Tor Weekly News — December 25th, 2013
lunar at torproject.org
Wed Dec 25 13:33:59 UTC 2013
Tor Weekly News December 25th, 2013
Welcome to the 26th issue of Tor Weekly News, the weekly newsletter that
covers what is happening in the Tor community.
The 3.x series of the Tor Browser Bundle is now stable
After more than a year of work, Mike Perry has officially blessed the
3.5 release of the Tor Browser Bundle as the new stable release .
Improving on the previous stable series, it features a deterministic
build system  for distributed trust , a new integrated interface
to interact with Tor  and all the improvements from Tor 0.2.4 .
Users of the previous 2.x series might be a little disoriented by the
user interface changes. David Fifield, Matt Pagan and others have been
compiling the most frequent questions  heard after the switch. Until
the integrated browser interface catches up, new Vidalia bundles are now
available  for those who need them. Erinn Clark is ironing out the
remaining integration issues.
With the discontinuation of Firefox 17 ESR, the new release had to be
pushed to users to avoid exposing them to security holes. Firefox 24
ESR, on which the Tor Browser is now based, should be supported by
Mozilla for approximately one year. This will leave our browser hackers
some time to focus more on user experience improvements, test
automation, and better resistance to fingerprinting issues.
Several tutorials, videos, and bits of documentation might now in one
way or another be out-of-date in many places. Please help report them
or, even better, write up some updated versions.
This release is quite a milestone for the project. Update and enjoy!
The Tor Project now accepts donation in Bitcoin
As is often pointed out in the press, the majority of the Tor Project’s
financial support comes from US government-linked organizations. In the
ongoing effort to offer as many possible ways for individuals and
organizations to give help to the project, Bitcoin donations are now
being accepted .
As Roger Dingledine wrote in a subsequent comment: “We really need to
get some funding for core Tor development, and especially for improving
Tor’s anonymity, because none of our current funders care enough about
the anonymity side of Tor. Outreach and blocking-resistance are great
topics, but we can’t let the anonymity part rot.”
Head over to the donations page  to learn more about how to chip in
with Bitcoins or other currencies.
Tor 0.2.4.20 is out
The first update to the new stable branch of Tor has been released 
on December 23rd. It fixes an issue that would create more preemptive
circuits than actually need, and a security issue related to poor random
The latter affects “users who 1) use OpenSSL 1.0.0 or later, 2) set
‘HardwareAccel 1’ in their torrc file, 3) have ‘Sandy Bridge’ or ‘Ivy
Bridge’ Intel processors, and 4) have no state file in their
DataDirectory (as would happen on first start). Users who generated
relay or hidden service identity keys in such a situation should discard
them and generate new ones.”
The source code is already available from the usual location .
Update packages and bundles should be ready soon.
Tor events at the 30th Chaos Communication Congress
The Chaos Computer Club will be holding its 30th Congress  in
Hamburg between the 27th and the 30th of December, and as usual there
are a number of Tor-related talks and events scheduled.
Following their session on the Tor ecosystem at 29c3 , Tor Project
members Roger Dingledine and Jacob Appelbaum will be giving a talk
entitled “The Tor Network: We’re living in interesting times” , in
which they discuss the Project’s work over the last few years, with
special reference to “major cryptographic upgrades in the Tor network,
interesting academic papers in attacking the Tor network, major high
profile users breaking news about the network itself, discussions about
funding, FBI/NSA exploitation of Tor Browser users, botnet related load
on the Tor network, and other important topics”.
Their talk will be followed by a discussion involving everyone
interested in helping Tor  at the NoisySquare assembly. The Tor
ecosystem is now made up of more than forty different projects, and
there are sure to be ways you can help. Bring your skills and your
Torservers.net will be holding a meeting of Tor relay operators and
organizations , featuring “quick presentations on recent and future
activities around Torservers.net”, to be followed by the official
members’ meeting of the German Torservers.net partner organization,
#youbroketheinternet will hold a session on the future of crypto routing
backends : “Even the IETF is now considering that Onion Routing
should be a fundamental capability of the Internet. How would that look
If you are attending the Congress, feel free to come along and
participate in these sessions; if not, you should be able to catch up
with the talks online.
Anthony G. Basile released version 20131216  of Tor-ramdisk, a
“uClibc-based micro Linux distribution whose only purpose is to host a
Tor server in an environment that maximizes security and privacy.” This
new release is the first to ship the 0.2.4 branch of Tor.
For those who like hazardous experiments, intrigeri sent a call for
testing  an experimental Tails image with preliminary UEFI support —
users of Apple hardware should be particularly interested. anonym also
announced  that test images from the MAC spoofing branch were
Nick Mathewson sent his now-monthly review of the status of Tor’s
proposals . Karsten Loesing followed-up by commenting on several
of those related to the directory protocol. Have a look, you might also
be able to move things forward!
Many thanks to John Sweeney of otivpn.com , Jeremy J. Olson of
EPRCI , and les.net  for running mirrors of the Tor Project
Karsten Loesing has been experimenting with replacements  for the
“fast exits” graphs that would convey a better feeling of the network
growth. He also deployed a new visualization for the fraction of
connections used uni-/bidirectionally .
Tor help desk roundup
Multiple users have now emailed the help desk regarding a particular
type of “ransomware”  that encrypts the hard drive of Windows
computers and won’t give users the decryption key until a payment is
made. Victims of this malware have emailed the help desk because the
ransomware message includes a link to a tor hidden service site. Malware
victims wanted to know how to install the Tor Browser, or thought the
Tor Project was the source of the malware.
The Tor Project does not make malware; in the past Tor developers have
worked with anti-virus developers to help stop other types of malware.
Users affected might find useful information in the guide assembled by
BleepingComputer.com . If you have not been affected, the story
might be a good reminder to think about your backups.
Dec 27-30 | Tor @ 30th Chaos Communication Congress
| Hamburg, Germany
Jan 13-15 | Tor @ Real World Crypto 2014
| New York City, USA
This issue of Tor Weekly News has been assembled by Lunar, harmony,
Matt Pagan and dope457.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page , write down your
name and subscribe to the team mailing list  if you want to
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: Digital signature
More information about the tor-news