Tor Weekly News — October 2nd, 2013

harmony harmony01 at
Wed Oct 2 12:00:09 UTC 2013

Tor Weekly News                                        October 2nd, 2013

Welcome to the fourteenth issue of Tor Weekly News, the weekly
newsletter that covers what’s happening in the much-discussed Tor

Tor Browser Bundle 3.0alpha4 released

On September 28th, Mike Perry released the fourth alpha of the new Tor 
Browser Bundle 3.0 series [1]. The main highlights of this series are 
the important usability improvements that integrate Tor configuration 
and control into the browser itself, rather than relying on the 
unmaintained Vidalia interface.

The latest iteration is based on Firefox 10.0.9esr, which brings with it
a lot of important security fixes. It also fixes a fingerprinting issue
by randomizing the timestamp sent when establishing an HTTPS connection.

Two small but important usability improvements in the new Tor Launcher
component were made: users can now directly copy and paste “bridge”
lines from the bridge database [2], while clock-skews that would prevent
Tor from functioning properly are now reported to users.

Download your copy, test it, and report any problems you find. If you're
feeling adventurous, you can also try out the crucial new security
process by independently reproducing the binaries from the
publicly-reviewable source code [3].


Tor mini-hackathon at GNU 30th anniversary

The Tor mini-hackathon at the GNU 30th anniversary event [4] took place
over the weekend, and Nick Mathewson sent out a brief report [5] on how
things went. As well as working on proposal 220, which involves
improvements to Tor server identity keys, Nick merged some small patches
into the Tor mainline branch, and collected promises of several more to
come. He also directed a few enquiring minds towards Tor's online
community, saying “I hope we’ll be seeing more of some of the folks I
talked to on our mailing lists and IRC channels soon”.


Tor Stack Exchange page in private beta

The Tor Stack Exchange page [6], which reached 100% commitment last
week [7], has now been moved into the ‘private beta’ stage. Runa Sandvik
clarified that “the purpose behind it is to ensure that users who
committed to the site’s proposal have a chance to start asking and
answering questions, as well as help with the initial community building
activities that will define and shape the site” [8]. She added that “the
more experts who participate in the private beta, the more certain it is
that our page will move on to the next stage (i.e. the public beta).”

Fruitful discussions are already taking place: Karsten Loesing wrote to
the wider community on the question of what to do about contact
information for bridge operators after it was posed on Stack
Exchange. [9]

Roger Dingledine put out a call [10] for Tor developers and anonymity
researchers to participate in answering questions on the site, adding
“Steven, Philipp, Jens, and I can't do it by ourselves.” If you have
expert knowledge to contribute, please send an email to
help at to get an invitation!


liballium: Pluggable Transports utility library in C

Yawning Angel announced a new library to ease the task of writing
pluggable transports [11]. liballium is a “simple library that handles
the Tor Pluggable Transport Configuration protocol. The idea is for this
library to be the C/C++ equivalent to pyptlib [12] (and maybe more,
depending on how much time I have to work on it).”

The code is available for review [13] featuring “a reasonably well
commented example.”

Feel free to follow up with “questions, comments, feedback”!


Tor Help Desk Roundup

Multiple users wrote to the help desk asking for guidance setting up
hidden service sites. The most straightforward documentation for hidden
services is in the torrc file itself [14]. A more in-depth guide can be
found on the Tor Project website [15]. The website also documents how
hidden services work [16]. Technical details can be found in the
Rendezvous Specification document [17].


Monthly status reports for September 2013

The wave of regular monthly reports from Tor project members for the
month of September has begun. Runa Sandvik released her report
first [18], followed by reports from Damian Johnson [19], Philipp
Winter [20], Sherief Alaa [21], and Noel David Torres Taño [22].


Miscellaneous news

Mike Perry published his new GPG public key, adding: “this new key will
be used to sign email from me going forward, and will be used to sign
software releases until such time as I get around to creating a second
set of keys on a hardware token for that purpose” [23].


David Fifield updated the Pluggable Transports bundles using the latest
Tor Browser Bundle [24]. In order to benefit from the improvements and
security fixes, please update!


intrigeri sent a release schedule for Tails 0.21 [25]. The first release
candidate should be out on October 20th.


Roger Dingledine sent out “a list of criteria to consider when
evaluating pluggable transports for readiness of deployment to users”,
asking for comments on his initial draft [26].


If you have the necessary hardware and want to help Tails out, please
test two upcoming features: persistent printer settings [27] and support
for more SD card readers (the “sdio” type) [28].


Upcoming events

Oct 09-10 | Andrew speaking at Secure Poland 2013
          | Warszawa, Poland
Nov 04-05 | 20th ACM Conference on Computer and Communications Security, 
          | Berlin, Germany

This issue of Tor Weekly News has been assembled by harmony, Lunar,
dope457, and Matt Pagan.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [29], write down your
name and subscribe to the team mailing list [30] if you want to
get involved!


More information about the tor-news mailing list