Tor Weekly News — December 31st, 2014

Harmony harmony01 at
Wed Dec 31 13:00:28 UTC 2014

Tor Weekly News                                      December 31st, 2014

Welcome to the final issue in 2014 of Tor Weekly News, the weekly
newsletter that covers what’s happening in the Tor community.

Attacks and rumors of attacks

Two weeks ago, the Tor Project relayed a warning [1] from an unspecified
source to the effect that someone may have been preparing to seize,
attack, or otherwise disable one or more of Tor’s directory
authorities [2] in a bid to disrupt the entire Tor network. The lack of
any specific information about the threat caused understandable concern
in the Tor community, and several events that followed over the next
fortnight did little to dispel this.

First, the operator of a large Tor exit relay cluster reported [3] that
his servers may have been physically interfered with by unknown parties
a short while before his message. Later updates [4] suggested that foul
play was less likely than initially thought.

Several days later, a large number of small exit relays were created all
at once, in what appeared to be a “Sybil attack” [5]; this was
detected [6] and halted almost immediately, as was a second, more recent
incident [7]. As the Tor Project put it in a response [8], “we don’t
expect any anonymity or performance effects based on what we've seen so
far”, although a side-effect of the countermeasure is that relays hosted
on some IP ranges are currently being rejected [9] by dirauths.

As far as anyone can tell, these events are not related in any way to
the initial warning. The Tor network has functioned normally throughout
this period, and the appearance of a series of incidents is likely to be
the result of coincidence (helped by the online rumor mill) rather than
a coordinated campaign. It is never possible to say with certainty that
attacks on the network will not occur, but the threat referred to in the
original blog post has not yet materialized — and “no news is good


Miscellaneous news

Lasse Øverlier discovered that ScrambleSuit’s [10] protection against
“replay attacks”, in which an adversary repeats a client authentication
event to learn that the server is in fact a ScrambleSuit bridge, doesn’t
work. Philipp Winter explained [11] the issue, and suggested some simple


Tom van der Woerdt asked for review [12] of a patch [13] to remove the
obsolete version 1 of Tor’s link protocol from the current software:
“It’s a rather large patch, though not as large as the patch that will
remove v2 of the protocol. However, before I write that one, can someone
please check whether my patch is sane and I’m not violating any
standards or policies?”


David Fifield trimmed [14] the length of meek’s [15] HTTP headers from
413 to 162 bytes, reducing the bandwidth it uses by “approximately” 3%.


Thanks to Kura [16] for running a mirror of the Tor Project website and
software archive!


Upcoming events

  Dec 31 13:30 UTC | little-t tor development meeting
                   | #tor-dev,
  Jan 03 20:00 UTC | Tails contributors meeting
                   | #tails-dev,
  Jan 05 18:00 UTC | Tor Browser online meeting
                   | #tor-dev,
  Jan 05 18:00 UTC | OONI development meeting
                   | #ooni,
  Jan 06 18:00 UTC | little-t tor patch workshop
                   | #tor-dev,
  Jan 07 09:00 GMT | Roger @ Real World Cryptography Workshop 2015
                   | London, England
  Jan 16 19:30 UTC | Tails/Jessie progress meeting
                   | #tails-dev,

This issue of Tor Weekly News has been assembled by Harmony, David
Fifield, Chuck Peters, and Roger Dingledine.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [17], write down your
name and subscribe to the team mailing list [18] if you want to
get involved!


More information about the tor-news mailing list