Tor Weekly News — August 27th, 2014

harmony harmony01 at
Wed Aug 27 13:00:02 UTC 2014

Tor Weekly News                                        August 27th, 2014

Welcome to the thirty-fourth issue of Tor Weekly News in 2014, the
weekly newsletter that covers what is happening in the Tor community.

Orfox: a new Firefox-based secure browser for Android

With the growing popularity of pocket computers (also known as
“phones”), users need to have access to censorship-circumvention and
anonymity systems on these devices as well as on their desktop or laptop
machines. While there is currently no supported implementation of Tor
for Apple’s iOS, the Guardian Project [1] works closely with the Tor
Project to produce (amongst other software) a Tor client for Android
named Orbot [2]. Mobile applications can be proxied through Orbot just
as they can through the Tor client on other operating systems, but
mobile web browsing potentially suffers from the same issues that the
Tor Browser was designed to protect against, such as disk leaks and a
large attack surface. The Guardian Project has therefore also been
maintaining a dedicated mobile browser for use with Orbot under the name
Orweb [3].

Orweb is based on WebView, and is limited by that browser’s features;
flaws such as the potential HTML5 IP leak [4], while possible to work
around in the short term, have made it clear that the best future for
secure mobile browsing lies in a switch to an application based on

Following a successful Google Summer of Code project by Amogh
Pradeep [5] and work by other Guardian Project members, Nathan Freitas
announced [6] that “a real working version” of Orfox, the new
Orbot-compatible mobile browser, is now available. “All the necessary
defaults [have been] changed to match Tor Browser’s defaults as closely
as possible”; the developers also “remove the Android permissions for
things like camera, mic, GPS” and “turn off webrtc.”

“We still need to figure out which preferences and features map between
the desktop mobile browser and the Android version, so there is quite a
bit of work to do”, but you can download and test this initial version
by following the links in Nathan’s email. “Over the next few months we
hope to launch this as our new official browser for Orbot, and deprecate
Orweb as quickly as possible”, he concluded.


Miscellaneous news

A new release of ooniprobe, the network interference data collector for
OONI [7], was announced [8] by Arturo Filastò. Version 1.1.0 introduces
a new command line tool “for listing the reports that have not been
published to a collector and that allows the probe operator to choose
which ones they would like to upload”. The new version also improve the
privacy of the reports by sanitizing file paths.


Developers of applications using Onionoo [9] — the web service to learn
about currently running Tor relays and bridges — are invited to join the
new onionoo-announce mailing list [10]. Keeping the list low volume,
Karsten Loesing plans on using it to announce major protocol changes,
scheduled maintenance, major bug fixes, and other important news.


Yawning Angel has made available [11] an experimental version of the Tor
Browser that includes the latest version of the obfs4 [12] pluggable
transport.  Testing on Windows and OS X would be particularly welcome. 


Fabian Keil reported [13] that FreeBSD now includes ports of liballium
and obfsclient.


JusticeRage explained [14] how relay operators who offer exiting on port
25 can protect the reputation of their domain name by using the Sender
Policy Framework.


Sreenatha Bhatlapenumarthi sent the final GSoC report [15] for the Tor
Weather rewrite project. Juha Nurmi sent another report [16] on the
development of


Thanks to s7r for hosting a new mirror [17] of the Tor Project’s website
and software!


Tor help desk roundup

Users of different VPN (Virtual Private Network) services have told the
help desk that Tor Browser has difficulty connecting to Tor when a VPN
is in use. Using Tor with a VPN is not supported. For a trusted entry
into the Tor network, bridges and pluggable transports are recommended,
while for anonymizing all network traffic coming from a computer,
Tails [18] is recommended.


Easy development tasks to get involved with

The bandwidth authority scanners measure the actual bandwidth offered by
Tor relays in order to get accurate information into the Tor consensus.
The measurement process currently splits up the set of relays that are
to be measured into 4 subsets, with the goal that measuring each of
these subsets should take about the same time [19]. However, this is not
the case.  Measuring subsets 2 and 3 is about twice as fast as measuring
subset 1, and subset 4 is twice as fast as subset 2 and 3. If you're up
for doing some experiments to split up the set into more equal subsets,
please let us know about your findings on the ticket.


Upcoming events

  Aug 27 13:30 UTC | little-t tor development meeting
                   | #tor-dev,
  Aug 29 15:00 UTC | OONI development meeting
                   | #ooni,
  Sep 01 18:00 UTC | Tor Browser online meeting
                   | #tor-dev,
  Sep 03 19:00 UTC | Tails contributors meeting
                   | #tails-dev, / h7gf2ha3hefoj5ls.onion

This issue of Tor Weekly News has been assembled by Lunar, harmony, Matt
Pagan, Karsten Loesing, and dope457.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [20], write down your
name and subscribe to the team mailing list [21] if you want to
get involved!


More information about the tor-news mailing list