[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor Weekly News â May 7th, 2014

========================================================================
Tor Weekly News                                            May 7th, 2014
========================================================================

Welcome to the eighteenth issue of Tor Weekly News in 2014, the weekly
newsletter that covers what is happening in the Tor community.

Tor Browser 3.6 is released
---------------------------

The long-awaited Tor Browser 3.6 was finally declared stableÂ[1] on
April 29th. Tor Browser 3.6 is the first version to fully integrate
pluggable transports, enabling easier access to the Tor network on
censored networks. The browser is based on the latest Firefox ESR 24.5.0
and includes a new round of security fixesÂ[2].

When configuring how to access the Tor network, users can now select one
of the included list of âobfs3âÂ[3] or âfteâÂ[4] bridges. Using
Flashproxy is also an option, but often requires further
configurationÂ[5] on the local firewall and router. Manually specifying
bridgesÂ[6] is still an option, now with support for the aforementioned
pluggable transports.

Many small usability enhancements have been made: Tor error messages are
translated, the wording on several dialog windows has been improved
based on user feedback, and Mac users now install the browser from the
usual disk image format. Turkish localization has also been enabled.

Read the release announcement for a complete changelog. Be sure to
upgradeÂ[7]!

   [1]:Âhttps://blog.torproject.org/blog/tor-browser-36-released
   [2]:Âhttps://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox24.5
   [3]:Âhttps://gitweb.torproject.org/pluggable-transports/obfsproxy.git/blob/refs/heads/master:/doc/obfs3/obfs3-protocol-spec.txt
   [4]:Âhttps://fteproxy.org/
   [5]:Âhttps://trac.torproject.org/projects/tor/wiki/FlashProxyHowto
   [6]:Âhttps://bridges.torproject.org/
   [7]:Âhttps://www.torproject.org/download/download-easy.html

Tails 1.0 is out
----------------

âVersion 1.0 is often an important milestone that denotes the maturity
of a free software project. The first public version of what would
become Tails was released on June 23 2009Â[â]. That was almost five
years ago. Tails 1.0 marks the 36th stable release since then.â

The release announcementÂ[8] could have not said it better. On top of
the simple idea of having a system entirely running in memory that
guarantees Tor usage for all network connections, Tails has been
extended with an USB installer, automatic upgrades, persistence, support
for Tor bridges, MAC address spoofing, an extensive and translated
documentation and many more featuresÂ[9].

Over Tails 0.23, the new version brings security fixes from Firefox and
TorÂ[10], an updated I2P, several enhancements to the Tor configuration
interface, and the appearance of the new Tails logoÂ[11].

More details are in the release announcement. For those who have not
made use of the integrated updater, time to downloadÂ[12] the new
version!

   [8]:Âhttps://tails.boum.org/news/version_1.0/
   [9]:Âhttps://tails.boum.org/doc/about/features/
  [10]:Âhttps://trac.torproject.org/projects/tor/ticket/11464
  [11]:Âhttps://tails.boum.org/promote/logo/
  [12]:Âhttps://tails.boum.org/download/

Monthly status reports for April 2014
-------------------------------------

The wave of regular monthly reports from Tor project members for the
month of April has begun. Georg Koppen released his report firstÂ[13],
followed by reports from Arthur D. EdelsteinÂ[14], Sherief AlaaÂ[15],
Karsten LoesingÂ[16], LunarÂ[17], Nick MathewsonÂ[18], Matt PaganÂ[19],
Damian JohnsonÂ[20], George KadianakisÂ[21], Pearl CrescentÂ[22], Colin
C.Â[23], Kevin DyerÂ[24], Isis LovecruftÂ[25], Kelley MisataÂ[26], Arlo
BreaultÂ[27], and Andrew LewmanÂ[28].

Lunar also reported on behalf of the help deskÂ[29], Mike Perry for the
Tor Browser teamÂ[30], and Arturo Filastà for the OONI teamÂ[31].

  [13]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-April/000511.html
  [14]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-April/000513.html
  [15]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-May/000514.html
  [16]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-May/000515.html
  [17]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-May/000516.html
  [18]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-May/000517.html
  [19]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-May/000518.html
  [20]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-May/000520.html
  [21]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-May/000521.html
  [22]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-May/000523.html
  [23]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-May/000524.html
  [24]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-May/000525.html
  [25]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-May/000527.html
  [26]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-May/000528.html
  [27]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-May/000529.html
  [28]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-May/000530.html
  [29]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-May/000512.html
  [30]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-May/000522.html
  [31]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-May/000526.html

Miscellaneous news
------------------

The Tails developers warnedÂ[32] that two fake public keys have been
found bearing email addresses associated with the project; do not trust
these keys, or anything they may have been used to sign. You can check
the real keys used to sign Tails software on the Tails websiteÂ[33].

  [32]:Âhttps://lists.torproject.org/pipermail/tor-talk/2014-May/032838.html
  [33]:Âhttps://tails.boum.org/doc/about/openpgp_keys/

Erinn Clark alertedÂ[34] users of the Trac-based Tor wikiÂ[35] to the
fact that a bug (now fixed) made it possible to register an account with
an already-taken username, âoverwriting the existing userâs password and
thereby taking over the accountâ. âWe recommend users try to login and
if you find you are unable to do so, you can reset your passwordâÂon the
appropriate Trac pageÂ[36].

  [34]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-May/006809.html
  [35]:Âhttps://trac.torproject.org/
  [36]:Âhttps://trac.torproject.org/projects/tor/reset_password

Following up on previous discussionsÂ[37] and a proposalÂ[38] on the
topic of how to make hidden services scale, Christopher Baines went on
and implemented a prototypeÂ[39], âfor one possible design of how to
allow distribution in hidden servicesâ. The code and concrete design is
up for feedback.

  [37]:Âhttps://lists.torproject.org/pipermail/tor-dev/2013-October/005556.html
  [38]:Âhttps://lists.torproject.org/pipermail/tor-dev/2013-October/005674.html
  [39]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-April/006788.html

Daniel Martà sent outÂ[40] a list of proposed revisions â arrived at in
discussion with other developers on IRC â to the now slightly outdated
proposal 140, which forms the basis of his upcoming Google Summer of
Code project to implement consensus diffs and so reduce the amount of
information downloaded hourly by Tor clients. Among the proposals are
support for microdescriptor consensus diffs and a time limit to prevent
the leak of information about when Tor was last used; âideas about what
might be missing or needing an update are welcomeâ, wrote Daniel.

  [40]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-May/006792.html

Alpha releases of Orbot v14 are now availableÂ[41] for testing. They
include support for the obfs3 and ScrambleSuit protocols, thanks to
obfsclientÂ[42].

  [41]:Âhttps://lists.torproject.org/pipermail/tor-talk/2014-May/032847.html
  [42]:Âhttps://github.com/yawning/obfsclient

Griffin Boyce solicited feedback on the first release of SatoriÂ[43], an
âapp for Google Chrome that distributes circumvention software in a
difficult-to-block way and makes it easy for users to check if itâs been
tampered with in-transit.â

  [43]:Âhttps://lists.torproject.org/pipermail/tor-talk/2014-May/032866.html

Kelley Misata announced on the Tor BlogÂ[44] that this yearâs Tor Summer
Dev Meeting will be held between June 29th and July 4th at the French
offices of Mozilla in Paris.

  [44]:Âhttps://blog.torproject.org/blog/tor-summer-2014-dev-meeting-hosted-mozilla

Also on the blog, Andrew Lewman announcedÂ[45] that the temporary limit
on donations to the Tor Project through Paypal has now been lifted.

  [45]:Âhttps://blog.torproject.org/blog/paypal-account-limits-now-resolved

Nicolas Vigier announcedÂ[46] that the Tor Browser test suite will now
be run automatically when a new build is ready. The results will be
emailed to the tor-qa mailing list.

  [46]:Âhttps://lists.torproject.org/pipermail/tor-qa/2014-May/000405.html

Nick Mathewson suggestedÂ[47] that proposal 236Â[48], which deals with
the proposed transition to single guard nodes for Tor clients, should
include the retention of multiple guards for directory requests, since
âtrusting a single source for the completeness and freshness of your
directory info is suboptimal.â

  [47]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-May/006820.html
  [48]:Âhttps://gitweb.torproject.org/torspec.git/blob_plain/refs/heads/master:/proposals/236-single-guard-node.txt

Jacob H. Haven, Mikhail Belous, and Noah Rahman each introduced their
Tor-related projects for this yearâs Google Summer of Code: Jacobâs
projectÂ[49] is titled âA Lightweight Censorship Analyzer for Torâ, and
aims to âallow non-technical users to monitor censorship of Tor
occurring in their country/networkâ; Mikhail will workÂ[50] to implement
a multicore version of the tor daemon; and Noah plansÂ[51] on
ârefactoring Stegotorus more along DRY lines as well as enhancing and
updating various handshaking protocols, and getting it ready to merge in
upstream changes from its originators at SRI.â

  [49]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-May/006808.html
  [50]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-May/006817.html
  [51]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-May/006821.html

Thanks to NetCologneÂ[52] and fr33tuxÂ[53] for running mirrors of the
Tor Project website!

  [52]:Âhttps://lists.torproject.org/pipermail/tor-mirrors/2014-April/000556.html
  [53]:Âhttps://lists.torproject.org/pipermail/tor-mirrors/2014-April/000553.html

Frederic Jacobs invited commentsÂ[54] on an alternative Tor icon
designed by a friend âfor funâ.

  [54]:Âhttps://lists.torproject.org/pipermail/tor-talk/2014-May/032839.html

Tor help desk roundup
---------------------

Many users alerted the help desk to a new bugÂ[55] in Tor Browser 3.6
that prevents users from setting a proxy. Developers have said this bug
is related to the introduction of Pluggable Transport support; a new Tor
Browser release addressing this issue is expected this week. 

  [55]:Âhttps://bugs.torproject.org/11658

News from Tor StackExchange
---------------------------

Tom Ritter wonders how the Exit Probability is calculatedÂ[56] and wants
to know if all values add up to 100 %. If anyone knows a good answer,
please donât hesitate to add it to the question.

  [56]:Âhttps://tor.stackexchange.com/q/2041/88

user1698 wants to extend the number of Tor relays in a circuit, and asks
if it is possible to have one with 5 or 6 nodesÂ[57]. Tom Ritter
suggests that this is only possible when one changes the source code.
There is another question which deals with extending the number of nodes
in a circuitÂ[58]: Steven Murdoch warns the user in his answer that
under some circumstances it might be possible to de-anonymize a person
who is using this technique.  Furthermore alaf discusses the
performance, throughput and anonymity of longer circuits.

  [57]:Âhttps://tor.stackexchange.com/q/2039/88
  [58]:Âhttps://tor.stackexchange.com/q/103/88

Upcoming events
---------------

May  7 19:00 UTC | little-t tor development meeting
                 | #tor-dev, irc.oftc.net
                 | https://lists.torproject.org/pipermail/tor-dev/2014-March/006616.html
                 |
May  8 18:00 CET | âCreate a Tor relay!â presentation at Linuxwochen
                 | FH Technikum Wien, Vienna, Austria
                 | https://cfp.linuxwochen.at/de/LWW14/public/events/108
                 |
May  8 20:00 UTC | Tails contributors meeting
                 | #tails-dev, irc.oftc.net
                 | https://mailman.boum.org/pipermail/tails-dev/2014-May/005654.html
                 |
May  9 15:00 UTC | Tor Browser online meeting
                 | #tor-dev, irc.oftc.net
                 | https://lists.torproject.org/pipermail/tbb-dev/2014-April/000049.html
                 |
May  9 16:00 UTC | Pluggable transports online meeting
                 | #tor-dev, irc.oftc.net
                 | https://lists.torproject.org/pipermail/tor-dev/2014-April/006764.html
                 |
May 27-28        | Tor @ Stockholm Internet Forum
                 | Stockholm, Sweden
                 | http://www.stockholminternetforum.se/



This issue of Tor Weekly News has been assembled by Lunar, harmony,
Matt Pagan, qbi and the Tails team.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project pageÂ[59], write down your
name and subscribe to the team mailing listÂ[60] if you want to
get involved!

  [59]:Âhttps://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
  [60]:Âhttps://lists.torproject.org/cgi-bin/mailman/listinfo/news-team

Attachment: signature.asc
Description: Digital signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk