October 2016 - tor-project - lists.torproject.org

Tor Browser User Manual review
by Colin Childs 10 Dec '16

10 Dec '16

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi everyone, As some of you may be aware (if you attend the community team meetings), Alison and I have been working on updating the Tor Browser User Manual and getting it ready for an official release. The community team has now had an opportunity to review the manual, and now we would like to request feedback from the larger community! You can view the manual at https://tb-manual.torproject.org/linux/en-US/ . If you find something that needs changing, please open a ticket on Trac[1] and set the component to "Community", and the "owner" to "phoul" . Thanks, and I hope everyone had a nice weekend! [1]: https://trac.torproject.org/ - -- Colin Childs Tor Project https://www.torproject.org Twitter: @Phoul -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXls5GAAoJEJWQHABkmqq5mz0P/30P28JS3LrYUxSLYElKkWUC JbxQNcHRpnDX5kt1t2Gl0oz/xXisXT/9NF68HFjxbQiWaXiKV19Z9homwc3KiWu2 RfkL/xqI62y1QJpp/EpCGPa7IwsVBdiUfyC7/DwxF9dY5CToWeeJDEcWu5rQrKFE F6gbCGpKBirGva8b9n/PdPFHZbyOqKDFO6ZZm/UjCQ5Ga7NFJvDyPEom0dYuw0cW OweSXH+Qjxn1i5OCtra1b6JayQ03z7msI99fOPqzBREtBGPJt2+50jcnXddWnPQv rMbnuLO1KhLqZ9gGYbTi1+kIjEOu5ZwX7qyQLBDo2HMww79EuyUtDkHOR2hZxC72 N//Aj5M4myGodjYUsdb/QNRKJSy2Z69eco4eKsRonn0U8/JOO0dh82AkfzVzRS7A MPmYivw0zFuTjn9C5e1QiHWJEwmPsbpDuwBU4mj0EZ5H4evMDsncDqW9yE/Lgqpq Jw6v7GP5arZlbJ+3vZgznAVATAuY2O2+ytu2Z8vetpFFCoaSsvZD7bqT1c1c1LdM oWT0yPXJWeKcdm16ow7/Bjh5yO4NBXahnoAAVTLQG7TjpTSiyMw7nHxMRmMVk84u 5jR7GLOPgQCSqTBonnpxCOnt5phg38OV4TQarxUE+zcov/7GKMrvY/uSj5aRly/c xlxlSP9tGaLMaK/PmYvl =HTUt -----END PGP SIGNATURE-----

5 4

meek blocked in China since 2016-10-19
by David Fifield 15 Nov '16

15 Nov '16

https://bugs.torproject.org/20495 It looks like meek has been blocked in China since about 2016-10-19. (See the red line in the attached graph.) I didn't get any reports or anything; I just happened to check the graph. I tried but have not yet been able to reproduce any blocking by making HTTPS requests from a measurement location in China.

3 3

Orfox Security Slider
by Linda Naeun Lee 31 Oct '16

31 Oct '16

Hello, We're making good progress in porting over the security slider to Orfox. We finished designing the mobile user interface. Documentation of our the process here: https://trac.torproject.org/projects/tor/wiki/doc/UX/OrfoxSecuritySlider We also hired a contractor to develop the appropriate changes. Yay! P.S.: A wiki page with a tl;dr gist of our projects (and the link to each project's page) is here: https://trac.torproject.org/projects/tor/wiki/org/teams/UxTeam/PastProjects You can get to that page (and other good ones) from the UX team page: https://trac.torproject.org/projects/tor/wiki/org/teams/UxTeam The UX team page now has links to UX references and lists open tickets. ٩(^‿^)۶, Linda -- Current Key: https://pgp.mit.edu/pks/lookup?search=lindanaeunlee GPG Fingerprint: FA0A C9BE 2881 B347 9F4F C0D7 BE70 F826 5ED2 8FA2

1 0

Fwd: [guardian-dev] Orbot 15.2.0 RC 1 is out!
by Nathan Freitas 28 Oct '16

28 Oct '16

----- Original message ----- From: Nathan of Guardian <nathan(a)guardianproject.info> To: guardian-dev(a)lists.mayfirst.org Subject: [guardian-dev] Orbot 15.2.0 RC 1 is out! Date: Fri, 28 Oct 2016 09:13:11 -0700 A culmination of work done since March, has resulted in a stable-enough-for-jazz RC 1 release of Orbot v15.2. This is the first RC using our new Gradle-based project, which we hope to even further refine into various useful modules. We've also redesigned the user interface to be even simpler for new users, yet still have all the exciting options for the old timers. Along with this, we are now shipping on ARM only, SDK16+ release, reducing the app download size to 7MB. We will be released x86 and MIPS builds shortly, as well. We are considering our strategy for supporting older devices, in particular Android 2.3, or at least 4.0/SDK-14, and up still. The build has been pushed to Google Play, and is available as an APK for direct download. We will update our F-Droid repository shortly, as always. APK: https://guardianproject.info/releases/Orbot-v15.2.0-RC-1-arm.apk (.asc) Tag: https://gitweb.torproject.org/orbot.git/commit/?id=9077bd236df388cd14727252… CHANGELOG: https://gitweb.torproject.org/orbot.git/tree/CHANGELOG /** 15.2.0 RC 1 / 28 October 2016/ 9077bd236df388cd14727252d0be676d39b841e5 **/ 9077bd2 update to 15.2.0-RC-1 and SDK min of 16 085ddb3 make ndk-build work again 290059d fix string path in build script dec3d95 add proguard rules to optimize orbot binary 160383b update for gradle /** 15.2.0 BETA 2 / 24 October 2016/ 12b1198b4b5a4420b16b9ab166828bba787c17aa **/ 345aea9 move the controls to the left sidebar; improve VPN mode more c76d935 improve bridge dialog display ac037a9 fix browser install request 28f1dbf make the VPN/apps mode have a better UI flow c1ffdbb put browser button back in 518f70d comment out notification actions for now 0bb8e84 update Tor version to 0.2.8.9 2125db1 make start and stop of Tor service all hanlded through executor d8648a5 remove meek-google as an option 2676cd3 update resource to make smaller 3ee6b2a don't fail on lint for release builds e3d7ca2 update tor 0.2.8.9 /** 15.2.0 BETA 1 / 13 October 2016/ abaa3f83fc64b9b567a5d437d26db0f660655f35 **/ cd8b549 add the compiled tun2socks lib for devs who just want to work on UI 3c181bc add the proguard rules 9948975 we aren't going to show a notification light 50f33c9 make sure we set VPN mode properly before we launch the service 9de4f54 using compat builder for notifications 3308602 improve the code for launching the pdnsd daemon da0fb10 multiple fixes to re-enable VPN mode and pdnsd daemon ca238c6 continued re-integration of VPN feature 1614921 clean pdnsd binaries from libs in Makefile 1db5676 continue to migrate service and VPN code d5f2c06 remove vpn code that is now in the service module 34c7cfd modify jni build inclusion 268002b fix build scripts for new paths 6333a45 update gitignore to handle orbotservice binary libs d2cf545 move jni code and VPN logic from app module to service 9f61afc improve tor service event handling and display ebc046e remove littleproxy reference (for now!) 7c3a16f we don't need a separate service for the VPN 7950cac remove dated information in the BUILD file 9afbb00 update gradle props and ignore files we don't want in repo 7284a5e make sure Tor start/stop work - use Process instance instead of processID lookup - reply on Tor's HALT command 55e08b9 tweak homescreen layout and strings d56fdb2 renable polipo 90d77ce modify imports 1ffea58 udpate resource paths bab7904 target API 14 aba7f8e update gitignores for gradle 912cb74 update tor to 0.2.8.7 5a4e00a fix paths for new module layout ecf9023 remove old binaries 10f1ade update makefile and add new patch b52023a move assets to service project 549399b launch default activity from notification 6d0fdbb update gitignore for gradle project 56683a3 add pdnsd library in for vpn service DNS! 29fd07a remove patches from here, moved to external 0f00e12 move patches to external since that is what it is applied to (external code) 54b3349 remove redundant code from old ant build format (not in gradle modules) 18682e4 big check-in of major gradle refactor; now building and running! VPN features are disabled for now bdb5893 update translations 4023354 Merge branch 'master' of github.com:n8fr8/orbot 6e45c07 Merge pull request #32 from ghost/patch-1 21c5bcc Remove typo 5adcbec Start the meek transport for custom meek bridges -- Nathan of Guardian nathan(a)guardianproject.info _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: guardian-dev-unsubscribe(a)lists.mayfirst.org

1 0

IFF 2017 - Calling for your session proposal(s)
by Matthew Finkel 28 Oct '16

28 Oct '16

/---------------------------\ /-----------------------\ | "Private" Network | | Internet | | | | | | User--------------\ ---------- /-server ___ | | User-------------| Firewall |-------server | | ------/ | |\-server | | User--------/ / ---------- \--- | | User-/ | ^ | \-----server | \---------------------------/ /|\ \-----------------------/ | / / Freedom Added and removed here! :) (Five newlines?) (See [0] if you don't understand the reference for the artwork) Shari beat me to the annoucement, but that's not a problem - this'll be a little more detailed. I've been slacking a bit too much on this. I'd like to encourage everyone in submitting a proposal for hosting a session at IFF [1][2]. Next year IFF will be 6-10 March. Specifically, many of you should look at the Tools and Tech theme - but the other themes are equally interesting depending on your interests. (Yes, I am promoting this because I'm on the team selecting the sessions, and yes I loved Valencia and IFF so much for the last two years I think we should all go hangout for a third year). All proposal submissions are due by 28 November (1 month from today. No, I don't know which timezone). You can learn about the other themes on the website [2], but below is the summary of Tools and Tech: The Tools & Technology Theme creates a space for the technologists that are driving the next generation of security and privacy tools to share knowledge and concerns, as well as to work collectively on core infrastructure and known obstacles. It will feature workshops, sessions and hackathons to improve the quality of existing tools and support the development of innovative solutions to technical and real-world problems. Topics for the Tools & Technology Theme include: - New tools and latest developments in circumvention technologies - Tool monitoring: i.e. ensuring what we are using and propagating is still good? - Tool contextualization and transferability - Hardware Security I can think of at least one person or team that fits each of these, so I'll try getting in touch with you, but I hope everyone will consider submitting a proposal. Just some thoughts: - Workshop or hackathon for OONI and lepidopter - Panel about testing Tor with shadow/chutney/testnet and the future - Presentation about Tails on QubesOS on X200 using libreboot - Presentation on distributing Tor in censored regions and how it's improved - Presentation on OONI, its growing dataset, and how the backend was designed to be webscale compatible. - Presentation on Metrics, the challenges of obtaining data, and its excellent visualizations - Something with bridges, bridge auth, bridgedb, monitoring bridges, ... - ?? There are many potential sessions, let me know if you're interested or have any questions. I should mention here that all sessions are either 1 hour or 3 hours long, so factor that into the equation, as well. Thanks, Matt [0] https://img.washingtonpost.com/rf/image_1484w/2010-2019/WashingtonPost/2013… https://www.washingtonpost.com/world/national-security/nsa-infiltrates-link… [1] https://internetfreedomfestival.org/host-a-session/ [2] https://people.torproject.org/~sysrqb/Tools-and-Tech.png (required linkage) [3] https://internetfreedomfestival.org/#themes [4] boots-and-cats-and-boots-and-cats

1 0

Summary of meek's costs, September 2016
by David Fifield 27 Oct '16

27 Oct '16

Here's the summary of meek's CDN fees for September 2016. App Engine + Amazon + Azure = total by period all 2014 $600.63 + $917.89 + $0.00 = $1518.52 January 2015 $464.37 + $669.02 + $0.00 = $1133.39 February 2015 $650.53 + $604.83 + $0.00 = $1255.36 March 2015 $690.29 + $815.68 + $0.00 = $1505.97 April 2015 $886.43 + $785.37 + $0.00 = $1671.80 May 2015 $871.64 + $896.39 + $0.00 = $1768.03 June 2015 $601.83 + $820.00 + $0.00 = $1421.83 July 2015 $732.01 + $837.08 + $0.00 = $1569.09 August 2015 $656.76 + $819.59 + $154.89 = $1631.24 September 2015 $617.08 + $710.75 + $490.58 = $1818.41 October 2015 $672.01 + $110.72 + $300.64 = $1083.37 November 2015 $602.35 + $474.13 + $174.18 = $1250.66 December 2015 $561.29 + $603.27 + $172.60 = $1337.16 January 2016 $771.17 + $1581.88 + $329.10 = $2682.15 February 2016 $986.39 + $977.85 + $445.83 = $2410.07 March 2016 $1079.49 + $865.06 + $534.71 = $2479.26 April 2016 $1169.23 + $1074.25 + $508.93 = $2752.41 May 2016 $525.46 + $1097.46 + $513.56 = $2136.48 June 2016 $0.00 + $1117.67 + $575.50 = $1693.17 July 2016 $0.00 + $1121.71 + $592.47 = $1714.18 August 2016 $0.00 + $1038.62 + $607.13 = $1645.75 September 2016 $0.00 + $932.22 + $592.92 = $1525.14 -- total by CDN $13138.96 + $18871.44 + $5385.91 = $37396.31 grand total https://metrics.torproject.org/userstats-bridge-transport.html?start=2016-0… The number of users was up again slightly compared to the preceding month. == Amazon a.k.a. meek-amazon == On 2016-08-18, I changed the Amazon CDN price class to "Use Only US, Canada and Europe" to see if it would be cheaper. (As recorded in the log at https://trac.torproject.org/projects/tor/wiki/doc/meek#Users.) That's why there's no "Asia Pacific", "EU", "South America" etc. The setting doesn't affect who can use meek-amazon; it only affects what edge servers get used. It helped a little. We had a little more bandwidth compared to last month (3225 GB vs. 2865 GB) and it cost a little less ($251.88 vs. 277.90). EU (Ireland) 287M requests $345.37 1261 GB $98.34 Global 7M requests $7.12 20 GB $1.56 US East (Northern Virginia) 327M requests $327.34 1943 GB $151.98 -- total 622M requests $679.83 3225 GB $251.88 charge for alarms $0.50 https://atlas.torproject.org/#details/F4AD82B2032EDEF6C02C5A529C42CFAFE5165… == Azure a.k.a. meek-azure == Zone 1 6641 GB $577.79 Zone 2 110 GB $ 15.13 -- total 6751 GB $592.92 https://atlas.torproject.org/#details/AA033EEB61601B2B7312D89B62AAA23DC3ED8… Earlier reports in this series: https://trac.torproject.org/projects/tor/wiki/doc/meek#Costs

1 0

Booth during the FOSDEM
by Syl 27 Oct '16

27 Oct '16

Hello, I'm a member of Nos oignons (https://nos-oignons.net/ a french association that runs exit nodes) and I thought about having a booth during the next FOSDEM to talk about Tor and related stuff. What do you think about sharing a common booth? I send this invitation to Tor Project, Tails Project, Frënn vun der Ënn, and torservers.net. The deadline for stand proposals is October 31, I would send the proposal in one month if we are enough people to participate. I think we need to be 3 people each day. Thanks. Syl

3 3

Notes from October 20 2016 Vegas team meeting
by Karsten Loesing 27 Oct '16

27 Oct '16

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 See this posting for context: https://lists.torproject.org/pipermail/tor-project/2016-April/000223.html Notes for October 20 2016 meeting: Alison: 1) Support desk stopgap measures: what we're doing before support.torproject.org goes live 2) nothing else to report, unless you want to hear from the Cool and Exciting world of Library Freedom Project, where things are going really well :) Nick: 1) 030 is forked. 2) 029 needs more testing, but we have no binaries. :( * GeKo says he's figured out the bug on ln5's nightlies system, and will try to get nightlies back tomorrow. Woo! 3) While Documenting stuff, I've been noticing how many old things we still have in rephist.c and geoip.c and elsewhere. Metrics folks: any time to review what we collect there and make sure it's all actually useful? [Already talked with Karsten and Iwakeh here; no need to discuss at meeting.] Kate: 1) Planning out next 6 months of communications. 2) Working with OONI on ooniprobe 2.0.0 announcement to solicit media coverage :) 3) Organizing 200 pages of press clips for DRL report 4) Working on various ongoing media stories. Waiting to hear back on Wendy's opinion piece on Rule 41. Mike: 1) Talked with CloudFlare a bit on tor-access. They said they will be rolling out the WAF thing to paid sites, and their systems will be ready for the blind token extension this quarter (they meant by end of year, I think). Arturo: 1) Released ooniprobe 2.0.0 (yay!). Still need to publish announcement, but waiting for debian and osx packages to be done. 2) Gotten more or less green light from Ford to have them cover the costs of the hackathon. 3) Many interesting and useful conversations at OTF summit. Isabela: 1) A contract was sent to Tom (dev that will work on Orfox FE) - Linda is leading the copy for the UI and our deadline is to have a final copy by EOM 2) Working on DRL quarterly report 3) Sent call for help on testing core tor releases - got some responses in tor-dev list and some off the list - need to follow up with them now that the release is out 4) Lots going on at the OTF summit 5) lots of things to catch up because of OTF summit Karsten: 1) We're on track with enabling CollecTor instances to synchronize data from each other, which is our most important October milestone. Shari: 1) We hired new finance and grants manager, Brad Parker. He starts on November 14. 2) Working on end-of-year campaign stuff. 3) Meeting with lots of people this week at OTF Summit. -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQEcBAEBCAAGBQJYEF/AAAoJEC3ESO/4X7XBVwkIALU9jGYE33UGEBzA90oKNwfJ YlxR0ydAwMYyGkVMdye9EfUDoH8t9SmJtG9m8OP3m8xfnymHR/Sf0SRNVaJ020l6 bk/IMC7scCq2RPaEsVNjktHFNTxqjRBBAs7C/Q7cxN4YpIjO7kmjkPFM11J2Uqh6 F6G6HIPS5CVqkaPH98B9JLz6M0syE6WZf0pclagF7KRmM8OOC2z3LQ72MVCvh1UH /RyFkyW08hhaxQBs+pPDuVKZLYELwyLDldl+VMVY5ICuIqsN8rzy1k3xYmIjVf6v lqp0co1yhbD2ekTjIVgAcYS7lUKNbYDJJ0aKhcghJ5PLArU/oXT35NSv0gDbd/E= =3SYK -----END PGP SIGNATURE-----

2 2

What folks say about Tor
by Shari Steele 26 Oct '16

26 Oct '16

Hey all. I’m collecting quotes of complimentary things our adversaries have said about Tor for possible inclusion on a t-shirt, and I would really appreciate your help. Roger got me started with a bunch of quotes below, but most of them are missing attribution. So if any of you have additional quotes and/or can add attribution to Roger’s quotes below, I would be extremely grateful. Thanks in advance for your help with this! Shari > Here are some: > > - "Still the King of high secure, low latency Internet Anonymity" "There > are no contenders for the throne in waiting" -- from an NSA or GCHQ > slide deck in 2011 > > - "Tor Project staffed with smart people!" from the same slide deck > > - "Tor is very good -- No passive exploitation :-(" from the same slide > deck > > - "TorButton: A Thorn in the side of SIGINT" from the same slide deck > > - "Catastrophic: near-total loss/lack of insight to target communications, > presence" refering to impact of Tor, TrueCrypt, and Tails. > > - "Very naughty people use Tor" -- GCHQ, in a summary slide from a slide > deck analyzing hidden service security (also "Near impossible to figure > out who is talking to who"). > > There are a few more that I should hunt down, like a good quote about > Tails, and something complimentary of Mike in particular. But maybe > those will be a good start?

4 4

can someone reboot storm?
by isabela 25 Oct '16

25 Oct '16

Hi there, sorry if this is the wrong place. I've noticed since yesterday that storm is not accessible. The fact I can't access the information there is starting to block some work from moving forward. I know isis has been taking care of our storm instance for a while. I don't know if she is still doing it, and if she is, I don't know if she has time now to get storm working again. (thank you isis!) Would be possible to reboot the machine and see if it comes back? Again, sorry if this is not the right place. Isabela

1 1