Tor Weekly News March 26th, 2014
Welcome to the twelfth issue of Tor Weekly News in 2014, the weekly
newsletter that covers what is happening in the Tor community.
Tor 0.2.5.3-alpha is out
Nick Mathewson cut a new release of the Tor development branch  on
March 23rd: “Tor 0.2.5.3-alpha includes all the fixes from 0.2.4.21. It
contains two new anti-DoS features for Tor relays, resolves a bug that
kept SOCKS5 support for IPv6 from working, fixes several annoying
usability issues for bridge users, and removes more old code for unused
This release also marks the first step toward the stabilization of Tor
0.2.5, as from now on “no feature patches not already written will be
considered for inclusion”.
The source is available at the usual location , as are updated binary
Tails 0.23 is out…
…but many Tails users are already running it. Now that incremental
upgrades have been turned on by default with the previous release, users
of Tails on USB sticks have been able to enjoy the process of a smooth
upgrade in three clicks.
As always, the new release  fixes several security holes . That
alone should make anyone switch, but the new version finally brings with
it two long-awaited features and many small improvements.
Tails will now do “MAC spoofing” by default. To hide the hardware
address used on the local network, Tails will now use a randomized
address by default. This will help prevent the tracking of one’s
geographical location across networks. For more information about MAC
spoofing, why it matters, and when it might be relevant to turn it off,
be sure to read the very well-written documentation .
Another important feature is the integrated support for proxies and Tor
bridges. This should be of immense help to users of Tails on censored
networks. The integration is done using the Tor Launcher extension ,
familiar to everyone who has used recent versions of the Tor Browser.
For examples of smaller features and bugfixes: Tor, obfsproxy, I2P,
Pidgin and the web browser have been upgraded, a 64-bit kernel is used
on most systems to pave the way for UEFI support, documentation is now
accessible from the greeter, and the “New identity” option in the
browser is available again.
The next Tails release is scheduled for April 29th and will be 1.0. For
this important milestone in 5 years of intense work, the Tails team is
still looking for a logo .
New Tor Browser releases
The Tor Browser team put out two new releases based on Firefox
24.4.0esr . Version 3.5.3  is meant as a safe upgrade for every
Tor Browser user. Among other changes, the new version contains an
updated Tor, a fix for a potential freeze, a fix for the Ubuntu keyboard
issue and a way to prevent disk leaks when watching videos.
On top of the preceding changes, version 3.6-beta-1  is the
culmination of a months-long effort to seamlessly integrate pluggable
transports  into the Tor Browser. In the network settings, users can
now choose “Connect with provided bridges” and select from “obfs3” ,
“fte”  or “flashproxy” . Entering custom bridges is also
supported and will work for direct, obfs2 and obfs3 bridges.
Other usability changes include wording improvements in the connection
wizard, translatable Tor status messages, and the use of disk image
(DMG) instead of ZIP archives for Mac OS X.
Please upgrade, in any case, and consider helping iron out the remaining
issues in the 3.6 branch.
Since the 3.5 release, “Tor Browser Bundle is more like a standalone
browser and less like a bundle”. This led the Tor Browser team to plan
to “rename it to just ‘Tor Browser’ everywhere” .
Thanks to Berkay  and to André Schulz  for running mirrors of
the Tor Project website!
Alex reported  an “important case about Tor relay operators” which
came to court in Athens, Greece on March 18th. The defendant, a Tor
relay operator, was acquitted after proving that the IP address used for
criminal activity was in fact a Tor relay.
Connections to Twitter from inside Turkey were blocked by the Turkish
government on 20th March , leading to an increase in the number of
Tor users there [20, 21].
Jacob Appelbaum presented a keynote titled “Free software for freedom,
surveillance and you” at LibrePlanet 2014 . The presentation was
done remotely from Berlin using Tor and GStreamer .
James Valleroy wrote to tor-relays  asking the best way to configure
the FreedomBox  as a Tor bridge. Lance Hathaway explained  about
pluggable transports and Roger Dingledine mentioned  the potential
issues of relaying a bridge and a hidden service at the same time.
Aymeric Vitte wrote to tor-talk  to mention an implementation of the
A Tor exit operator recently held  an Ask Me Anything on Reddit,
which was quite successful, generating over 800 upvotes, 478 comments,
and being read by thousands. The most popular questions were focused on
how to improve the use of Tor, the legality of exit nodes, discussions
on hidden services, the workings of Tor, and many other topics related
to privacy and security.
Tor help desk roundup
Users sometimes want to know how to transfer their bookmarks from an old
Tor Browser to an updated one. Mozilla provide instructions on how to do
this on their website .
The new Tor Browser releases were again prevented from working properly
by WebRoot Internet Security. The error message is “Couldn’t load
XPCOM”. Users need to disable WebRoot, whitelist the appropriate Tor
Browser files, and more importantly contact WebRoot support to warn them
that their product is breaking the Tor Browser and, to the best of Tor
support’s knowledge, Firefox stable releases. Ideally, WebRoot should
test new releases before harming Tor users. See #11268  if you want
News from Tor StackExchange
uighur1984 wanted to set up a hidden service for their public-facing
website  and decided that the HiddenServiceDir should be the same
like the DocumentRoot of the website. This led to some problems with
access rights. Sam Whited clarified that both directories should be
separated: the data in the HiddenServiceDir doesn't contain any actual
data from the website, but only the keys and other information from the
Gondalse shot a video showing policemen torturing a citizen. The release
of the video led to a trial, and Gondalse fears that someone might try
to track the owner of the video down . Jens Kubieziel pointed out
some OPSEC rules, and showed which problems can lead to deanonymization.
Mar 26 19:00 UTC | little-t tor development meeting
| #tor-dev, irc.oftc.net
Mar 28 17:00 UTC | Pluggable transports online meeting
| #tor-dev, irc.oftc.net
Mar 28 18:00 UTC | Tor Browser online meeting
| #tor-dev, irc.oftc.net
April 1-4 | Civil Rights Defenders’ Days
| Stockholm, Sweden
This issue of Tor Weekly News has been assembled by Lunar, Matt Pagan,
harmony, qbi, Jesse Victors, and Karsten Loesing.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page , write down your
name and subscribe to the team mailing list  if you want to
To unsubscribe or change other options, please visit: