[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor Weekly News â March 19th, 2014

To: tor-news@xxxxxxxxxxxxxxxxxxxx, tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Tor Weekly News â March 19th, 2014
From: Lunar <lunar@xxxxxxxxxxxxxx>
Date: Wed, 19 Mar 2014 13:48:03 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 19 Mar 2014 08:56:28 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Mail-followup-to: tor-news@xxxxxxxxxxxxxxxxxxxx, tor-talk@xxxxxxxxxxxxxxxxxxxx
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.22 (2013-10-16)

========================================================================
Tor Weekly News                                         March 19th, 2014
========================================================================

Welcome to the eleventh issue of Tor Weekly News in 2014, the weekly
newsletter that covers what is happening in the Tor community.

Accessing the Tor network from China
------------------------------------

In a new blog post âHow to read our China usage graphsâÂ[1], Roger
Dingledine looks at the current situation of how Tor is able to
circumvent censorship on Chinese Internet accesses. Indeed, if one only
looks at the current bridge users graphÂ[2], one might believe that Tor
is not a solution for users in China.

âThe correct interpretation of the graph is âobfs3 bridges have not been
deployed enough to keep up with the demand in Chinaâ. So it isnât that
Tor is blocked â itâs that we havenât done much of a deployment for
obfs3 bridges or ScrambleSuit bridges, which are the latest steps in the
arms raceâ writes Roger.

The upcoming versionÂâ currently in QA phaseÂ[3]Ââ of the Tor Browser
will include support for the pluggable transportsÂ[4] obfs3Â[5], FTEÂ[6]
and FlashproxyÂ[7]. Having these transports ready to be used in a couple
of clicks should help Chinese users.

The âobfs3â protocol is still vulnerable to active probing attacks.  The
deployment of its replacement, ScrambleSuitÂ[8], is on-going.  As Roger
highlighted, âwe need to get more addressesâ. Several ways have been
thoughts in the pastÂ[9], but until there is more cooperation from ISP
and network operators, your can make a difference by running a
bridgeÂ[10] if you can!

On another front, work is currently on-going on the bridge
distributorÂ[11] to improve how censored users can get a hand on bridge
addresses. Yawning Angel also just releasedÂ[12] the first version of
obfsclientÂ[13] which should help making ScrambleSuit available on
Android devices. All in all, the Tor community can hope to welcome back
more users from China in a near future.

   [1]:Âhttps://blog.torproject.org/blog/how-to-read-our-china-usage-graphs
   [2]:Âhttps://metrics.torproject.org/users.html?graph=userstats-bridge-country&start=2011-10-18&end=2014-01-16&country=cn#userstats-bridge-country
   [3]:Âhttps://lists.torproject.org/pipermail/tor-qa/2014-March/000364.html
   [4]:Âhttps://www.torproject.org/docs/pluggable-transports.html
   [5]:Âhttps://gitweb.torproject.org/pluggable-transports/obfsproxy.git/blob/refs/heads/master:/doc/obfs3/obfs3-protocol-spec.txt
   [6]:Âhttps://fteproxy.org/
   [7]:Âhttps://crypto.stanford.edu/flashproxy/
   [8]:Âhttp://www.cs.kau.se/philwint/scramblesuit/
   [9]:Âhttps://blog.torproject.org/blog/strategies-getting-more-bridge-addresses
  [10]:Âhttps://lists.torproject.org/pipermail/tor-relays/2014-February/003886.html
  [11]:Âhttps://gitweb.torproject.org/bridgedb.git
  [12]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-March/006476.html
  [13]:Âhttps://github.com/Yawning/obfsclient

Circumventing censorship through âtoo-big-too-blockâ websites
-------------------------------------------------------------

Late January, David Fifield introducedÂ[14] a new pluggable transport
called âmeekâÂ[15]. It can be described as âa transport that uses HTTP
for carrying bytes and TLS for obfuscation. Traffic is relayed through a
third-party server (Google App Engine). It uses a trick to talk to the
third party so that it looks like it is talking to an unblocked server.â
The approach is close to the GoAgentÂ[16] proxy that has a certain
popularity in China.

With the current version, using Google App Engine, the transport
requires no additional configuration. But David also mentioned that a
PHP scriptÂ[17] could also be a good candidate to relay the traffic.
Combined to ScrambleSuitÂ[18], it could allow âa real web site with real
pages and everythingâ to be used as a bridge if a user can provide the
shared secret.

David has made available experimental versionsÂ[19] of the Tor Browser
for anyone to try. The source codeÂ[20] has recently movedÂ[21] to the
Tor Projectâs infrastructure, and is ready for more eyes and fingers to
play with it.

  [14]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-January/006159.html
  [15]:Âhttps://trac.torproject.org/projects/tor/wiki/doc/meek
  [16]:Âhttps://trac.torproject.org/projects/tor/wiki/doc/GoAgent
  [17]:Âhttps://bugs.torproject.org/10984
  [18]:Âhttp://www.cs.kau.se/philwint/scramblesuit/
  [19]:Âhttps://lists.torproject.org/pipermail/tor-qa/2014-February/000340.html
  [20]:Âhttps://gitweb.torproject.org/pluggable-transports/meek.git
  [21]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-March/006506.html

Switching to a single guard node?
---------------------------------

Last October, Roger Dingledine called for research on improving Torâs
anonymity by changing guard parametersÂ[22]. One of these parameters is
the number of guard nodes used simultaneously by a Tor client.

Following up on the paper written by Tariq Elahi et al.Â[23], Rogerâs
blog post, and recent discussions during the winter dev. meeting, George
Kadianakis made a detailed analysis of the implications of switching to
a single guard nodeÂ[24]. He studied the performance implications of
switching to a single guard, the performance implications of raising the
minimum guard bandwidth for both clients and the overall network, and
how the change would affect the overall anonymity and fingerprintability
of Tor users.

Jumping to conclusions: âIt seems that the performance implications of
switching to 1 guard are not terrible.Â[â] A guard bandwidth threshold
of 2MB/sÂ[â] seems like it would considerably improve client performance
without screwing terribly with the security or the total performance of
the network. The fingerprinting problem will be improved in some cases,
but still remains unsolved for many of the usersÂ[â] A proper solution
might involve guard node bucketsÂ[25]â.

For a better understanding, be sure to look at Georgeâs work which
includes graphs and proper explanations.

  [22]:Âhttps://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters 
  [23]:Âhttp://freehaven.net/~arma/cogs-wpes.pdf
  [24]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-March/006458.html
  [25]:Âhttps://bugs.torproject.org/9273#comment:4

Miscellaneous news
------------------

George Kadianakis announcedÂ[26] obfsproxy version 0.2.7. The new
release fixes an important bugÂ[27] âwhere scramblesuit would basically
reject clients if they try to connect a second time after a short amount
of time has passed.â Bridge operators are strongly advised to upgrade
from sourceÂ[28], pipÂ[29], or the upcoming Debian packages.

  [26]:Âhttps://lists.torproject.org/pipermail/tor-relays/2014-March/004074.html
  [27]:Âhttps://bugs.torproject.org/11100
  [28]:Âhttps://gitweb.torproject.org/pluggable-transports/obfsproxy.git/commit/6cdbc64
  [29]:Âhttps://pypi.python.org/pypi/obfsproxy/0.2.7

The submission deadline for this yearâs Google Summer of CodeÂ[30] is
the 21st: this Friday. Several students already showed up on the tor-dev
mailing list, but as Damian Johnson saysÂ[31]: âIf youâre
procrastinating until the last minute then please donât!â

  [30]:Âhttps://blog.torproject.org/blog/tor-google-summer-code-2014
  [31]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-March/006498.html

Tails logo contestÂ[32] is happily on-going. Several submissions have
already been received and can be seen on the relevant blueprintÂ[33].

  [32]:Âhttps://tails.boum.org/news/
  [33]:Âhttps://tails.boum.org/blueprint/logo/

Kelley Misata and Karen Reilly attended the South by Southwest (SXSW)
Interactive festivalÂ[34] in Austin, Texas.

  [34]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-March/000485.html

Relay and bridge operators might be interested in Ramoâs first
releaseÂ[35] of a Tor plugin for NagiosÂ[36]. It can currently check for
a page fetch through the SOCKS proxy port, the hibernation state, the
current bandwidth, ORPort reachability, DirPort reachability, and the
bytes remaining until hibernation.

  [35]:Âhttps://lists.torproject.org/pipermail/tor-relays/2014-March/004062.html
  [36]:Âhttps://github.com/goodvikings/tor_nagios

Nicolas Vigier sent his monthly report for FebruaryÂ[37].

  [37]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-March/000486.html

Tails won the 2014 Endpoint Security prizeÂ[38] from Access. The prize
recognizesÂ[39] Tails âunique positive impact on the endpoint security
of at-risk users in needâ. Congrats!

  [38]:Âhttps://twitter.com/accessnow/status/441043400708857856
  [39]:Âhttps://www.accessnow.org/prize

The Format-Transforming Encryption project at Portland State University
receivedÂ[40] an unexpected 100,000 USD grant from Eric Schmidt.

  [40]:Âhttp://www.oregonlive.com/silicon-forest/index.ssf/2014/03/psu_professor_wins_surprise_10.html

Tor help desk roundup
---------------------

The help desk has seen an increase in Russian language support requests
amidst news that the Russian Federation began censoring a number of
websites. Unfortunately, the help desk is not able to provide support in
Russian for now. Changes in the number of Tor users by country can be
observed on the projectâs metrics pageÂ[41].

  [41]:Âhttps://metrics.torproject.org/users.html

Upcoming events
---------------

Mar 19 19:00 UTC | little-t tor development meeting
                 | #tor-dev, irc.oftc.net
                 | https://lists.torproject.org/pipermail/tor-dev/2014-March/006513.html
                 |
Mar 22-23        | Tor @ LibrePlanet 2014
                 | Cambridge, Massachusetts, USA
                 | http://libreplanet.org/2014/
                 |
Apr 11 11:00 EDT | Roger @ George Mason University
                 | Washington, DC, USA
                 | http://today.gmu.edu/64330/


This issue of Tor Weekly News has been assembled by Lunar,
Matt Pagan and Karsten Loesing.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project pageÂ[42], write down your
name and subscribe to the team mailing listÂ[43] if you want to
get involved!

  [42]:Âhttps://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
  [43]:Âhttps://lists.torproject.org/cgi-bin/mailman/listinfo/news-team

Attachment: signature.asc
Description: Digital signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Prev by Author: [tor-talk] Tor Weekly News â March 12th, 2014
Next by Author: Re: [tor-talk] TBB - Correct/proper use of TOR_SKIP_LAUNCH=1 ?
Previous by thread: Re: [tor-talk] tor and isp
Next by thread: [tor-talk] Newbie with a bunch of questions for Tor Cloud
Index(es):
- Author
- Thread