[TWN team] Recent changes to the wiki pages

[Lunar]

===========================================================================
=== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2014/30 ===
===========================================================================

version 18
Author: lunar
Date:   2014-07-28T11:04:17+00:00

   also mention meek

--- version 17
+++ version 18
@@ -20,11 +20,14 @@
 small issues fixed. Details are available in the release announcement.
 
 The release fixes import security updates [XXX] from Firefox. Be
-sure to upgrade [XXX]!
+sure to upgrade [XXX]! Users of the experimental meek [XXX] bundles
+have not been forgotten [XXX].
 
  [XXX]: https://blog.torproject.org/blog/tor-browser-363-released
  [XXX]: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox24.7
  [XXX]: https://www.torproject.org/download/download-easy.html
+ [XXX]: https://trac.torproject.org/projects/tor/wiki/doc/meek
+ [XXX]: https://people.torproject.org/~dcf/pt-bundle/3.6.3-meek-1/
 
 Security issue in Tails 1.1 and earlier
 ---------------------------------------

version 17
Author: lunar
Date:   2014-07-28T10:47:04+00:00

   write about bad relays and TB mockups

--- version 16
+++ version 17
@@ -51,6 +51,32 @@
  [XXX]: https://tails.boum.org/news/On_0days_exploits_and_disclosure/
  [XXX]: https://geti2p.net/en/blog/post/2014/07/26/0.9.14-Release
  [XXX]: https://mailman.boum.org/pipermail/tails-dev/2014-July/006459.html
+
+Reporting bad relays
+--------------------
+
+“Bad” relays are malicious, misconfigured, or otherwise broken Tor
+relays. As anyone is free to volunteer bandwidth and processing power
+to spin up a new relay, users can encounter such bad relays once in
+a while. Getting them out of everyone's circuits is thus important.
+
+Damian Johnson and Philipp Winter have been working on improving and
+documenting [XXX] the process to report bad relays. “While we do
+regularly scan the network for bad relays, we are also dependent on the
+wider community to help us spot relays which don't act as they should”
+wrote [XXX] Philipp.
+
+When observing unusual behaviors, one way to learn about the
+current exit relay before reporting it is to use the check [XXX]
+service. This method can be inaccurate and tend to be a little bit
+cumbersome. The good news is that Arthur Edelstein is busy
+integrating [XXX] more feedback on Tor circuits being used directly in
+the Tor Browser.
+
+ [XXX]: https://trac.torproject.org/projects/tor/wiki/doc/ReportingBadRelays
+ [XXX]: XXX blog post XXX
+ [XXX]: https://check.torproject.org/
+ [XXX]: https://trac.torproject.org/projects/tor/ticket/8641#comment:12
 
 Monthly status reports for XXX month 2014
 -----------------------------------------
@@ -120,9 +146,7 @@
 }}}
 Possible items:
 
- * We now have a dedicated wiki page and list to report bad relays: https://trac.torproject.org/projects/tor/wiki/doc/ReportingBadRelays
  * guard https://trac.torproject.org/projects/tor/ticket/11264#comment:6
- * mockups for displaying current circuit in Tor Browser https://trac.torproject.org/projects/tor/ticket/8641#comment:12
  * Tor Onion Proxy Library https://lists.torproject.org/pipermail/tor-talk/2014-July/034046.html
  * riseup.net account holders can ask bridgedb autoresponder https://trac.torproject.org/projects/tor/ticket/12635#comment:1
  * Tor Research Framework https://lists.torproject.org/pipermail/tor-dev/2014-July/007232.html

version 16
Author: lunar
Date:   2014-07-28T10:21:40+00:00

   mention Tails statement about the vuln disclosure process

--- version 15
+++ version 16
@@ -31,7 +31,9 @@
 
 Several vulnerabilities has been discovered in I2P [XXX] which is shipped
 in Tails 1.1 and earlier [XXX]. I2P [XXX] is an anymous overlay network
-with many similarities to Tor.
+with many similarities to Tor. There was quite some confusion around the
+disclosure process of this vulnerability. Readers are encouraged to read
+what the Tails team has written about it [XXX].
 
 Starting I2P in Tails normally require a click in the relevant menu
 entry. Once started, the security issues can lead to deanonymization of
@@ -46,6 +48,7 @@
 
  [XXX]: https://tails.boum.org/security/Security_hole_in_I2P_0.9.13/
  [XXX]: https://geti2p.net/
+ [XXX]: https://tails.boum.org/news/On_0days_exploits_and_disclosure/
  [XXX]: https://geti2p.net/en/blog/post/2014/07/26/0.9.14-Release
  [XXX]: https://mailman.boum.org/pipermail/tails-dev/2014-July/006459.html
 
@@ -117,7 +120,6 @@
 }}}
 Possible items:
 
- * https://tails.boum.org/news/On_0days_exploits_and_disclosure/
  * We now have a dedicated wiki page and list to report bad relays: https://trac.torproject.org/projects/tor/wiki/doc/ReportingBadRelays
  * guard https://trac.torproject.org/projects/tor/ticket/11264#comment:6
  * mockups for displaying current circuit in Tor Browser https://trac.torproject.org/projects/tor/ticket/8641#comment:12

version 15
Author: lunar
Date:   2014-07-28T10:19:40+00:00

   write about orWall

--- version 14
+++ version 15
@@ -64,15 +64,13 @@
 Miscellaneous news
 ------------------
 
-Item 1 with cited source [XXX].
+CJ announced [XXX] the release of orWall (previously named
+Torrific [XXX]), a new Android application that “will force applications
+selected through Orbot while preventing unchecked applications to have
+network access”.
 
-Item 2 with cited source [XXX].
-
-Item 3 with cited source [XXX].
-
- [XXX]:
- [XXX]:
- [XXX]:
+ [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-July/034006.html
+ [XXX]: https://torrific.ch/
 
 Tor help desk roundup
 ---------------------
@@ -120,7 +118,6 @@
 Possible items:
 
  * https://tails.boum.org/news/On_0days_exploits_and_disclosure/
- * Android App Torrific https://lists.torproject.org/pipermail/tor-talk/2014-July/034006.html
  * We now have a dedicated wiki page and list to report bad relays: https://trac.torproject.org/projects/tor/wiki/doc/ReportingBadRelays
  * guard https://trac.torproject.org/projects/tor/ticket/11264#comment:6
  * mockups for displaying current circuit in Tor Browser https://trac.torproject.org/projects/tor/ticket/8641#comment:12

version 14
Author: lunar
Date:   2014-07-28T10:08:57+00:00

   write about Tails security issue

--- version 13
+++ version 14
@@ -25,6 +25,29 @@
  [XXX]: https://blog.torproject.org/blog/tor-browser-363-released
  [XXX]: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox24.7
  [XXX]: https://www.torproject.org/download/download-easy.html
+
+Security issue in Tails 1.1 and earlier
+---------------------------------------
+
+Several vulnerabilities has been discovered in I2P [XXX] which is shipped
+in Tails 1.1 and earlier [XXX]. I2P [XXX] is an anymous overlay network
+with many similarities to Tor.
+
+Starting I2P in Tails normally require a click in the relevant menu
+entry. Once started, the security issues can lead to deanonymization of
+a Tails user that would visit a malicious web page. As a matter of
+precaution, the Tails team recommends removing the “i2p” package each
+time Tails is started.
+
+I2P has fixed the issue in version 0.9.14 [XXX]. It is likely to be
+included in the next Tails release, but the team is also
+discussing [XXX] implementing more in-depth protections that would
+be required to keep I2P in Tails.
+
+ [XXX]: https://tails.boum.org/security/Security_hole_in_I2P_0.9.13/
+ [XXX]: https://geti2p.net/
+ [XXX]: https://geti2p.net/en/blog/post/2014/07/26/0.9.14-Release
+ [XXX]: https://mailman.boum.org/pipermail/tails-dev/2014-July/006459.html
 
 Monthly status reports for XXX month 2014
 -----------------------------------------

version 13
Author: lunar
Date:   2014-07-28T09:46:14+00:00

   write about Tor Browser 3.6.3

--- version 12
+++ version 13
@@ -12,12 +12,19 @@
 Welcome to the thirtieth issue of Tor Weekly News in 2014, the weekly
 newsletter that covers what is happening in the XXX Tor community.
 
-Feature XXX
------------
+Tor Browser 3.6.3 is out
+------------------------
 
-Feature 1 with cited source [XXX]
+A new pointfix release for the 3.6 series of the Tor Browser is
+out [XXX]. Most components have been updated and a couple of
+small issues fixed. Details are available in the release announcement.
 
- [XXX]:
+The release fixes import security updates [XXX] from Firefox. Be
+sure to upgrade [XXX]!
+
+ [XXX]: https://blog.torproject.org/blog/tor-browser-363-released
+ [XXX]: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox24.7
+ [XXX]: https://www.torproject.org/download/download-easy.html
 
 Monthly status reports for XXX month 2014
 -----------------------------------------
@@ -95,7 +102,6 @@
  * guard https://trac.torproject.org/projects/tor/ticket/11264#comment:6
  * mockups for displaying current circuit in Tor Browser https://trac.torproject.org/projects/tor/ticket/8641#comment:12
  * Tor Onion Proxy Library https://lists.torproject.org/pipermail/tor-talk/2014-July/034046.html
- * Tor Browser 3.6.3 is released https://blog.torproject.org/blog/tor-browser-363-released
  * riseup.net account holders can ask bridgedb autoresponder https://trac.torproject.org/projects/tor/ticket/12635#comment:1
  * Tor Research Framework https://lists.torproject.org/pipermail/tor-dev/2014-July/007232.html
  * Think of better data structures for guard nodes https://bugs.torproject.org/12595]



-- 
Your friendly TWN monitoring script

      In case of malfunction, please reach out for lunar at torproject.org
          or for the worst cases, tell weasel at torproject.org to kill me.