysis
obtained by running a Go implementation of Doctorâs [13] sybil-hunting
script over archived consensuses: âIâll have a more detailed analysis at
some point in the future.â

 [12]: https://lists.torproject.org/pipermail/tor-dev/2015-January/008156.html
 [13]: https://gitweb.torproject.org/doctor.git/

The Tails team published [14] instructions for running an nginx
webserver as a hidden service using a copy of Tails: âFeedback is
welcome!â

 [14]: https://mailman.boum.org/pipermail/tails-dev/2015-January/007919.html

Thanks to FrÃdÃric Cornu [15] for running a mirror of the Tor Projectâs
website and software!

 [15]: https://lists.torproject.org/pipermail/tor-mirrors/2015-January/000850.html

This week in Tor history
------------------------

A year ago this week [16], the âSpoiled Onionsâ project [17] published
its preliminary technical report. The goal of the project was to monitor
Tor exit relays in order to âexpose, document, and thwart malicious or
misconfigured relaysâ; the researchers turned up 65 such relays over the
course of their investigation, with the culprits engaging in attacks
such as âSSH and HTTPS MitM, HTML injection, SSL stripping, and traffic
sniffingâ, or unintentionally interfering with traffic as a result of
upstream censorship.

Events such as the RELAY_EARLY traffic confirmation attack [18] and the
sybil attacks late last year [19] have only highlighted the importance
of monitoring for malicious relays in the Tor network. The bad-relays
mailing list [20] serves as a reporting channel for Tor community
members who believe particular relays are up to no good (messages sent
to the list are not publicly visible, for various reasons [21]); David
Fifield has been experimenting with data visualizations of significant
network events [22]; and Philipp Winter, a âSpoiled Onionsâ co-author,
has been working on additional tools (such as the above-mentioned Go
sybil hunter and âzoosshâ, a speedy Tor network document parser [23]) to
make these checks more efficient â to give only a few examples of recent
work by the community on this issue.

 [16]: https://lists.torproject.org/pipermail/tor-news/2014-January/000029.html
 [17]: http://www.cs.kau.se/philwint/spoiled_onions/
 [18]: https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
 [19]: https://lists.torproject.org/pipermail/tor-consensus-health/2014-December/005381.html
 [20]: https://lists.torproject.org/cgi-bin/mailman/listinfo/bad-relays
 [21]: https://lists.torproject.org/pipermail/tor-news/2014-August/000057.html
 [22]: https://lists.torproject.org/pipermail/tor-dev/2015-January/008095.html
 [23]: https://gitweb.torproject.org/user/phw/zoossh.git/

Upcoming events
---------------

  Jan 21 13:30 UTC | little-t tor development meeting
                   | #tor-dev, irc.oftc.net
                   |
  Jan 22 17:30 JST | Jacob @ Free Software Initiative of Japan
                   | Tokyo, Japan
                   | http://www.fsij.org/monthly-meetings/2015/Jan.html
                   |
  Jan 26 18:00 UTC | Tor Browser online meeting
                   | #tor-dev, irc.oftc.net
                   |
  Jan 26 18:00 UTC | OONI development meeting
                   | #ooni, irc.oftc.net
                   |
  Jan 27 18:00 UTC | little-t tor patch workshop
                   | #tor-dev, irc.oftc.net
                   |
  Feb 03 20:00 UTC | Tails contributors meeting
                   | #tails-dev, irc.oftc.net
                   | https://mailman.boum.org/pipermail/tails-dev/2015-January/007860.html


This issue of Tor Weekly News has been assembled by Harmony.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [24], write down your
name and subscribe to the team mailing list [25] if you want to
get involved!

 [24]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
 [25]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk