========================================================================
Tor Weekly News November 27th, 2013
========================================================================
Welcome to the twenty-second issue of Tor Weekly News, the weekly
newsletter that covers what is happening in the Tor community.
Round of updated Tor Browser Bundles
------------------------------------
Mozilla put out an urgent security releaseÂ[1] of the stable Firefox
branch with version 17.0.11esr. The stable version of the Tor Browser
Bundle has been updated accordinglyÂ[2]. The 2.4 release candidate also
received an update, together with the latest incarnation of tor
0.2.4.18-rc. Both were then given a further update due to an issue on 64
bit GNU/Linux systemsÂ[3].
The 3.0 branch saw the release of 3.0rc1Â[4] whichÂâ on top of updating
its base softwareÂâ fixed a build reproducibility issue on Windows, and
a few other small fixes.
An updated version of TailsÂ[5] and the pluggable transport bundle are
still in the making at the time of writing.
[1]Âhttps://www.mozilla.org/en-US/firefox/17.0.11/releasenotes/
[2]Âhttps://blog.torproject.org/blog/new-tor-browser-bundles-firefox-17011esr-and-tor-02418-rc
[3]Âhttps://blog.torproject.org/blog/64-bit-gnulinux-tor-browser-bundles-updated
[4]Âhttps://blog.torproject.org/blog/tor-browser-bundle-30rc1-released
[5]Âhttps://mailman.boum.org/pipermail/tails-dev/2013-November/004152.html
Tor is looking for a Browser Hacker and an Extension Developer!
---------------------------------------------------------------
Mike Perry wrote a blog postÂ[6] to announce two new positions available
at the Tor Project: âWe are looking for a C++ browser developerÂ[7] to
work on our Firefox-based browser, and a Firefox extension developerÂ[8]
to work on our growing number of Firefox extensions. Our ideal
candidates would be comfortable in both roles, but we are also
interested in hearing from people with either skillset.â
Look at the job descriptions for more details and how to apply for these
exciting opportunities to make Tor software even better.
[6]Âhttps://blog.torproject.org/blog/tor-looking-browser-hacker-and-extension-developer
[7]Âhttps://www.torproject.org/about/jobs-browserhacker.html
[8]Âhttps://www.torproject.org/about/jobs-extdev.html.en
âSafeplugâ
----------
Roman Mamedov reportedÂ[9] that the Californian company Cloud Engines is
now shipping a device called the âSafeplugâ. Exactly how the device
works is unclear, but according to their FAQ, it looks like a router
which transparently directs its client connections through Tor.
Such an approach is known to be flawed. Sean AlexandreÂ[10] was prompt
in reminding everyone that âapplication protocols can still reveal your
identityâ, and quoted the warning on Torâs download pageÂ[11]: âTo avoid
problems with Tor configuration, we strongly recommend you use the Tor
Browser Bundle. It is pre-configured to protect your privacy and
anonymity on the web as long as youâre browsing with the Tor Browser
itself. Almost any other web browser configuration is likely to be
unsafe to use with Tor.â
Aaron Gibson detailed other concernsÂ[12], namely the absence of source
code or design documents, the mandatory router registration procedure,
issues with the automatic update system, and the terms of service. He
also criticized the âtorified everythingâ approach and outlined an
alternative which he had discussed with Roger Dingledine: âproviding a
captive portal that would instruct a user to download a copy of TBB and
use the local router device as a first hop into the Tor network, perhaps
by configuring the device as a bridge.â
On the upside, Andrew Lewman views the productÂ[13] as âa fine test case
for consumer-level torouter market analysis. It would be great to learn
6 months from now how many they sold and a summary of customer
feedback.â Despite having âlots of concernsâÂ[14], Andrew is âtrying to
discuss them with Cloud Enginesâ and praised the community for âdoing a
fine job of raising questionsâ.
[9]Âhttps://lists.torproject.org/pipermail/tor-talk/2013-November/031199.html
[10]Âhttps://lists.torproject.org/pipermail/tor-talk/2013-November/031200.html
[11]Âhttps://www.torproject.org/download/download-easy.html#warning
[12]Âhttps://lists.torproject.org/pipermail/tor-talk/2013-November/031215.html
[13]Âhttps://lists.torproject.org/pipermail/tor-talk/2013-November/031204.html
[14]Âhttps://lists.torproject.org/pipermail/tor-talk/2013-November/031235.html
Miscellaneous news
------------------
Nick Mathewson gave the number 223Â[15] to Esfandiar Mohammadiâs
proposal titled âAce: Improved circuit-creation key exchangeâÂ[16].
[15]Âhttps://lists.torproject.org/pipermail/tor-dev/2013-November/005836.html
[16]Âhttps://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/223-ace-handshake.txt
Matt Pagan reported on his trip to Washington, D.C., USA for the Rally
Against Mass SurveillanceÂ[17]. He gave an account of his talk during
the cryptoparty and the march that happened the next day.
[17]Âhttps://lists.torproject.org/pipermail/tor-reports/2013-November/000385.html
Arturo Filastà sent his report about his activities in OctoberÂ[18].
[18]Âhttps://lists.torproject.org/pipermail/tor-reports/2013-November/000386.html
Nathan Freitas reportedÂ[19] on his efforts to use GeckoView on Android
4.4, which can be seen as the âfirst step towards Tor Browser on
Androidâ.
[19]Âhttps://lists.torproject.org/pipermail/tor-dev/2013-November/005857.html
Kevin Dyer announcedÂ[20] a new release of a pluggable transport powered
by Format-Transforming EncryptionÂ[21]. Cross-platform builds of the
pluggable transport Tor Browser Bundle are available for download for
the adventurous.
[20]Âhttps://lists.torproject.org/pipermail/tor-dev/2013-November/005861.html
[21]Âhttps://fteproxy.org/
Tor help desk roundup
---------------------
Echoing the tor-talk thread summarized above, multiple people asked
whether or not the Tor Project could recommend the Safeplug device.
An OS X user asked if it was always necessary to open the Tor Browser
folder in order to start the Tor Browser Bundle. It is possible to
create an alias in Mac OS or a shortcut in Windows to the âStart Tor
Browserâ script and place that alias or shortcut in a convenient place,
such as the Desktop.
Upcoming events
---------------
Dec 27-30 | Tor @ 30th Chaos Communication Congress
| Hamburg, Germany
| https://events.ccc.de/congress/2013/
This issue of Tor Weekly News has been assembled by Lunar, Matt Pagan,
harmony, Philipp Winter, and dope457.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project pageÂ[22], write down your
name and subscribe to the team mailing listÂ[23] if you want to
get involved!
[22]Âhttps://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
[23]Âhttps://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
Attachment:
signature.asc
Description: Digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk