[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor Weekly News â November 19th, 2014



========================================================================
Tor Weekly News                                      November 19th, 2014
========================================================================

Welcome to the forty-sixth issue in 2014 of Tor Weekly News, the weekly
newsletter that covers whatâs happening in the Tor community.

Tor Browser 4.5-alpha-1 is out
------------------------------

Mike Perry announced [1] the first alpha release in the Tor Browser 4.5
series. This version goes some way to restoring one of the features most
missed by users following the removal of the now-defunct Vidalia
interface from Tor Browser â the ability to quickly visualize the Tor
circuit that the current page is using. Clicking on the green Torbutton
icon in the Tor Browser window now brings up a small diagram showing the
IP addresses of all relays in a circuit, and the states in which they
are located; this may help users evaluate the suitability of the
circuits their Tor has selected, and also to quickly identify a
malicious exit relay if they notice unusual behavior in downloaded pages
and files.

Another key user-facing innovation in this release is the âsecurity
sliderâ. Users can now choose from four security settings in Torbuttonâs
âPreferencesâ window â âlow (default)â, âmedium-lowâ, âmedium-highâ, and
âhighâ â that allow them to customize their Tor Browser based on their
own security and usability needs, while still working to prevent
âpartitioningâ attacks, which try to identify users based on their
unusual browser configuration.

For other important additions in this series, please see the full
changelog in Mikeâs post. If you want to try out this alpha version, you
can find it on the Tor Browser project page [2] or in the distribution
directory [3]; please report any bugs you find!

  [1]: https://blog.torproject.org/blog/tor-browser-45-alpha-1-released
  [2]: https://www.torproject.org/projects/torbrowser.html#downloads-alpha
  [3]: https://www.torproject.org/dist/torbrowser/4.5-alpha-1/

Tor Browser on 32-bit Macs approaches end-of-life
-------------------------------------------------

Now that Apple has discontinued support for the last remaining 32-bit
Mac systems, Mike Perry announced [4] that the Tor Browser team will
soon stop distributing 32-bit builds of its software. This weekâs
4.5-alpha-1, like all future releases in the 4.5 series, is only
available in a 64-bit build, and all support for 32-bit systems will end
once 4.5 supersedes 4.0.

â32-bit Mac users likely have a month or two to decide what to doâ,
wrote Mike. âIf your actual Mac hardware is 64-bit capable, you can
upgrade to either the 64-bit edition of OSX 10.6 (which we will continue
to support for a bit longer), or use the app store to upgrade to 10.9 or
10.10. If your hardware is not 64-bit capable and wonât run these newer
Mac operating systems, you should still be able to use Tails [5], which
contains the Tor Browser.â

As a side effect of this transition, Tor Browser 4.0âs experimental
in-browser secure updater will not handle the upgrade to the 64-bit
build correctly for any Mac user; the old version must instead be
replaced manually with the new one.

  [4]: https://blog.torproject.org/blog/end-life-plan-tor-browser-32-bit-macs
  [5]: https://tails.boum.org

Miscellaneous news
------------------

Roger Dingledine [6] and Sambuddho Chakravarty [7] responded on the Tor
blog to inaccurate reports of a new attack against Tor, based on a
recent study co-authored by Sambuddho. âItâs great to see more research
on traffic correlation attacks, especially on attacks that donât need to
see the whole flow on each side. But itâs also important to realize that
traffic correlation attacks are not a new areaâ, wrote Roger.

  [6]: https://blog.torproject.org/blog/traffic-correlation-using-netflows
  [7]: https://blog.torproject.org/blog/traffic-correlation-using-netflows#comment-78918

The Tails team set out the December release schedule [8] for version
1.2.1 of the anonymous live operating system.

  [8]: https://mailman.boum.org/pipermail/tails-dev/2014-November/007422.html

Giovanni Pellerano announced [9] version 3.1.30 of Tor2web, which now
supports web access to Tor hidden services over TLS. Access to the
Facebook hidden service, the most high-profile instance of an
HTTPS-enabled .onion site, is blocked in this version, as Tor2web offers
no benefit in cases where there exists an identical service on the
regular or ânakedâ web, and may actually present additional risk of
compromise.

  [9]: https://lists.torproject.org/pipermail/tor-talk/2014-November/035742.html

Griffin Boyce requested feedback [10] on a âvery roughâ version of
Stormy [11], the simple hidden service setup wizard. âIâd love to get
feedback on places where it breaks and where it could use a major
structural change [â] the current setup is entirely for development and
should not be used as-is.â

 [10]: https://lists.torproject.org/pipermail/tor-dev/2014-November/007798.html
 [11]: https://github.com/glamrock/Stormy

Virgil Griffith started a discussion [12] on the suitability of the name
âhidden servicesâ as opposed to other possible terms like âonion
serviceâ or âonion siteâ. Among the many responses, Roger Dingledine
suggested [13] that an alternative name like âonion serviceâ âmakes
people have to learn what it is rather than guessing (and often guessing
wrong)â, while Nathan Freitas pointed out [14] that as âtypical users
donât talk about web services, they talk about web sites or pagesâ,
âonion siteâ might be a term worth adopting.

 [12]: https://lists.torproject.org/pipermail/tor-talk/2014-November/035658.html
 [13]: https://lists.torproject.org/pipermail/tor-talk/2014-November/035660.html
 [14]: https://lists.torproject.org/pipermail/tor-talk/2014-November/035662.html

Tom Ritter put forward [15] a number of improvements to the integration
of HTTPS certificates and hidden services, following âa spirited debate
on IRCâ.

 [15]: https://lists.torproject.org/pipermail/tor-dev/2014-November/007786.html

The Wikimedia Foundation is the latest high-profile organization to set
up a non-exit Tor relay [16]. âItâs just a small contribution to the
network. Really â anyone can do it.â

 [16]: https://lists.torproject.org/pipermail/tor-talk/2014-November/035655.html

Upcoming events
---------------

  Nov 19 13:30 UTC | little-t tor development meeting
                   | #tor-dev, irc.oftc.net
                   |
  Nov 19 16:00 UTC | Pluggable transports meeting
                   | #tor-dev, irc.oftc.net
                   |
  Nov 24 18:00 UTC | Tor Browser online meeting
                   | #tor-dev, irc.oftc.net
                   |
  Nov 25 17:00 UTC | little-t tor patch workshop
                   | #tor-dev, irc.oftc.net
                   |
  Dec 03 20:00 UTC | Tails contributors meeting
                   | #tails-dev, irc.oftc.net
                   | https://mailman.boum.org/pipermail/tails-dev/2014-November/007418.html


This issue of Tor Weekly News has been assembled by Harmony and Lunar.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [17], write down your
name and subscribe to the team mailing list [18] if you want to
get involved!

 [17]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
 [18]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk