Tor Weekly News — October 2nd, 2013
harmony01 at riseup.net
Wed Oct 2 12:00:09 UTC 2013
Tor Weekly News October 2nd, 2013
Welcome to the fourteenth issue of Tor Weekly News, the weekly
newsletter that covers what’s happening in the much-discussed Tor
Tor Browser Bundle 3.0alpha4 released
On September 28th, Mike Perry released the fourth alpha of the new Tor
Browser Bundle 3.0 series . The main highlights of this series are
the important usability improvements that integrate Tor configuration
and control into the browser itself, rather than relying on the
unmaintained Vidalia interface.
The latest iteration is based on Firefox 10.0.9esr, which brings with it
a lot of important security fixes. It also fixes a fingerprinting issue
by randomizing the timestamp sent when establishing an HTTPS connection.
Two small but important usability improvements in the new Tor Launcher
component were made: users can now directly copy and paste “bridge”
lines from the bridge database , while clock-skews that would prevent
Tor from functioning properly are now reported to users.
Download your copy, test it, and report any problems you find. If you're
feeling adventurous, you can also try out the crucial new security
process by independently reproducing the binaries from the
publicly-reviewable source code .
Tor mini-hackathon at GNU 30th anniversary
The Tor mini-hackathon at the GNU 30th anniversary event  took place
over the weekend, and Nick Mathewson sent out a brief report  on how
things went. As well as working on proposal 220, which involves
improvements to Tor server identity keys, Nick merged some small patches
into the Tor mainline branch, and collected promises of several more to
come. He also directed a few enquiring minds towards Tor's online
community, saying “I hope we’ll be seeing more of some of the folks I
talked to on our mailing lists and IRC channels soon”.
Tor Stack Exchange page in private beta
The Tor Stack Exchange page , which reached 100% commitment last
week , has now been moved into the ‘private beta’ stage. Runa Sandvik
clarified that “the purpose behind it is to ensure that users who
committed to the site’s proposal have a chance to start asking and
answering questions, as well as help with the initial community building
activities that will define and shape the site” . She added that “the
more experts who participate in the private beta, the more certain it is
that our page will move on to the next stage (i.e. the public beta).”
Fruitful discussions are already taking place: Karsten Loesing wrote to
the wider community on the question of what to do about contact
information for bridge operators after it was posed on Stack
Roger Dingledine put out a call  for Tor developers and anonymity
researchers to participate in answering questions on the site, adding
“Steven, Philipp, Jens, and I can't do it by ourselves.” If you have
expert knowledge to contribute, please send an email to
help at rt.torproject.org to get an invitation!
liballium: Pluggable Transports utility library in C
Yawning Angel announced a new library to ease the task of writing
pluggable transports . liballium is a “simple library that handles
the Tor Pluggable Transport Configuration protocol. The idea is for this
library to be the C/C++ equivalent to pyptlib  (and maybe more,
depending on how much time I have to work on it).”
The code is available for review  featuring “a reasonably well
Feel free to follow up with “questions, comments, feedback”!
Tor Help Desk Roundup
Multiple users wrote to the help desk asking for guidance setting up
hidden service sites. The most straightforward documentation for hidden
services is in the torrc file itself . A more in-depth guide can be
found on the Tor Project website . The website also documents how
hidden services work . Technical details can be found in the
Rendezvous Specification document .
Monthly status reports for September 2013
The wave of regular monthly reports from Tor project members for the
month of September has begun. Runa Sandvik released her report
first , followed by reports from Damian Johnson , Philipp
Winter , Sherief Alaa , and Noel David Torres Taño .
Mike Perry published his new GPG public key, adding: “this new key will
be used to sign email from me going forward, and will be used to sign
software releases until such time as I get around to creating a second
set of keys on a hardware token for that purpose” .
David Fifield updated the Pluggable Transports bundles using the latest
Tor Browser Bundle . In order to benefit from the improvements and
security fixes, please update!
intrigeri sent a release schedule for Tails 0.21 . The first release
candidate should be out on October 20th.
Roger Dingledine sent out “a list of criteria to consider when
evaluating pluggable transports for readiness of deployment to users”,
asking for comments on his initial draft .
If you have the necessary hardware and want to help Tails out, please
test two upcoming features: persistent printer settings  and support
for more SD card readers (the “sdio” type) .
Oct 09-10 | Andrew speaking at Secure Poland 2013
| Warszawa, Poland
Nov 04-05 | 20th ACM Conference on Computer and Communications Security,
| Berlin, Germany
This issue of Tor Weekly News has been assembled by harmony, Lunar,
dope457, and Matt Pagan.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page , write down your
name and subscribe to the team mailing list  if you want to
More information about the tor-news