Tor Weekly News — January 22nd, 2014

dope457 dope457 at
Wed Jan 22 12:00:04 UTC 2014

Tor Weekly News                                       January 22nd, 2014

Welcome to the third issue in 2014 of Tor Weekly News, the weekly
newsletter that covers what is happening in the Tor community.

Future of the geolocalization database used in Tor software

The first version of Tor to include an IP-to-country database was [1], released in 2008. In 2010, the database switched [2]
from data provided by WebHosting.Info to use the more up-to-date
MaxMind’s GeoLite service. All was good, until two years later when
MaxMind started to hide the country of Tor relays [3], marking them as
from the “A1” country, standing for “anonymous proxy”.  Karsten Loesing
has been tirelessly doing manual database updates ever since.

MaxMind has launched GeoIP2 [4] as a successor of its previous service.
The very good news, as spotted by Karsten [5], is that the new format
“provide the A1/A2 information in *addition* to the correct country

The question lies on how should this new database be integrated into the
different software using geolocalization information: Tor, BridgeDB, the
metrics database and the metrics website. The format used by Tor so far
has always been a custom format, so writing a converter from MaxMind’s
database format is one option. Another option is to integrate the
parsing libraries provided by MaxMind into Tor software.

Both approaches have their advantages. In any cases, they can be useful,
fun and small projects for someone new to the Tor community. Be sure to
have a look at Karsten’s suggestions if you feel like helping.


Key generation on headless and diskless relays

Following up on his work on Torride [6] — a live Linux distribution
meant to run Tor relays — anarcat asked about key generation in low
entropy situation. Lunar had raised [7] a similar question for the
Tor-ramdisk distribution [8] a couple of months ago.

“The concern here is what happens when Tor starts up the first time. I
believe it creates a public/private key pair for its cryptographic
routines. In Torride, this is done right on the start of the operating
system, when the entropy of the system is low or inexistent” explained

Gerardus Hendricks has made a quick analysis [9] of Tor source code to
determine that key were generated using entropy from /dev/urandom — an
insecure behavior in low entropy situation.

Nick Mathewson suggested [10] to change the initialization procedure in
order to “try to read a byte from /dev/random before it starts Tor, and
block until it actually can read that byte.“ This would “ensure that the
kernel RNG has (by its own lights) reached full entropy at least once,
which guarantees cryptographic quality of the rest of the /dev/urandom
stream.” More general solutions are now discussed in a newly created
ticket [11].


Exposing malicious exit relays

Anyone is free to start a new Tor relay and join the Tor network. Most
Tor relay operators are volunteers who dedicate time and money to
support online privacy.

Unfortunately, as Philipp Winter and Stefan Lindskog wrote in the
introduction of their new research project [12], “there are exceptions:
in the past, some exit relays were documented to have sniffed [13] and
tampered with [14] relayed traffic”. The project, dubbed “spoiled
onions”, is meant to “monitoring all exit relays for several months in
order to expose, document, and thwart malicious or misconfigured

The paper [15] gives more details on the modular scanning software [16]
that has been developed. It elaborates on how it can detect tampering
with the HTTP, HTTPS, SSH, and DNS protocols. The paper also discusses
that occasionally it’s the relay’s ISP that is responsible for an attack
despite the operator’s good faith.

The authors also describe an extension to the Tor Browser that can help
with detecting HTTPS man-in-the-middle attacks: if the browser is unable
to verify a certificate, it will automatically retrieve the certificate
again using a different Tor exit node. If the certificates do not match,
a warning can then be issued informing the user that an attack might be
happening and offering to notify the Tor Project. However, the extension
is merely a proof of concept and not usable at this point.

Philipp and Stefan’s efforts have already identified 25 bad relays that
have subsequently been marked as such by directory authority operators.
Even if we wish the number of problematic relays to stay low, let’s hope
this will help to identify those who try to abuse Tor users as soon as
possible in the future.


Miscellaneous news

Alex reported [17] his bad experience with Hetzner when attempting to
participate in the “Trusted Tor Traceroutes” experiment [18]. Paul
Görgen reported [19] having similar troubles, even with a lower packet
per second rate. Relay operators might want to warn their ISP before
undertaking the experiment in the future to avoid similar misadventures.


Anupam Das reported [20] that they have “received a good rate of
participation by relay operators to our measurement project” [18]. To
measure progress, there is now a live scoreboard [21] of all


The integration of “pluggable transports” in the main Tor Browser
Bundle [22] is moving smoothly. David Fifield published beta images of
his recent work [23], and the initial implementation adding a default
set of bridges to Tor Launcher [24] has been completed.


Following up on last week call for help [25] regarding Tor Weather [26],
Karsten Loesing is organizing an IRC meeting [27] with interested
developers on Wed, Jan 22, 18:00 UTC. The meeting will happen in
#tor-dev on OFTC.


As part of the website redesign effort, Marck Al proposed [28] an
updated visual identity. Lunar also highlighted a couple of tasks [29]
that could be undertaken to move the website redesign forward.


Tails’ release calendar [30] has been shifted by two weeks because of
the holiday break from Mozilla [31].


Ximin Luo has been discussing with I2P [32] developers on how Pluggable
Transports [33] could be made easier to use by other projects [34].


Isis Lovecruft has sent late reports on her activity for October [35],
November [36] and December 2013 [37].


There are two weeks left to participate in the crowdfunding campaign
started by the Freedom of the Press Foundation [38]. Among other
projects, the money will support core Tor development and Tails 1.0


Tor help desk roundup

Frequently users email the Tor help desk because they cannot access a
particular public-facing website. Often this is because an increasing
number of websites have begun blocking connections that appear to come
from the Tor network. A partial list of websites that do this can be
found on Tor Project’s wiki [39]. Feel free to add more sites to the
list, and to contact the website’s operators to explain why banning Tor
is not the best course of action.

Some users reported websites that do not allow logins when using the Tor
Browser. This is not always related to website blocks or blacklists.
There is a known bug in the Tor Browser Bundle such that Private
Browsing Mode disallows cookies in a way that some sites don’t like.
Disabling Private Browsing mode via Torbutton’s Preferences is a
workaround and will hopefully be fixed soon [40].


Upcoming events

Feb 1-2   | Tor @ FOSDEM
           | Brussels, Belgium
Feb 8     | Aaron @ New Media Inspiration 2014
           | Prague, Czech Republic
Feb 8     | Colin @ Winnipeg CryptoParty
           | Winnipeg, Canada

This issue of Tor Weekly News has been assembled by Lunar, Matt Pagan,
Philipp Winter, Karsten Loesing, Sandeep, and dope457.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [41], write down your
name and subscribe to the team mailing list [42] if you want to
get involved!


More information about the tor-news mailing list