========================================================================
Tor Weekly News January 15th, 2014
========================================================================
Welcome to the second issue in 2014 of Tor Weekly News, the weekly
newsletter that covers what is happening in the Tor community.
Orbot 13 is out
---------------
OrbotÂ[1]Ââ the Guardian Projectâs port of Tor on Android platformsÂâ
has received a major updateÂ[2]. Version 13 includes âall the latest
bling across the boardâ meaning Tor 0.2.4.20 and updated versions of
OpenSSL and XTables. Nathan also mentions âsome important fixes to the
Orbot service, to ensure it remains running in the background, and the
active notification keeps working, as well. Finally, weâve changed the
way the native binaries are installed, making it more reliable and clean
across devices.â
After the initial release candidates, 13.0.1Â[3], 13.0.2 and then 13.0.3
were quickly made available to fix various reported issues.
The new release is available from the Guardian Projectâs websiteÂ[4],
F-Droid repository or Google Play.
[1]Âhttps://guardianproject.info/apps/orbot/
[2]Âhttps://lists.mayfirst.org/pipermail/guardian-dev/2014-January/002973.html
[3]Âhttps://lists.mayfirst.org/pipermail/guardian-dev/2014-January/003016.html
[4]Âhttps://guardianproject.info/releases/
Who are the Tor Projectâs website visitors?
-------------------------------------------
Last weekâs call for help regarding the Tor Projectâs websiteÂ[5] has
seen a pretty impressive response. Discussions then quickly sparkled on
the newly created mailing listÂ[6].
As one of the first concrete outcomes, Rey Dhuny contributed an initial
set of âpersonasâ, later improved by Max Jakob Maass, Silviu Riley with
suggestions from others. Quoting WikipediaÂ[7]: âpersonas are fictional
characters created to represent the different user types within a
targeted demographic, attitude and/or behavior set that might use a
site, brand or product in a similar way.â
One can have a look at the wiki pageÂ[8] to learn more about the seven
different users of the Tor website that have been currently identified:
The Student, The Journalist, The Researcher, The Donor, The Engineer,
The Activist, The Dissident. These personas should probably be further
refined, but are already a very useful tool to think about how to
structure a new website.
For anyone interested in following the effort, Andrew Lewman has spent
time triaging all website related ticketsÂ[9] and setting up a new
milestoneÂ[10] to keep tabs on tasks and issues.
[5]Âhttps://blog.torproject.org/blog/tor-website-needs-your-help
[6]Âhttps://lists.torproject.org/cgi-bin/mailman/listinfo/www-team
[7]Âhttps://en.wikipedia.org/wiki/Persona_%28user_experience%29
[8]Âhttps://trac.torproject.org/projects/tor/wiki/Website#Personas
[9]Âhttps://trac.torproject.org/projects/tor/report/45
[10]Âhttps://trac.torproject.org/projects/tor/milestone/Tor%20Website%203.0
Letâs save Tor Weather!
-----------------------
The Tor network would not exist without all its volunteersÂâ currently
more than 3,000 all around the worldÂâ who run the 5,000+ relays
anonymizing our connections.
Tor Weather is one of these small services run by the Tor Project that
is meant to make the life of relay operators easier. It can warn them
when their relay is down or when a new version of tor is availableâ and
when they can receive the rewarding t-shirtÂ[11]. Unfortunately, Tor
Weather has been unmaintained for quite a while, and issues have
accumulatedÂ[12] over time.
Karsten Loesing has sent a call for helpÂ[13] with suggestions on how
the code can be simplified and improved. Abhiram Chintangal and Norbert
Kurz have already stated their interests. Coordination is done through
the tor-dev mailing listÂ[14] and a design wiki pageÂ[15]. Join them if
you are up to some Python hacking or spiffing up the web interface!
[11]Âhttps://www.torproject.org/getinvolved/tshirt.html
[12]Âhttps://trac.torproject.org/projects/tor/query?component=Tor+Weather&order=status
[13]Âhttps://lists.torproject.org/pipermail/tor-dev/2014-January/006039.html
[14]Âhttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[15]Âhttps://trac.torproject.org/projects/tor/wiki/doc/weather-in-2014
More monthly status reports for December 2013
---------------------------------------------
The wave of regular monthly reports from Tor project members for the
month of December 2013 continued this week as well with the extended
report form the Tails teamÂ[16] followed by reports from George
KadianakisÂ[17], Kevin P DyerÂ[18], and Andrew LewmanÂ[19].
[16]Âhttps://tails.boum.org/news/report_2013_12/
[17]Âhttps://lists.torproject.org/pipermail/tor-reports/2014-January/000427.html
[18]Âhttps://lists.torproject.org/pipermail/tor-reports/2014-January/000428.html
[19]Âhttps://lists.torproject.org/pipermail/tor-reports/2014-January/000430.html
Miscellaneous news
------------------
The Tails team has put out a call for testing the first release
candidate for Tails 0.22.1Â[20]. The new version will bring several
bugfixes, an updated kernel, and many improvements to the upgrader
application.
[20]Âhttps://tails.boum.org/news/test_0.22.1-rc1/
Directory authorities are in the processÂ[21] of upgrading their
directory signing key to RSA 2048. This has been done for five out of
nine authoritiesÂ[22]. The changes might result in some temporary error
messages in logs of Tor relays, as it didÂ[23] when âgabelmooâÂ[24]
changed its key on January 11th.
[21]Âhttps://bugs.torproject.org/10324
[22]Âhttps://people.torproject.org/~linus/sign2048.html
[23]Âhttps://lists.torproject.org/pipermail/tor-relays/2014-January/003592.html
[24]Âhttps://atlas.torproject.org/#details/F2044413DAC2E02E3D6BCF4735A19BCA1DE97281
Nicolas Vigier has sent a proposalÂ[25] about replacing the current
Gitian-based build system for the Tor Browser Bundle by a system based
on burpsÂ[26]. Nicolas also worked on a prototypeÂ[27] to go with his
proposal.
[25]Âhttps://lists.torproject.org/pipermail/tor-dev/2014-January/006047.html
[26]Âhttp://burps.boklm.eu/
[27]Âhttps://github.com/boklm/burps-tor
Nick Mathewson mentionedÂ[28] that the âSniper Attackâ paperÂ[29] by Rob
Jansen, Florian Tschorsch, Aaron Johnson, and BjÃrn Scheuermann was now
available. This paper describes serious Denial of Service attacks
through memory exhaustion. The issue is fixed âthanks to advice from
the paperâs authors, in Tor 0.2.4.x and laterâ.
[28]Âhttps://lists.torproject.org/pipermail/tor-dev/2014-January/006038.html
[29]Âhttp://www-users.cs.umn.edu/~jansen/papers/sniper-ndss2014.pdf
In order to prevent attacksÂ[30] on hidden services based on predicting
which directory will be used, directory authorities need to periodically
produce shared unpredictable random strings. To address the issue,
Nicholas Hopper has sent âa threshold signature-based proposal for a
shared RNGâÂ[31], now up for reviews.
[30]Âhttps://bugs.torproject.org/8244
[31]Âhttps://lists.torproject.org/pipermail/tor-dev/2014-January/006053.html
The next session of low-hanging fruits for Tails will happenÂ[32] on
February 8th in the #tails IRC channel OFTC at 10:00 CET.
[32]Âhttps://tails.boum.org/contribute/meetings/201401/
Thanks to stalkr.netÂ[33], Maki HoshisawaÂ[34] and cYbergueRrilLa
AnonyMous NeXusÂ[35] for running new mirrors of the Tor Project website.
[33]Âhttps://lists.torproject.org/pipermail/tor-mirrors/2014-January/000439.html
[34]Âhttps://lists.torproject.org/pipermail/tor-mirrors/2014-January/000442.html
[35]Âhttps://lists.torproject.org/pipermail/tor-mirrors/2014-January/000443.html
Jaromil announcedÂ[36] the release of DowseÂ[37], âa transparent proxy
setup supporting Torâ. One feature is that it detects âall URLs whose
domain ends in .onion, routing them directly to Tor, effectively making
the onion network accessible without any plugin or software installed.â
The transport proxy approach has known issuesÂ[38] but can still be of
interest to some users. Jaromil is seeking feedback and opinions from
the community.
[36]Âhttps://lists.torproject.org/pipermail/tor-talk/2014-January/031632.html
[37]Âhttp://dyne.org/software/dowse
[38]Âhttps://lists.torproject.org/pipermail/tor-talk/2013-July/028833.html
Microsoftâs Geoff McDonald wrote a blog postÂ[39] describing how they
have helped remove half of the estimated four millions of Tor
clientsÂ[40] installed by the Sefnit botnet without the computer ownerâs
knowledge.
[39]Âhttps://blogs.technet.com/b/mmpc/archive/2014/01/09/tackling-the-sefnit-botnet-tor-hazard.aspx
[40]Âhttps://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients
Koumbit has been working on TorrideÂ[41], a live distribution to run Tor
relaysÂâ not unlike Tor-ramdiskÂ[42]Ââ but based on Debian. Version
1.1.0 has been releasedÂ[43] on January 10th.
[41]Âhttps://redmine.koumbit.net/projects/torride
[42]Âhttp://opensource.dyc.edu/tor-ramdisk/
[43]Âhttps://redmine.koumbit.net/news/17
Tor help desk roundup
---------------------
Many users have been emailing for clarification on the Tor Browserâs
interface. The first time Tor Browser is started, users are asked if
their network is free of obstacles. Many users do not know if their
network is free of obstacles or not. A network is free of obstacles
if it does not censor connections to the Tor network. Ticket #10610Â[44]
has been opened to discuss possible improvements.
A number of users have reported problems using the Tor Browser in
Backtrack Linux. Backtrack is unusual among Linux distributions in that
the user can only log in as root; there are no other user accounts. The
Tor Browser cannot be run as root. One solution for Backtrack users is
to create a new account with the `useradd` command and then run the Tor
Browser as that user with the `sudo` command.
[44]Âhttps://bugs.torproject.org/10610
Upcoming events
---------------
Feb 1-2 | Tor @ FOSDEM
| Brussels, Belgium
| https://fosdem.org/2014/
|
April 11 | Roger @ George Mason University
| Washington, DC, USA
| http://today.gmu.edu/64330/
This issue of Tor Weekly News has been assembled by Lunar, Matt Pagan,
dope457, Sandeep, Karsten Loesing, Nicolas Vigier, Philipp Winter and
the Tails developers.
Tor Weekly News needs reviewers! 24 hours before being
published, the content of the next newsletter is frozen so there
is time to improve the language. We are really missing native or
good English speakers who could spend just about 20 minutes
each week. See the project pageÂ[45], and subscribe to the team
mailing listÂ[46] if you want to get involved!
[45]Âhttps://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
[46]Âhttps://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
Attachment:
signature.asc
Description: Digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk