[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor Weekly News â July 16th, 2014

========================================================================
Tor Weekly News                                          July 16th, 2014
========================================================================

Welcome to the sixteenth issue of Tor Weekly News in 2014, the weekly
newsletter that covers what is happening in the Tor community.

Roundup of research on incentives for running Tor relays
---------------------------------------------------------

As an hors-dâÅuvre to the now on-going the Privacy Enhancing Technology
SymposiumÂ[1], Rob Jansen wrote a long blog postÂcovering the last five
years of research on incentives for running Tor relaysÂ[2].

Rob introduces the topic by describing the current âvolunteer resource
modelâ and mentions that âhas succeeded so far: Tor now consists of over
5000 relays transferring between 4 and 5 GiB/s in aggregateâ. Rob lists
several possible reasons why volunteers run relays right now. They are
all intrinsic motivations: current operators run relays because they
really want to.

Is only relying on volunteers going to limit the growth of the Tor
network in the future? There are already not-for-profit
organizationsÂ[3] operating relays based on donations, but growing them
too much would also be problematic. Another area being explored are
extrinsic motivations: making Tor clients faster when someone runs a
relay or giving a financial rewardÂâ in a currency or anotherÂâ for the
service. Some can legitimately ask if they are suitable for Tor at
allÂ[4] and Rob raises plenty of legitimate concerns on how they would
interact with the current set of volunteers.

The problem keeps interesting researchers, and Rob details no less than
six schemes: the oldest are PARÂ[5] and Gold StarÂ[6] which introduced
anonymity problems, BRAIDSÂ[7] where double spending of rewards is
prevented without leaking timing information, LIRAÂ[8] which focused on
scalability, TEARSÂ[9] where a publicly auditable e-cash protocol reduce
the reliance on trusted parties, and finally, the (not ideally
namedÂ[10]) TorCoinÂ[11] which introduces the idea of a crypto-currency
based on âproof-of-bandwidthâ.

Rob details the novel ideas and drawbacks of each schemes, so be sure to
read the original blog post for more details. After this roundup, Rob
highlights that ârecent research has made great improvements in the area
of Tor incentivesâ. But thatâs for the technical side as âit is unclear
how to make headway on the social issuesâ.

âTor has some choices to make in terms of how to grow the network and
how to position the community during that growth processâ concludes Rob.
So letâs have that conversation.

   [1]:Âhttps://petsymposium.org/2014/
   [2]:Âhttps://blog.torproject.org/blog/tor-incentives-research-roundup-goldstar-par-braids-lira-tears-and-torcoin
   [3]:Âhttps://www.torservers.net/
   [4]:Âhttp://p2pfoundation.net/Intrinsic_vs._Extrinsic_Motivation#Why_Extrinsic_Motivation_Doesn.27t_Work
   [5]:Âhttp://cs.gmu.edu/~astavrou/research/Par_PET_2008.pdf
   [6]:Âhttp://freehaven.net/anonbib/papers/incentives-fc10.pdf
   [7]:Âhttp://www.robgjansen.com/publications/braids-ccs2010.pdf
   [8]:Âhttp://www.robgjansen.com/publications/lira-ndss2013.pdf
   [9]:Âhttp://www.robgjansen.com/publications/tears-hotpets2014.pdf
  [10]:Âhttps://www.torproject.org/docs/trademark-faq#researchpapers
  [11]:Âhttp://www.robgjansen.com/publications/torpath-hotpets2014.pdf

Defending against guard discovery attacks with layered rotation time
--------------------------------------------------------------------

Guard nodes are a key component of a Tor clientâs anonymity. Once an
attacker gains knowledge of which guard node is being used by a
particular client, putting the guard node under monitoring is likely the
last step before finding a clientâs IP address.

George Kadianakis has restarted the discussionÂ[12] on how to slow down
guard discovery of hidden servicesÂ[13] by exploring the idea of
âkeeping our middle nodes more staticâ. The idea is to slow down the
attacks based on repeated circuit destruction by reusing the same
âmiddle nodes for 3-4 days instead of choosing new ones for every
circuitâ. Introducing this new behavior will slow down the attack, but
George asks âare there any serious negative implications?â

The idea is not new, as Paul Syverson pointed outÂ[14]: âLasse and I
suggested and explored the idea of layered guards when we introduced
guardsâ. He adds âthere are lots of possibilities hereâ.

George worries that middle nodes would then âalways see your traffic
coming through your guard (assuming a single guard per client)â. Ian
Goldberg addedÂ[15] âthe exit will now know that circuits coming from
the same middle are more likely to be the same clientâ. Restricting the
change to only hidden services and not every client means that it will
be âeasy for an entry guard to learn whether a client has static middle
nodes or notâ.

As George puts it the latest message in the threadÂ[16]: âAs always,
more research is neededââ Please help!

  [12]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-July/007122.html
  [13]:Âhttps://bugs.torproject.org/9001
  [14]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-July/007125.html
  [15]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-July/007123.html
  [16]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-July/007126.html

More monthly status reports for June 2014
-----------------------------------------

The wave of regular monthly reports from Tor project members for the
month of June continued, with submissions from Michael Schloh von
BennewitzÂ[17] and Andrew LewmanÂ[18].

Arturo Filastà reported on behalf of the OONI teamÂ[19], while Roger
Dingledine submitted the SponsorF reportÂ[20]

  [17]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-July/000587.html
  [18]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-July/000588.html
  [19]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-July/000586.html
  [20]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-July/000589.html

Miscellaneous news
------------------

The various roadmaps that came out of the 2014 summer dev. meetingÂ[21]
have been transcribedÂ[22] in a joint effort by George Kadianakis,
Yawning Angel, Karsten Loesing, and an anonymous person. Most items will
probably be matched with a ticket soon.

  [21]:Âhttps://trac.torproject.org/projects/tor/wiki/org/meetings/2014SummerDevMeeting
  [22]:Âhttps://trac.torproject.org/projects/tor/wiki/org/meetings/2014SummerDevMeeting/Roadmaps

The Tor Project is hiring a financial controllerÂ[23]. This is a part
time position, approximately 20 hours per week, at the office in
Cambridge, Massachusetts.

  [23]:Âhttps://www.torproject.org/about/jobs-controller.html

The Tails developers announced the creation of two new mailing lists.
âIf you are a designer, UX/UI expert or beginnerâÂ[24] interested in the
theory and practice of designing user interfaces for Tails, the tails-ux
listÂ[25] is for you, while the tails-project listÂ[26] is dedicated to
âthe âlifeâ of the projectâÂ[27]; however, âtechnical questions should
stay on tails-devâ.

  [24]:Âhttps://mailman.boum.org/pipermail/tails-dev/2014-July/006330.html
  [25]:Âhttps://mailman.boum.org/listinfo/tails-ux
  [26]:Âhttps://mailman.boum.org/listinfo/tails-project
  [27]:Âhttps://mailman.boum.org/pipermail/tails-dev/2014-July/006329.html

Alan kicked of the aforementioned tails-ux mailing list announcing
progressÂ[28] on Tails initial login screen. The new set of mockups is
visible on the corresponding blueprintÂ[29].

  [28]:Âhttps://mailman.boum.org/pipermail/tails-ux/2014-July/000000.html
  [29]:Âhttps://tails.boum.org/blueprint/tails-greeter:_revamp_UI/

More mockups! Nima Fatemi producedÂ[30] some for a possible
browser-based Tor control panel, incorporating features that were lost
with the removal of Vidalia from the Tor Browser, such as the world map
with Tor circuit visualizations. âHow would you perfect that image?Â[31]
Whatâs missing?â, asked Nima, hoping âto inspire people to start hacking
on itâ.

  [30]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-July/007115.html
  [31]:Âhttps://people.torproject.org/~nima/ux/about-tor.png

Meanwhile, Sean Robinson had been workingÂ[32] on a new graphical Tor
controller called SyboaÂ[33]. Seanâs âprimary motivation for Syboa was
to replace TorK, so it looksÂ[34] more like TorK than Vidaliaâ. Sean
announces that he will not have time for further development soon but
that he would answer questions.

  [32]:Âhttps://lists.torproject.org/pipermail/tor-dev/2014-July/007136.html
  [33]:Âhttps://gitorious.org/syboa/syboa
  [34]:Âhttps://gitorious.org/syboa/syboa/source/7082a82:docs/screenshot-basic.png

Juha Nurmi submittedÂ[35] the weekly status report for the ahmia.fi GSoC
project.

  [35]:Âhttps://lists.torproject.org/pipermail/tor-reports/2014-July/000590.html

Thanks to the University of Edinburghâs School of InformaticsÂ[36],
funcube.frÂ[37], Stefano FenoglioÂ[38], IP-ConnectÂ[39], Justin
RamosÂ[40], Jacob Henner from Anatomical NetworksÂ[41], and
Hackabit.nlÂ[42] for running mirrors of the Tor Project website!

  [36]:Âhttps://lists.torproject.org/pipermail/tor-mirrors/2014-July/000623.html
  [37]:Âhttps://lists.torproject.org/pipermail/tor-mirrors/2014-July/000624.html
  [38]:Âhttps://lists.torproject.org/pipermail/tor-mirrors/2014-July/000627.html
  [39]:Âhttps://lists.torproject.org/pipermail/tor-mirrors/2014-July/000632.html
  [40]:Âhttps://lists.torproject.org/pipermail/tor-mirrors/2014-July/000633.html
  [41]:Âhttps://lists.torproject.org/pipermail/tor-mirrors/2014-July/000634.html
  [42]:Âhttps://lists.torproject.org/pipermail/tor-mirrors/2014-July/000638.html

Tor help desk roundup
---------------------

Users often ask about for assistance setting up Tor Cloud instances.
Sina Rabbani is taking over the maintenance of Tor Cloud and is working
on updating the packages and documentation. Until new documentation on
using the up-to-date images and Amazon Web Services interface lands,
users not already familiar with AWS may want to use a different virtual
server provider to host their bridges.

Easy development tasks to get involved with
-------------------------------------------

The setup scripts of the Flashproxy and Obfsproxy pluggable transports
attempt to download and build the M2Crypto library if they are not
already installed. WeÂd really want to avoid this and have the setup
script fail if not all libraries are present for building Flashproxy.
The ticket that describes this bug also outlines a possible workaround
that disables all downloads during the setup processÂ[43]. If you know a
bit about setuptools and want to turn this description into a patch and
test it, please give it a try.

  [43]:Âhttps://bugs.torproject.org/10847#comment:4

Upcoming events
---------------

 July 15-19        | 14th Privacy Enhancing Technologies Symposium
                   | Amsterdam, The Netherlands
                   | https://petsymposium.org/2014/
                   |
 August 20-22      | Roger @ USENIX Security Symposium â14
                   | San Diego, California, USA
                   | https://www.usenix.org/conference/usenixsecurity14


This issue of Tor Weekly News has been assembled by Lunar, harmony,
Matt Pagan, Karsten Loesing, and George Kadianakis.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project pageÂ[44], write down your
name and subscribe to the team mailing listÂ[45] if you want to
get involved!

  [44]:Âhttps://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
  [45]:Âhttps://lists.torproject.org/cgi-bin/mailman/listinfo/news-team

Attachment: signature.asc
Description: Digital signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk