Tor Weekly News — January 15th, 2014

Lunar lunar at
Wed Jan 15 12:04:01 UTC 2014

Tor Weekly News                                       January 15th, 2014

Welcome to the second issue in 2014 of Tor Weekly News, the weekly
newsletter that covers what is happening in the Tor community.

Orbot 13 is out

Orbot [1] — the Guardian Project’s port of Tor on Android platforms —
has received a major update [2]. Version 13 includes “all the latest
bling across the board” meaning Tor and updated versions of
OpenSSL and XTables. Nathan also mentions “some important fixes to the
Orbot service, to ensure it remains running in the background, and the
active notification keeps working, as well. Finally, we’ve changed the
way the native binaries are installed, making it more reliable and clean
across devices.”

After the initial release candidates, 13.0.1 [3], 13.0.2 and then 13.0.3
were quickly made available to fix various reported issues.

The new release is available from the Guardian Project’s website [4],
F-Droid repository or Google Play.


Who are the Tor Project’s website visitors?

Last week’s call for help regarding the Tor Project’s website [5] has
seen a pretty impressive response. Discussions then quickly sparkled on
the newly created mailing list [6].

As one of the first concrete outcomes, Rey Dhuny contributed an initial
set of “personas”, later improved by Max Jakob Maass, Silviu Riley with
suggestions from others. Quoting Wikipedia [7]: “personas are fictional
characters created to represent the different user types within a
targeted demographic, attitude and/or behavior set that might use a
site, brand or product in a similar way.”

One can have a look at the wiki page [8] to learn more about the seven
different users of the Tor website that have been currently identified:
The Student, The Journalist, The Researcher, The Donor, The Engineer,
The Activist, The Dissident. These personas should probably be further
refined, but are already a very useful tool to think about how to
structure a new website.

For anyone interested in following the effort, Andrew Lewman has spent
time triaging all website related tickets [9] and setting up a new
milestone [10] to keep tabs on tasks and issues.


Let’s save Tor Weather!

The Tor network would not exist without all its volunteers — currently
more than 3,000 all around the world — who run the 5,000+ relays
anonymizing our connections.

Tor Weather is one of these small services run by the Tor Project that
is meant to make the life of relay operators easier. It can warn them
when their relay is down or when a new version of tor is available… and
when they can receive the rewarding t-shirt [11]. Unfortunately, Tor
Weather has been unmaintained for quite a while, and issues have
accumulated [12] over time.

Karsten Loesing has sent a call for help [13] with suggestions on how
the code can be simplified and improved. Abhiram Chintangal and Norbert
Kurz have already stated their interests. Coordination is done through
the tor-dev mailing list [14] and a design wiki page [15]. Join them if
you are up to some Python hacking or spiffing up the web interface!


More monthly status reports for December 2013

The wave of regular monthly reports from Tor project members for the
month of December 2013 continued this week as well with the extended
report form the Tails team [16] followed by reports from George
Kadianakis [17], Kevin P Dyer [18], and Andrew Lewman [19].


Miscellaneous news

The Tails team has put out a call for testing the first release
candidate for Tails 0.22.1 [20]. The new version will bring several
bugfixes, an updated kernel, and many improvements to the upgrader


Directory authorities are in the process [21] of upgrading their
directory signing key to RSA 2048. This has been done for five out of
nine authorities [22]. The changes might result in some temporary error
messages in logs of Tor relays, as it did [23] when “gabelmoo” [24]
changed its key on January 11th.


Nicolas Vigier has sent a proposal [25] about replacing the current
Gitian-based build system for the Tor Browser Bundle by a system based
on burps [26]. Nicolas also worked on a prototype [27] to go with his


Nick Mathewson mentioned [28] that the “Sniper Attack” paper [29] by Rob
Jansen, Florian Tschorsch, Aaron Johnson, and Björn Scheuermann was now
available. This paper describes serious Denial of Service attacks
through memory exhaustion. The issue is fixed “thanks to advice from
the paper’s authors, in Tor 0.2.4.x and later”.


In order to prevent attacks [30] on hidden services based on predicting
which directory will be used, directory authorities need to periodically
produce shared unpredictable random strings. To address the issue,
Nicholas Hopper has sent “a threshold signature-based proposal for a
shared RNG” [31], now up for reviews.


The next session of low-hanging fruits for Tails will happen [32] on
February 8th in the #tails IRC channel OFTC at 10:00 CET.


Thanks to [33], Maki Hoshisawa [34] and cYbergueRrilLa
AnonyMous NeXus [35] for running new mirrors of the Tor Project website.


Jaromil announced [36] the release of Dowse [37], “a transparent proxy
setup supporting Tor”. One feature is that it detects “all URLs whose
domain ends in .onion, routing them directly to Tor, effectively making
the onion network accessible without any plugin or software installed.”
The transport proxy approach has known issues [38] but can still be of
interest to some users. Jaromil is seeking feedback and opinions from
the community.


Microsoft’s Geoff McDonald wrote a blog post [39] describing how they
have helped remove half of the estimated four millions of Tor
clients [40] installed by the Sefnit botnet without the computer owner’s


Koumbit has been working on Torride [41], a live distribution to run Tor
relays — not unlike Tor-ramdisk [42] — but based on Debian. Version
1.1.0 has been released [43] on January 10th.


Tor help desk roundup

Many users have been emailing for clarification on the Tor Browser’s
interface. The first time Tor Browser is started, users are asked if
their network is free of obstacles. Many users do not know if their
network is free of obstacles or not. A network is free of obstacles
if it does not censor connections to the Tor network. Ticket #10610 [44]
has been opened to discuss possible improvements.

A number of users have reported problems using the Tor Browser in
Backtrack Linux. Backtrack is unusual among Linux distributions in that
the user can only log in as root; there are no other user accounts. The
Tor Browser cannot be run as root. One solution for Backtrack users is
to create a new account with the `useradd` command and then run the Tor
Browser as that user with the `sudo` command.


Upcoming events

Feb 1-2   | Tor @ FOSDEM
          | Brussels, Belgium
April 11  | Roger @ George Mason University
          | Washington, DC, USA

This issue of Tor Weekly News has been assembled by Lunar, Matt Pagan,
dope457, Sandeep, Karsten Loesing, Nicolas Vigier, Philipp Winter and
the Tails developers.

Tor Weekly News needs reviewers! 24 hours before being
published, the content of the next newsletter is frozen so there
is time to improve the language. We are really missing native or
good English speakers who could spend just about 20 minutes
each week. See the project page [45], and subscribe to the team
mailing list [46] if you want to get involved!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <>

More information about the tor-news mailing list