[TWN team] Recent changes to the wiki pages
Lunar
lunar at torproject.org
Tue Jul 29 20:00:12 UTC 2014
===========================================================================
=== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2014/30 ===
===========================================================================
version 44
Author: lunar
Date: 2014-07-29T19:14:29+00:00
FREEZE
--- version 43
+++ version 44
@@ -1,6 +1,8 @@
''56th issue of Tor Weekly News. Covering what's happening from July 22nd, 2014 to July 29th, 2014. To be released on July 30th, 2014.''
'''Editor:''' Lunar
+
+'''Status:''' Frozen! New items should go to [wiki:TorWeeklyNews/2014/31 next week's edition]. Only languages and technical fixes for now. Expected publication time 2014-07-30 12:00 UTC.
'''Subject:''' Tor Weekly News — July 30th, 2014
@@ -16,23 +18,23 @@
------------------------
A new pointfix release for the 3.6 series of the Tor Browser is
-out [XXX]. Most components have been updated and a couple of small
+out [1]. Most components have been updated and a couple of small
issues fixed. Details are available in the release announcement.
-The release fixes import security updates [XXX] from Firefox. Be sure to
-upgrade [XXX]! Users of the experimental meek [XXX] bundles have not
-been forgotten [XXX].
-
- [XXX]: https://blog.torproject.org/blog/tor-browser-363-released
- [XXX]: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox24.7
- [XXX]: https://www.torproject.org/download/download-easy.html
- [XXX]: https://trac.torproject.org/projects/tor/wiki/doc/meek
- [XXX]: https://people.torproject.org/~dcf/pt-bundle/3.6.3-meek-1/
+The release fixes import security updates [2] from Firefox. Be sure to
+upgrade [3]! Users of the experimental meek [4] bundles have not
+been forgotten [5].
+
+ [1]: https://blog.torproject.org/blog/tor-browser-363-released
+ [2]: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox24.7
+ [3]: https://www.torproject.org/download/download-easy.html
+ [4]: https://trac.torproject.org/projects/tor/wiki/doc/meek
+ [5]: https://people.torproject.org/~dcf/pt-bundle/3.6.3-meek-1/
New Tor stable and alpha releases
---------------------------------
-Two new releases of Tor are out. The new 0.2.5.6-alpha release [XXX]
+Two new releases of Tor are out. The new 0.2.5.6-alpha release [6]
“brings us a big step closer to slowing down the risk from guard
rotation, and fixes a variety of other issues to get us closer to a
release candidate”.
@@ -43,33 +45,33 @@
2500.”
The complementary change to moving the number of entry guards down to
-one [XXX] are two new consensus parameters introduced. NumEntryGuards
+one [7] are two new consensus parameters introduced. NumEntryGuards
and NumDirectoryGuards will respectively set the number of entry guards
and directory guards that clients will use. The default for
NumEntryGuards is currently three, but this will allow a reversable
switch to one in a near future.
Several important fixes have been backported to the stable branch in the
-0.2.4.23 release [XXX]. Source packages are available at the regular
-location [XXX]. Binary packages have already landed in
-Debian [XXX,XXX,XXX] and the rest should follow shortly.
-
- [XXX]: https://gitweb.torproject.org/tor.git/blob_plain/390728d8:/ChangeLog
- [XXX]: https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/236-single-guard-node.txt
- [XXX]: https://gitweb.torproject.org/tor.git/blob_plain/598c6136:/ChangeLog
- [XXX]: https://www.torproject.org/dist/
- [XXX]: https://tracker.debian.org/news/228637
- [XXX]: https://tracker.debian.org/news/560607
- [XXX]: https://tracker.debian.org/news/560611
+0.2.4.23 release [8]. Source packages are available at the regular
+location [9]. Binary packages have already landed in
+Debian [10,11,12] and the rest should follow shortly.
+
+ [6]: https://gitweb.torproject.org/tor.git/blob_plain/390728d8:/ChangeLog
+ [7]: https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/236-single-guard-node.txt
+ [8]: https://gitweb.torproject.org/tor.git/blob_plain/598c6136:/ChangeLog
+ [9]: https://www.torproject.org/dist/
+ [10]: https://tracker.debian.org/news/228637
+ [11]: https://tracker.debian.org/news/560607
+ [12]: https://tracker.debian.org/news/560611
Security issue in Tails 1.1 and earlier
---------------------------------------
-Several vulnerabilities has been discovered in I2P [XXX] which is
-shipped in Tails 1.1 and earlier [XXX]. I2P [XXX] is an anonymous
+Several vulnerabilities has been discovered in I2P [13] which is
+shipped in Tails 1.1 and earlier [14]. I2P [15] is an anonymous
overlay network with many similarities to Tor. There was quite some
confusion around the disclosure process of this vulnerability. Readers
-are encouraged to read what the Tails team has written about it [XXX].
+are encouraged to read what the Tails team has written about it [16].
Starting I2P in Tails normally requires a click on the relevant menu
entry. Once started, the security issues can lead to the deanonymization
@@ -77,16 +79,16 @@
precaution, the Tails team recommends removing the “i2p” package each
time Tails is started.
-I2P has fixed the issue in version 0.9.14 [XXX]. It is likely to be
+I2P has fixed the issue in version 0.9.14 [17]. It is likely to be
included in the next Tails release, but the team is also
-discussing [XXX] implementing more in-depth protections that would be
+discussing [18] implementing more in-depth protections that would be
required in order to keep I2P in Tails.
- [XXX]: https://tails.boum.org/security/Security_hole_in_I2P_0.9.13/
- [XXX]: https://geti2p.net/
- [XXX]: https://tails.boum.org/news/On_0days_exploits_and_disclosure/
- [XXX]: https://geti2p.net/en/blog/post/2014/07/26/0.9.14-Release
- [XXX]: https://mailman.boum.org/pipermail/tails-dev/2014-July/006459.html
+ [13]: https://tails.boum.org/security/Security_hole_in_I2P_0.9.13/
+ [14]: https://geti2p.net/
+ [15]: https://tails.boum.org/news/On_0days_exploits_and_disclosure/
+ [16]: https://geti2p.net/en/blog/post/2014/07/26/0.9.14-Release
+ [17]: https://mailman.boum.org/pipermail/tails-dev/2014-July/006459.html
Reporting bad relays
--------------------
@@ -97,72 +99,72 @@
while. Getting them out of everyone’s circuits is thus important.
Damian Johnson and Philipp Winter have been working on improving and
-documenting [XXX] the process to report bad relays. “While we do
+documenting [19] the process to report bad relays. “While we do
regularly scan the network for bad relays, we are also dependent on the
wider community to help us spot relays which don’t act as they should”
-wrote [XXX] Philipp.
+wrote [20] Philipp.
When observing unusual behaviors, one way to learn about the current
-exit relay before reporting it is to use the Check [XXX] service. This
+exit relay before reporting it is to use the Check [21] service. This
method can be inaccurate and tend to be a little bit cumbersome. The
-good news is that Arthur Edelstein is busy integrating [XXX] more
+good news is that Arthur Edelstein is busy integrating [22] more
feedback on Tor circuits being used directly in the Tor Browser.
- [XXX]: https://trac.torproject.org/projects/tor/wiki/doc/ReportingBadRelays
- [XXX]: https://blog.torproject.org/blog/how-report-bad-relays
- [XXX]: https://check.torproject.org/
- [XXX]: https://trac.torproject.org/projects/tor/ticket/8641#comment:12
+ [18]: https://trac.torproject.org/projects/tor/wiki/doc/ReportingBadRelays
+ [19]: https://blog.torproject.org/blog/how-report-bad-relays
+ [20]: https://check.torproject.org/
+ [21]: https://trac.torproject.org/projects/tor/ticket/8641#comment:12
Miscellaneous news
------------------
The Tor Project, Inc. has completed its standard financial audit for the
-year 2013 [XXX]. IRS Form 990 [XXX], Massachusetts Form PC [XXX], and
-the Financial Statements [XXX] are now available for anyone to review.
+year 2013 [23]. IRS Form 990 [24], Massachusetts Form PC [25], and
+the Financial Statements [26] are now available for anyone to review.
Andrew Lewman explained: “we publish all of our related tax documents
because we believe in transparency. All US non-profit organizations are
required by law to make their tax filings available to the public on
request by US citizens. We want to make them available for all.”
- [XXX]: https://blog.torproject.org/blog/transparency-openness-and-our-2013-financials
- [XXX]: https://www.torproject.org/about/findoc/2013-TorProject-Form990.pdf
- [XXX]: https://www.torproject.org/about/findoc/2013-TorProject-FormPC.pdf
- [XXX]: https://www.torproject.org/about/findoc/2013-TorProject-FinancialStatements.pdf
-
-CJ announced [XXX] the release of orWall (previously named
-Torrific [XXX]), a new Android application that “will force applications
+ [22]: https://blog.torproject.org/blog/transparency-openness-and-our-2013-financials
+ [23]: https://www.torproject.org/about/findoc/2013-TorProject-Form990.pdf
+ [24]: https://www.torproject.org/about/findoc/2013-TorProject-FormPC.pdf
+ [25]: https://www.torproject.org/about/findoc/2013-TorProject-FinancialStatements.pdf
+
+CJ announced [27] the release of orWall (previously named
+Torrific [28]), a new Android application that “will force applications
selected through Orbot while preventing unchecked applications to have
network access”.
- [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-July/034006.html
- [XXX]: https://torrific.ch/
-
-The Thali project [XXX] aims to use hidden services to host web content.
+ [26]: https://lists.torproject.org/pipermail/tor-talk/2014-July/034006.html
+ [27]: https://torrific.ch/
+
+The Thali project [29] aims to use hidden services to host web content.
As part of the effort, they have written a cross-platform Java
-library [XXX]. “The code handles running the binary, configuring it,
-managing it, starting a hidden service, etc.” wrote [XXX] Yaron Goland.
-
- [XXX]: http://www.thaliproject.org/
- [XXX]: https://github.com/thaliproject/Tor_Onion_Proxy_Library
- [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-July/034046.html
-
-Gareth Owen has released [XXX] a Java-based Tor research
-framework [XXX]. The goal is to enable researchers to try things out
+library [30]. “The code handles running the binary, configuring it,
+managing it, starting a hidden service, etc.” wrote [31] Yaron Goland.
+
+ [28]: http://www.thaliproject.org/
+ [29]: https://github.com/thaliproject/Tor_Onion_Proxy_Library
+ [30]: https://lists.torproject.org/pipermail/tor-talk/2014-July/034046.html
+
+Gareth Owen has released [32] a Java-based Tor research
+framework [33]. The goal is to enable researchers to try things out
without having to deal with the full tor source. “At present, it is a
fully functional client with a number of examples for hidden services
and SOCKS. You can build arbitrary circuits, build streams, send junk
cells, etc.” wrote Gareth.
- [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007232.html
- [XXX]: https://github.com/drgowen/tor-research-framework
-
-Version 0.2.3 of BridgeDB [XXX] has been deployed. Among other
-things [XXX], owners of riseup.net email accounts can now request
-bridges through email [XXX].
-
- [XXX]: https://bridges.torproject.org/
- [XXX]: https://gitweb.torproject.org/bridgedb.git/blob/2a6d5463:/CHANGELOG
- [XXX]: https://bugs.torproject.org/11139#comment:15
+ [31]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007232.html
+ [32]: https://github.com/drgowen/tor-research-framework
+
+Version 0.2.3 of BridgeDB [34] has been deployed. Among other
+things [35], owners of riseup.net email accounts can now request
+bridges through email [36].
+
+ [33]: https://bridges.torproject.org/
+ [34]: https://gitweb.torproject.org/bridgedb.git/blob/2a6d5463:/CHANGELOG
+ [35]: https://bugs.torproject.org/11139#comment:15
Orbot 14.0.5 first release candidate has been released. “This update
includes improved management of the background processes, the ability to
@@ -170,25 +172,25 @@
Galaxy and Note devices), and the fancy new notification dialog, showing
your current exit IPs and country” wrote Nathan Freitas.
- [XXX]: https://lists.mayfirst.org/pipermail/guardian-dev/2014-July/003667.html
+ [36]: https://lists.mayfirst.org/pipermail/guardian-dev/2014-July/003667.html
While working on guard nodes, George Kadianakis realized that “the data
structures and methods of the guard nodes code are not very robust”.
Nick Mathewson and George have been busy trying to come up with better
-abstractions [XXX]. More brains on the problem would be welcome!
-
- [XXX]: https://bugs.torproject.org/12595
-
-Mike Perry posted [XXX] “a summary of the primitives that Marc Juarez
+abstractions [37]. More brains on the problem would be welcome!
+
+ [37]: https://bugs.torproject.org/12595
+
+Mike Perry posted [38] “a summary of the primitives that Marc Juarez
aims to implement for his Google Summer of Code project on prototyping
defenses for Website Traffic Fingerprinting and follow-on research”. Be
sure to have a look if you want to help preventing website fingerprint
attacks.
- [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007246.html
+ [38]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007246.html
A new draft proposal “for making all relays also be directory servers
-(by default)” has been submitted [XXX] by Matthew Finkel. Among the
+(by default)” has been submitted [39] by Matthew Finkel. Among the
motivations, Matthew wrote: “In a network where every router is a
directory server, the profiling and partitioning attack vector is
reduced to the guard (for clients who use them), which is already in a
@@ -197,28 +199,28 @@
diversifies the providers.” This change might make the transition to a
single guard safer. Feedback welcome!
- [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007247.html
-
-Noah Rahman reported [XXX] on the progress on their Google Summer of
+ [39]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007247.html
+
+Noah Rahman reported [40] on the progress on their Google Summer of
Code on Stegotorus.
- [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007248.html
+ [40]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007248.html
Tor help desk roundup
---------------------
A number of Iranian Tor users have reported that Tor no longer works out
of the box in Iran, and the Tor Metrics portal shows a corresponding
-drop in the number of directly-connecting users there [XXX]. Collin
+drop in the number of directly-connecting users there [41]. Collin
Anderson investigated the situation and reported that the
Telecommunications Company of Iran had begun blocking the Tor network by
-blacklisting connections to Tor’s directory authorities [XXX]. Tor users
-can circumvent this block by getting bridges from BridgeDB [XXX] and
+blacklisting connections to Tor’s directory authorities [42]. Tor users
+can circumvent this block by getting bridges from BridgeDB [43] and
entering the bridge addresses they receive into their Tor Browser.
- [XXX]: https://metrics.torproject.org/users.html?graph=userstats-relay-country&start=2014-04-30&end=2014-07-28&country=ir&events=on#userstats-relay-country
- [XXX]: https://bugs.torproject.org/12727
- [XXX]: https://bridges.torproject.org/
+ [41]: https://metrics.torproject.org/users.html?graph=userstats-relay-country&start=2014-04-30&end=2014-07-28&country=ir&events=on#userstats-relay-country
+ [42]: https://bugs.torproject.org/12727
+ [43]: https://bridges.torproject.org/
Upcoming events
---------------
@@ -244,10 +246,10 @@
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
-important news. Please see the project page [XXX], write down your
-name and subscribe to the team mailing list [XXX] if you want to
+important news. Please see the project page [44], write down your
+name and subscribe to the team mailing list [45] if you want to
get involved!
- [XXX]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
- [XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
+ [44]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
+ [45]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
}}}
version 43
Author: lunar
Date: 2014-07-29T19:12:32+00:00
cleanup
--- version 42
+++ version 43
@@ -16,12 +16,12 @@
------------------------
A new pointfix release for the 3.6 series of the Tor Browser is
-out [XXX]. Most components have been updated and a couple of
-small issues fixed. Details are available in the release announcement.
-
-The release fixes import security updates [XXX] from Firefox. Be
-sure to upgrade [XXX]! Users of the experimental meek [XXX] bundles
-have not been forgotten [XXX].
+out [XXX]. Most components have been updated and a couple of small
+issues fixed. Details are available in the release announcement.
+
+The release fixes import security updates [XXX] from Firefox. Be sure to
+upgrade [XXX]! Users of the experimental meek [XXX] bundles have not
+been forgotten [XXX].
[XXX]: https://blog.torproject.org/blog/tor-browser-363-released
[XXX]: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox24.7
@@ -32,25 +32,27 @@
New Tor stable and alpha releases
---------------------------------
-Two new releases of Tor are out. The new 0.2.5.6-alpha release [XXX] “brings us
-a big step closer to slowing down the risk from guard rotation, and fixes a
-variety of other issues to get us closer to a release candidate”.
-
-Once directory authorities have upgraded, they will “assign the Guard flag
-to the fastest 25% of the network”. Some experiments showed that “for the
-current network, this results in about 1100 guards, down from 2500.”
-
-The complementary change to moving the number of entry guards down to one [XXX]
-are two new consensus parameters introduced. NumEntryGuards and
-NumDirectoryGuards will respectively set the number of entry guards and
-directory guards that clients will use. The default for NumEntryGuards is
-currently three, but this will allow a reversable switch to one in a near
-future.
+Two new releases of Tor are out. The new 0.2.5.6-alpha release [XXX]
+“brings us a big step closer to slowing down the risk from guard
+rotation, and fixes a variety of other issues to get us closer to a
+release candidate”.
+
+Once directory authorities have upgraded, they will “assign the Guard
+flag to the fastest 25% of the network”. Some experiments showed that
+“for the current network, this results in about 1100 guards, down from
+2500.”
+
+The complementary change to moving the number of entry guards down to
+one [XXX] are two new consensus parameters introduced. NumEntryGuards
+and NumDirectoryGuards will respectively set the number of entry guards
+and directory guards that clients will use. The default for
+NumEntryGuards is currently three, but this will allow a reversable
+switch to one in a near future.
Several important fixes have been backported to the stable branch in the
0.2.4.23 release [XXX]. Source packages are available at the regular
-location [XXX]. Binary packages have already landed in Debian [XXX,XXX,XXX] and
-the rest should follow shortly.
+location [XXX]. Binary packages have already landed in
+Debian [XXX,XXX,XXX] and the rest should follow shortly.
[XXX]: https://gitweb.torproject.org/tor.git/blob_plain/390728d8:/ChangeLog
[XXX]: https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/236-single-guard-node.txt
@@ -63,22 +65,22 @@
Security issue in Tails 1.1 and earlier
---------------------------------------
-Several vulnerabilities has been discovered in I2P [XXX] which is shipped
-in Tails 1.1 and earlier [XXX]. I2P [XXX] is an anonymous overlay network
-with many similarities to Tor. There was quite some confusion around the
-disclosure process of this vulnerability. Readers are encouraged to read
-what the Tails team has written about it [XXX].
+Several vulnerabilities has been discovered in I2P [XXX] which is
+shipped in Tails 1.1 and earlier [XXX]. I2P [XXX] is an anonymous
+overlay network with many similarities to Tor. There was quite some
+confusion around the disclosure process of this vulnerability. Readers
+are encouraged to read what the Tails team has written about it [XXX].
Starting I2P in Tails normally requires a click on the relevant menu
-entry. Once started, the security issues can lead to the deanonymization of
-a Tails user who visits a malicious web page. As a matter of
+entry. Once started, the security issues can lead to the deanonymization
+of a Tails user who visits a malicious web page. As a matter of
precaution, the Tails team recommends removing the “i2p” package each
time Tails is started.
I2P has fixed the issue in version 0.9.14 [XXX]. It is likely to be
included in the next Tails release, but the team is also
-discussing [XXX] implementing more in-depth protections that would
-be required in order to keep I2P in Tails.
+discussing [XXX] implementing more in-depth protections that would be
+required in order to keep I2P in Tails.
[XXX]: https://tails.boum.org/security/Security_hole_in_I2P_0.9.13/
[XXX]: https://geti2p.net/
@@ -90,9 +92,9 @@
--------------------
“Bad” relays are malicious, misconfigured, or otherwise broken Tor
-relays. As anyone is free to volunteer bandwidth and processing power
-to spin up a new relay, users can encounter such bad relays once in
-a while. Getting them out of everyone’s circuits is thus important.
+relays. As anyone is free to volunteer bandwidth and processing power to
+spin up a new relay, users can encounter such bad relays once in a
+while. Getting them out of everyone’s circuits is thus important.
Damian Johnson and Philipp Winter have been working on improving and
documenting [XXX] the process to report bad relays. “While we do
@@ -100,12 +102,11 @@
wider community to help us spot relays which don’t act as they should”
wrote [XXX] Philipp.
-When observing unusual behaviors, one way to learn about the
-current exit relay before reporting it is to use the Check [XXX]
-service. This method can be inaccurate and tend to be a little bit
-cumbersome. The good news is that Arthur Edelstein is busy
-integrating [XXX] more feedback on Tor circuits being used directly in
-the Tor Browser.
+When observing unusual behaviors, one way to learn about the current
+exit relay before reporting it is to use the Check [XXX] service. This
+method can be inaccurate and tend to be a little bit cumbersome. The
+good news is that Arthur Edelstein is busy integrating [XXX] more
+feedback on Tor circuits being used directly in the Tor Browser.
[XXX]: https://trac.torproject.org/projects/tor/wiki/doc/ReportingBadRelays
[XXX]: https://blog.torproject.org/blog/how-report-bad-relays
@@ -115,13 +116,13 @@
Miscellaneous news
------------------
-The Tor Project, Inc. has completed its standard financial audit for the year
-2013 [XXX]. IRS Form 990 [XXX], Massachusetts Form PC [XXX], and the
-Financial Statements [XXX] are now available for anyone to review. Andrew
-Lewman explained: “we publish all of our related tax documents because we
-believe in transparency. All US non-profit organizations are required by law to
-make their tax filings available to the public on request by US citizens. We
-want to make them available for all.”
+The Tor Project, Inc. has completed its standard financial audit for the
+year 2013 [XXX]. IRS Form 990 [XXX], Massachusetts Form PC [XXX], and
+the Financial Statements [XXX] are now available for anyone to review.
+Andrew Lewman explained: “we publish all of our related tax documents
+because we believe in transparency. All US non-profit organizations are
+required by law to make their tax filings available to the public on
+request by US citizens. We want to make them available for all.”
[XXX]: https://blog.torproject.org/blog/transparency-openness-and-our-2013-financials
[XXX]: https://www.torproject.org/about/findoc/2013-TorProject-Form990.pdf
@@ -136,26 +137,28 @@
[XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-July/034006.html
[XXX]: https://torrific.ch/
-The Thali project [XXX] aims to use hidden services to host web content. As
-part of the effort, they have written a cross-platform Java library [XXX].
-“The code handles running the binary, configuring it, managing it, starting a
-hidden service, etc.” wrote [XXX] Yaron Goland.
+The Thali project [XXX] aims to use hidden services to host web content.
+As part of the effort, they have written a cross-platform Java
+library [XXX]. “The code handles running the binary, configuring it,
+managing it, starting a hidden service, etc.” wrote [XXX] Yaron Goland.
[XXX]: http://www.thaliproject.org/
[XXX]: https://github.com/thaliproject/Tor_Onion_Proxy_Library
[XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-July/034046.html
-Gareth Owen has released [XXX] a Java-based Tor research framework [XXX]. The
-goal is to enable researchers to try things out without having to deal with the
-full tor source. “At present, it is a fully functional client with a number of
-examples for hidden services and SOCKS. You can build arbitrary circuits, build
-streams, send junk cells, etc.” wrote Gareth.
+Gareth Owen has released [XXX] a Java-based Tor research
+framework [XXX]. The goal is to enable researchers to try things out
+without having to deal with the full tor source. “At present, it is a
+fully functional client with a number of examples for hidden services
+and SOCKS. You can build arbitrary circuits, build streams, send junk
+cells, etc.” wrote Gareth.
[XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007232.html
[XXX]: https://github.com/drgowen/tor-research-framework
-Version 0.2.3 of BridgeDB [XXX] has been deployed. Among other things [XXX],
-owners of riseup.net email accounts can now request bridges through email [XXX].
+Version 0.2.3 of BridgeDB [XXX] has been deployed. Among other
+things [XXX], owners of riseup.net email accounts can now request
+bridges through email [XXX].
[XXX]: https://bridges.torproject.org/
[XXX]: https://gitweb.torproject.org/bridgedb.git/blob/2a6d5463:/CHANGELOG
@@ -165,69 +168,57 @@
includes improved management of the background processes, the ability to
easily change the local SOCKS port (to avoid conflicts on some Samsung
Galaxy and Note devices), and the fancy new notification dialog, showing
-your current exit IPs and country” writes Nathan Freitas.
+your current exit IPs and country” wrote Nathan Freitas.
[XXX]: https://lists.mayfirst.org/pipermail/guardian-dev/2014-July/003667.html
While working on guard nodes, George Kadianakis realized that “the data
-structures and methods of the guard nodes code are not very robust”. Nick
-Mathewson and George have been busy trying to come up with better
+structures and methods of the guard nodes code are not very robust”.
+Nick Mathewson and George have been busy trying to come up with better
abstractions [XXX]. More brains on the problem would be welcome!
[XXX]: https://bugs.torproject.org/12595
-Mike Perry has posted [XXX] “a summary of the primitives that Marc Juarez aims
-to implement for his Google Summer of Code project on prototyping defenses for
-Website Traffic Fingerprinting and follow-on research”. Be sure to have a look
-if you want to help preventing website fingerprint attacks.
+Mike Perry posted [XXX] “a summary of the primitives that Marc Juarez
+aims to implement for his Google Summer of Code project on prototyping
+defenses for Website Traffic Fingerprinting and follow-on research”. Be
+sure to have a look if you want to help preventing website fingerprint
+attacks.
[XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007246.html
-A new draft proposal “for making all relays also be directory servers (by
-default)” has been submitted [XXX] by Matthew Finkel. Among the motivations,
-Matthew wrote: “In a network where every router is a directory server, the
-profiling and partitioning attack vector is reduced to the guard (for clients
-who use them), which is already in a privileged position for this. In addition,
-with the increased set size, relay descriptors and documents are more readily
-available and it diversifies the providers.” This change might make the
-transition to a single guard safer. Feedback welcome!
+A new draft proposal “for making all relays also be directory servers
+(by default)” has been submitted [XXX] by Matthew Finkel. Among the
+motivations, Matthew wrote: “In a network where every router is a
+directory server, the profiling and partitioning attack vector is
+reduced to the guard (for clients who use them), which is already in a
+privileged position for this. In addition, with the increased set size,
+relay descriptors and documents are more readily available and it
+diversifies the providers.” This change might make the transition to a
+single guard safer. Feedback welcome!
[XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007247.html
-Noah Rahman reported [XXX] on the progress on their Google Summer of Code
-on Stegotorus.
+Noah Rahman reported [XXX] on the progress on their Google Summer of
+Code on Stegotorus.
[XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007248.html
Tor help desk roundup
---------------------
-A number of Iranian Tor users have reported that Tor no longer works
-out of the box in Iran, and the Tor Metrics portal shows a corresponding
-drop in the number of directly-connecting users there [XXX]. Collin Anderson
-investigated the situation and reported that the Telecommunications
-Company of Iran had begun blocking the Tor network by blacklisting
-connections to Tor’s directory authorities [XXX]. Tor users can circumvent
-this block by getting bridges from BridgeDB [XXX] and entering the bridge
-addresses they receive into their Tor Browser.
+A number of Iranian Tor users have reported that Tor no longer works out
+of the box in Iran, and the Tor Metrics portal shows a corresponding
+drop in the number of directly-connecting users there [XXX]. Collin
+Anderson investigated the situation and reported that the
+Telecommunications Company of Iran had begun blocking the Tor network by
+blacklisting connections to Tor’s directory authorities [XXX]. Tor users
+can circumvent this block by getting bridges from BridgeDB [XXX] and
+entering the bridge addresses they receive into their Tor Browser.
[XXX]: https://metrics.torproject.org/users.html?graph=userstats-relay-country&start=2014-04-30&end=2014-07-28&country=ir&events=on#userstats-relay-country
[XXX]: https://bugs.torproject.org/12727
[XXX]: https://bridges.torproject.org/
-
-News from Tor StackExchange
----------------------------
-
-Text with cited source [XXX].
-
- [XXX]:
-
-Easy development tasks to get involved with
--------------------------------------------
-
-Text with cited source [XXX].
-
- [XXX]:
Upcoming events
---------------
version 42
Author: lunar
Date: 2014-07-29T19:09:52+00:00
add credits
--- version 41
+++ version 42
@@ -193,6 +193,11 @@
transition to a single guard safer. Feedback welcome!
[XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007247.html
+
+Noah Rahman reported [XXX] on the progress on their Google Summer of Code
+on Stegotorus.
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007248.html
Tor help desk roundup
---------------------
@@ -243,8 +248,8 @@
| https://www.usenix.org/conference/usenixsecurity14
-This issue of Tor Weekly News has been assembled by XXX, XXX, and
-XXX.
+This issue of Tor Weekly News has been assembled by Lunar, Matt Pagan,
+harmony, and Philipp Winter.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
@@ -255,6 +260,3 @@
[XXX]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
[XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
}}}
-Possible items:
-
- * GSoc Stegotorus status update https://lists.torproject.org/pipermail/tor-dev/2014-July/007248.html
version 41
Author: lunar
Date: 2014-07-29T19:05:39+00:00
write about sysrqb's draft proposal
--- version 40
+++ version 41
@@ -182,6 +182,17 @@
if you want to help preventing website fingerprint attacks.
[XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007246.html
+
+A new draft proposal “for making all relays also be directory servers (by
+default)” has been submitted [XXX] by Matthew Finkel. Among the motivations,
+Matthew wrote: “In a network where every router is a directory server, the
+profiling and partitioning attack vector is reduced to the guard (for clients
+who use them), which is already in a privileged position for this. In addition,
+with the increased set size, relay descriptors and documents are more readily
+available and it diversifies the providers.” This change might make the
+transition to a single guard safer. Feedback welcome!
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007247.html
Tor help desk roundup
---------------------
@@ -246,5 +257,4 @@
}}}
Possible items:
- * [DRAFT] Proposal: All Routers are Directory Servers https://lists.torproject.org/pipermail/tor-dev/2014-July/007247.html
* GSoc Stegotorus status update https://lists.torproject.org/pipermail/tor-dev/2014-July/007248.html
version 40
Author: lunar
Date: 2014-07-29T18:58:11+00:00
write about website fingerprinting defense
--- version 39
+++ version 40
@@ -175,6 +175,13 @@
abstractions [XXX]. More brains on the problem would be welcome!
[XXX]: https://bugs.torproject.org/12595
+
+Mike Perry has posted [XXX] “a summary of the primitives that Marc Juarez aims
+to implement for his Google Summer of Code project on prototyping defenses for
+Website Traffic Fingerprinting and follow-on research”. Be sure to have a look
+if you want to help preventing website fingerprint attacks.
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007246.html
Tor help desk roundup
---------------------
@@ -239,6 +246,5 @@
}}}
Possible items:
- * Prototype Primitives for Website Traffic Fingerprinting defenses https://lists.torproject.org/pipermail/tor-dev/2014-July/007246.html
* [DRAFT] Proposal: All Routers are Directory Servers https://lists.torproject.org/pipermail/tor-dev/2014-July/007247.html
* GSoc Stegotorus status update https://lists.torproject.org/pipermail/tor-dev/2014-July/007248.html
version 39
Author: lunar
Date: 2014-07-29T18:54:24+00:00
fix wording
--- version 38
+++ version 39
@@ -36,7 +36,7 @@
a big step closer to slowing down the risk from guard rotation, and fixes a
variety of other issues to get us closer to a release candidate”.
-Once directory authorities will have upgraded, they will “assign the Guard flag
+Once directory authorities have upgraded, they will “assign the Guard flag
to the fastest 25% of the network”. Some experiments showed that “for the
current network, this results in about 1100 guards, down from 2500.”
version 38
Author: lunar
Date: 2014-07-29T18:53:37+00:00
write about guard data structures
--- version 37
+++ version 38
@@ -168,6 +168,13 @@
your current exit IPs and country” writes Nathan Freitas.
[XXX]: https://lists.mayfirst.org/pipermail/guardian-dev/2014-July/003667.html
+
+While working on guard nodes, George Kadianakis realized that “the data
+structures and methods of the guard nodes code are not very robust”. Nick
+Mathewson and George have been busy trying to come up with better
+abstractions [XXX]. More brains on the problem would be welcome!
+
+ [XXX]: https://bugs.torproject.org/12595
Tor help desk roundup
---------------------
@@ -232,7 +239,6 @@
}}}
Possible items:
- * Think of better data structures for guard nodes https://bugs.torproject.org/12595]
* Prototype Primitives for Website Traffic Fingerprinting defenses https://lists.torproject.org/pipermail/tor-dev/2014-July/007246.html
* [DRAFT] Proposal: All Routers are Directory Servers https://lists.torproject.org/pipermail/tor-dev/2014-July/007247.html
* GSoc Stegotorus status update https://lists.torproject.org/pipermail/tor-dev/2014-July/007248.html
version 37
Author: lunar
Date: 2014-07-29T18:45:46+00:00
write about Tor releases
--- version 36
+++ version 37
@@ -28,6 +28,37 @@
[XXX]: https://www.torproject.org/download/download-easy.html
[XXX]: https://trac.torproject.org/projects/tor/wiki/doc/meek
[XXX]: https://people.torproject.org/~dcf/pt-bundle/3.6.3-meek-1/
+
+New Tor stable and alpha releases
+---------------------------------
+
+Two new releases of Tor are out. The new 0.2.5.6-alpha release [XXX] “brings us
+a big step closer to slowing down the risk from guard rotation, and fixes a
+variety of other issues to get us closer to a release candidate”.
+
+Once directory authorities will have upgraded, they will “assign the Guard flag
+to the fastest 25% of the network”. Some experiments showed that “for the
+current network, this results in about 1100 guards, down from 2500.”
+
+The complementary change to moving the number of entry guards down to one [XXX]
+are two new consensus parameters introduced. NumEntryGuards and
+NumDirectoryGuards will respectively set the number of entry guards and
+directory guards that clients will use. The default for NumEntryGuards is
+currently three, but this will allow a reversable switch to one in a near
+future.
+
+Several important fixes have been backported to the stable branch in the
+0.2.4.23 release [XXX]. Source packages are available at the regular
+location [XXX]. Binary packages have already landed in Debian [XXX,XXX,XXX] and
+the rest should follow shortly.
+
+ [XXX]: https://gitweb.torproject.org/tor.git/blob_plain/390728d8:/ChangeLog
+ [XXX]: https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/236-single-guard-node.txt
+ [XXX]: https://gitweb.torproject.org/tor.git/blob_plain/598c6136:/ChangeLog
+ [XXX]: https://www.torproject.org/dist/
+ [XXX]: https://tracker.debian.org/news/228637
+ [XXX]: https://tracker.debian.org/news/560607
+ [XXX]: https://tracker.debian.org/news/560611
Security issue in Tails 1.1 and earlier
---------------------------------------
@@ -202,7 +233,6 @@
Possible items:
* Think of better data structures for guard nodes https://bugs.torproject.org/12595]
- * Tor 0.2.4.23 and 0.2.5.6-alpha https://gitweb.torproject.org/tor.git/blob/598c61362f1b3d3e3a93d15240c7306d955273be:/ChangeLog https://gitweb.torproject.org/tor.git/blob/390728d85644a6c062d6807ffc096343d1c1e73e:/ChangeLog https://www.torproject.org/dist/
* Prototype Primitives for Website Traffic Fingerprinting defenses https://lists.torproject.org/pipermail/tor-dev/2014-July/007246.html
* [DRAFT] Proposal: All Routers are Directory Servers https://lists.torproject.org/pipermail/tor-dev/2014-July/007247.html
* GSoc Stegotorus status update https://lists.torproject.org/pipermail/tor-dev/2014-July/007248.html
version 36
Author: lunar
Date: 2014-07-29T18:24:54+00:00
write about orbot
--- version 35
+++ version 36
@@ -129,6 +129,14 @@
[XXX]: https://bridges.torproject.org/
[XXX]: https://gitweb.torproject.org/bridgedb.git/blob/2a6d5463:/CHANGELOG
[XXX]: https://bugs.torproject.org/11139#comment:15
+
+Orbot 14.0.5 first release candidate has been released. “This update
+includes improved management of the background processes, the ability to
+easily change the local SOCKS port (to avoid conflicts on some Samsung
+Galaxy and Note devices), and the fancy new notification dialog, showing
+your current exit IPs and country” writes Nathan Freitas.
+
+ [XXX]: https://lists.mayfirst.org/pipermail/guardian-dev/2014-July/003667.html
Tor help desk roundup
---------------------
@@ -194,7 +202,6 @@
Possible items:
* Think of better data structures for guard nodes https://bugs.torproject.org/12595]
- * New Orbot https://lists.mayfirst.org/pipermail/guardian-dev/2014-July/003667.html
* Tor 0.2.4.23 and 0.2.5.6-alpha https://gitweb.torproject.org/tor.git/blob/598c61362f1b3d3e3a93d15240c7306d955273be:/ChangeLog https://gitweb.torproject.org/tor.git/blob/390728d85644a6c062d6807ffc096343d1c1e73e:/ChangeLog https://www.torproject.org/dist/
* Prototype Primitives for Website Traffic Fingerprinting defenses https://lists.torproject.org/pipermail/tor-dev/2014-July/007246.html
* [DRAFT] Proposal: All Routers are Directory Servers https://lists.torproject.org/pipermail/tor-dev/2014-July/007247.html
===========================================================================
=== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2014/31 ===
===========================================================================
version 1
Author: lunar
Date: 2014-07-29T19:15:52+00:00
import template
---
+++ version 1
@@ -0,0 +1,89 @@
+''57th issue of Tor Weekly News. Covering what's happening from July 29th, 2014 to August 5th, 2014. To be released on August 6th, 2014.''
+
+'''Editor:'''
+
+'''Subject:''' Tor Weekly News — August 6th, 2014
+
+{{{
+========================================================================
+Tor Weekly News August 6th, 2014
+========================================================================
+
+Welcome to the thirty-first issue of Tor Weekly News in 2014, the weekly
+newsletter that covers what is happening in the XXX Tor community.
+
+Feature XXX
+-----------
+
+Feature 1 with cited source [XXX]
+
+ [XXX]:
+
+Monthly status reports for XXX month 2014
+-----------------------------------------
+
+The wave of regular monthly reports from Tor project members for the
+month of XXX has begun. XXX released his report first [XXX], followed
+by reports from name 2 [XXX], name 3 [XXX], and name 4 [XXX].
+
+ [XXX]:
+ [XXX]:
+ [XXX]:
+ [XXX]:
+
+Miscellaneous news
+------------------
+
+Item 1 with cited source [XXX].
+
+Item 2 with cited source [XXX].
+
+Item 3 with cited source [XXX].
+
+ [XXX]:
+ [XXX]:
+ [XXX]:
+
+Tor help desk roundup
+---------------------
+
+Summary of some questions sent to the Tor help desk.
+
+News from Tor StackExchange
+---------------------------
+
+Text with cited source [XXX].
+
+ [XXX]:
+
+Easy development tasks to get involved with
+-------------------------------------------
+
+Text with cited source [XXX].
+
+ [XXX]:
+
+Upcoming events
+---------------
+
+Jul XX-XX | Event XXX brief description
+ | Event City, Event Country
+ | Event website URL
+ |
+Jul XX-XX | Event XXX brief description
+ | Event City, Event Country
+ | Event website URL
+
+
+This issue of Tor Weekly News has been assembled by XXX, XXX, and
+XXX.
+
+Want to continue reading TWN? Please help us create this newsletter.
+We still need more volunteers to watch the Tor community and report
+important news. Please see the project page [XXX], write down your
+name and subscribe to the team mailing list [XXX] if you want to
+get involved!
+
+ [XXX]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
+ [XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
+}}}
--
Your friendly TWN monitoring script
In case of malfunction, please reach out for lunar at torproject.org
or for the worst cases, tell weasel at torproject.org to kill me.
More information about the news-team
mailing list