Tor Weekly News — December 18th, 2013
harmony01 at riseup.net
Wed Dec 18 14:00:15 UTC 2013
Tor Weekly News December 18th, 2013
Welcome to the twenty-fifth issue of Tor Weekly News, the weekly
newsletter that covers what is happening in the ever-updating Tor
Tor 0.2.4.19 is out
After more than a year in the making, Roger Dingledine announced  the
first stable release in the Tor 0.2.4 series, as well as the dedication
of this series to the memory of Aaron Swartz (1986-2013).
Tor 0.2.4 boasts a large number of major new features, among them a new
circuit handshake, improved link encryption, a flexible approach to the
queueing of circuit creation requests, and the use of “directory guards”
to defend against client-enumeration attacks. You can consult the full
changelog in Roger’s announcement, and download the source code from the
As no code changes have been made since the previous release candidate,
there is no reasons for users of tor 0.2.4.18-rc to upgrade in a hurry.
Tor Browser Bundle 3.5rc1 is out
Mike Perry announced  the first release candidate in the Tor Browser
Bundle 3.5 series, and strongly encouraged users to update in
anticipation of the imminent end-of-life of both the 2.x stable and 3.0
series, following Mozilla's deprecation of Firefox 17 ESR, on which both
This release also includes a number of important security updates,
alongside various bugfixes and usability improvements; for this reason
as well, users should upgrade as soon as possible.
Tails 0.22 is out
Tails saw its 35th release on December 11th . It incorporates many
major and minor improvements and bugfixes, and opens up the new
incremental-upgrade feature for beta-testing.
As this is the first release to feature a browser based on the Firefox
24 ESR series, some small inconveniences found their way in. Have a look
at the known issues before giving it a go.
Nevertheless, it fixes several important security issues , so it is
recommended that all users upgrade as soon as possible.
Torservers.net awarded $250,000 grant
The Torservers.net team announced  that they have received a $250,000
organizational grant, to be spread over two years, from the Digital
Defenders Partnership , which in its own words was “established to
provide rapid response to threats to internet freedom.”
With this grant, wrote Moritz Bartl, “participating Torservers
organizations will be able to sustain at least 3 Gbit/s of exit traffic,
and 2000 fast and up-to-date bridges.”
In order to make the most efficient use of this significant contribution
to the Tor network while maintaining its diversity, wrote Moritz, “we
need to find seven more organizations that are willing to rent servers
for a period of at least 2 years” , adding that “we really want to
avoid having organizations run both high bandwidth exit relays and a
larger number of Tor bridges: An operator should not see both traffic
entering the Tor network and traffic leaving the Tor network” .
For this reason, he called for groups interested in supporting the Tor
network to get in contact, in order to discuss how they can best set up
and maintain Tor services. The first such partnership will be with the
Institute for War and Peace Reporting's Cyber Arabs group .
If you represent an organization that could make this much-needed
contribution to the Tor network, please contact the Torservers.net team,
or join them at the Tor relay operators meetup during the upcoming Chaos
Communication Congress in Hamburg .
The Tails team reported on the vast amount of activity that occurred
during November 2013 . Coming up in the next few Tails releases are
an updated I2P, a new clock applet with configurable timezone, better
localization, incremental upgrades, safer persistence, MAC spoofing…
meejah announced the release of txtorcon 0.8.2, and warned users that
they should upgrade if they use that program’s TCP4HiddenServiceEndpoint
feature, in order to fix a bug that allows listening on hosts other than
Kevin P Dyer announced the 0.2.2 release of fteproxy, which “includes
the removal of gmpy as a dependency, additional documentation to explain
the significance of language theoretical algorithms, and bounds checking
of the input/output of our (un)ranking algorithms” ; this hot on the
heels of 0.2.1, in which he “focused on breaking away from heavyweight
dependencies: OpenFST and boost” .
Mike Perry shared his thoughts regarding the presence of the Tor Browser
Bundle in centralized repositories such as the Apple App Store or Google
Play, and the possibilities for attack that these stores open up .
Ondrej Mikle warned users of Enterprise Linux 5 that Tor RPM packages
will no longer be built for their platform, owing to an “increasing
number of required workarounds” .
Karsten Loesing published a summary of the past, present and the future
of the Tor Metrics project, which he maintains, offering some context
for the various changes that have recently been announced .
Lunar sent reports from the Tor help desk for October  and
Jacob Appelbaum recapped his work over the last few months — from June
to December — in a slew of reports [21, 22, 23, 24, 25, 26, 27].
Tor help desk roundup
Occasionally users who need the Pluggable Transports Tor Browser Bundle
will download the Vidalia Bridge Bundle instead, which is less useful
for users trying to circumvent state censorship. The Vidalia Bridge
Bundle is only available for Windows and is configured by default to
turn the client machine into a bridge. None of the Vidalia Bundles are
designed to use Pluggable Transports.
Dec 27-30 | Tor @ 30th Chaos Communication Congress
| Hamburg, Germany
This issue of Tor Weekly News has been assembled by harmony, Lunar,
dope457, and Matt Pagan.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page , write down your
name and subscribe to the team mailing list  if you want to
More information about the tor-news