Tor Weekly News — May 7th, 2014
Lunar
lunar at torproject.org
Wed May 7 12:53:48 UTC 2014
========================================================================
Tor Weekly News May 7th, 2014
========================================================================
Welcome to the eighteenth issue of Tor Weekly News in 2014, the weekly
newsletter that covers what is happening in the Tor community.
Tor Browser 3.6 is released
---------------------------
The long-awaited Tor Browser 3.6 was finally declared stable [1] on
April 29th. Tor Browser 3.6 is the first version to fully integrate
pluggable transports, enabling easier access to the Tor network on
censored networks. The browser is based on the latest Firefox ESR 24.5.0
and includes a new round of security fixes [2].
When configuring how to access the Tor network, users can now select one
of the included list of “obfs3“ [3] or “fte” [4] bridges. Using
Flashproxy is also an option, but often requires further
configuration [5] on the local firewall and router. Manually specifying
bridges [6] is still an option, now with support for the aforementioned
pluggable transports.
Many small usability enhancements have been made: Tor error messages are
translated, the wording on several dialog windows has been improved
based on user feedback, and Mac users now install the browser from the
usual disk image format. Turkish localization has also been enabled.
Read the release announcement for a complete changelog. Be sure to
upgrade [7]!
[1]: https://blog.torproject.org/blog/tor-browser-36-released
[2]: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox24.5
[3]: https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/blob/refs/heads/master:/doc/obfs3/obfs3-protocol-spec.txt
[4]: https://fteproxy.org/
[5]: https://trac.torproject.org/projects/tor/wiki/FlashProxyHowto
[6]: https://bridges.torproject.org/
[7]: https://www.torproject.org/download/download-easy.html
Tails 1.0 is out
----------------
“Version 1.0 is often an important milestone that denotes the maturity
of a free software project. The first public version of what would
become Tails was released on June 23 2009 […]. That was almost five
years ago. Tails 1.0 marks the 36th stable release since then.”
The release announcement [8] could have not said it better. On top of
the simple idea of having a system entirely running in memory that
guarantees Tor usage for all network connections, Tails has been
extended with an USB installer, automatic upgrades, persistence, support
for Tor bridges, MAC address spoofing, an extensive and translated
documentation and many more features [9].
Over Tails 0.23, the new version brings security fixes from Firefox and
Tor [10], an updated I2P, several enhancements to the Tor configuration
interface, and the appearance of the new Tails logo [11].
More details are in the release announcement. For those who have not
made use of the integrated updater, time to download [12] the new
version!
[8]: https://tails.boum.org/news/version_1.0/
[9]: https://tails.boum.org/doc/about/features/
[10]: https://trac.torproject.org/projects/tor/ticket/11464
[11]: https://tails.boum.org/promote/logo/
[12]: https://tails.boum.org/download/
Monthly status reports for April 2014
-------------------------------------
The wave of regular monthly reports from Tor project members for the
month of April has begun. Georg Koppen released his report first [13],
followed by reports from Arthur D. Edelstein [14], Sherief Alaa [15],
Karsten Loesing [16], Lunar [17], Nick Mathewson [18], Matt Pagan [19],
Damian Johnson [20], George Kadianakis [21], Pearl Crescent [22], Colin
C. [23], Kevin Dyer [24], Isis Lovecruft [25], Kelley Misata [26], Arlo
Breault [27], and Andrew Lewman [28].
Lunar also reported on behalf of the help desk [29], Mike Perry for the
Tor Browser team [30], and Arturo Filastò for the OONI team [31].
[13]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000511.html
[14]: https://lists.torproject.org/pipermail/tor-reports/2014-April/000513.html
[15]: https://lists.torproject.org/pipermail/tor-reports/2014-May/000514.html
[16]: https://lists.torproject.org/pipermail/tor-reports/2014-May/000515.html
[17]: https://lists.torproject.org/pipermail/tor-reports/2014-May/000516.html
[18]: https://lists.torproject.org/pipermail/tor-reports/2014-May/000517.html
[19]: https://lists.torproject.org/pipermail/tor-reports/2014-May/000518.html
[20]: https://lists.torproject.org/pipermail/tor-reports/2014-May/000520.html
[21]: https://lists.torproject.org/pipermail/tor-reports/2014-May/000521.html
[22]: https://lists.torproject.org/pipermail/tor-reports/2014-May/000523.html
[23]: https://lists.torproject.org/pipermail/tor-reports/2014-May/000524.html
[24]: https://lists.torproject.org/pipermail/tor-reports/2014-May/000525.html
[25]: https://lists.torproject.org/pipermail/tor-reports/2014-May/000527.html
[26]: https://lists.torproject.org/pipermail/tor-reports/2014-May/000528.html
[27]: https://lists.torproject.org/pipermail/tor-reports/2014-May/000529.html
[28]: https://lists.torproject.org/pipermail/tor-reports/2014-May/000530.html
[29]: https://lists.torproject.org/pipermail/tor-reports/2014-May/000512.html
[30]: https://lists.torproject.org/pipermail/tor-reports/2014-May/000522.html
[31]: https://lists.torproject.org/pipermail/tor-reports/2014-May/000526.html
Miscellaneous news
------------------
The Tails developers warned [32] that two fake public keys have been
found bearing email addresses associated with the project; do not trust
these keys, or anything they may have been used to sign. You can check
the real keys used to sign Tails software on the Tails website [33].
[32]: https://lists.torproject.org/pipermail/tor-talk/2014-May/032838.html
[33]: https://tails.boum.org/doc/about/openpgp_keys/
Erinn Clark alerted [34] users of the Trac-based Tor wiki [35] to the
fact that a bug (now fixed) made it possible to register an account with
an already-taken username, “overwriting the existing user’s password and
thereby taking over the account”. “We recommend users try to login and
if you find you are unable to do so, you can reset your password” on the
appropriate Trac page [36].
[34]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006809.html
[35]: https://trac.torproject.org/
[36]: https://trac.torproject.org/projects/tor/reset_password
Following up on previous discussions [37] and a proposal [38] on the
topic of how to make hidden services scale, Christopher Baines went on
and implemented a prototype [39], “for one possible design of how to
allow distribution in hidden services”. The code and concrete design is
up for feedback.
[37]: https://lists.torproject.org/pipermail/tor-dev/2013-October/005556.html
[38]: https://lists.torproject.org/pipermail/tor-dev/2013-October/005674.html
[39]: https://lists.torproject.org/pipermail/tor-dev/2014-April/006788.html
Daniel Martí sent out [40] a list of proposed revisions — arrived at in
discussion with other developers on IRC — to the now slightly outdated
proposal 140, which forms the basis of his upcoming Google Summer of
Code project to implement consensus diffs and so reduce the amount of
information downloaded hourly by Tor clients. Among the proposals are
support for microdescriptor consensus diffs and a time limit to prevent
the leak of information about when Tor was last used; “ideas about what
might be missing or needing an update are welcome”, wrote Daniel.
[40]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006792.html
Alpha releases of Orbot v14 are now available [41] for testing. They
include support for the obfs3 and ScrambleSuit protocols, thanks to
obfsclient [42].
[41]: https://lists.torproject.org/pipermail/tor-talk/2014-May/032847.html
[42]: https://github.com/yawning/obfsclient
Griffin Boyce solicited feedback on the first release of Satori [43], an
“app for Google Chrome that distributes circumvention software in a
difficult-to-block way and makes it easy for users to check if it’s been
tampered with in-transit.”
[43]: https://lists.torproject.org/pipermail/tor-talk/2014-May/032866.html
Kelley Misata announced on the Tor Blog [44] that this year’s Tor Summer
Dev Meeting will be held between June 29th and July 4th at the French
offices of Mozilla in Paris.
[44]: https://blog.torproject.org/blog/tor-summer-2014-dev-meeting-hosted-mozilla
Also on the blog, Andrew Lewman announced [45] that the temporary limit
on donations to the Tor Project through Paypal has now been lifted.
[45]: https://blog.torproject.org/blog/paypal-account-limits-now-resolved
Nicolas Vigier announced [46] that the Tor Browser test suite will now
be run automatically when a new build is ready. The results will be
emailed to the tor-qa mailing list.
[46]: https://lists.torproject.org/pipermail/tor-qa/2014-May/000405.html
Nick Mathewson suggested [47] that proposal 236 [48], which deals with
the proposed transition to single guard nodes for Tor clients, should
include the retention of multiple guards for directory requests, since
“trusting a single source for the completeness and freshness of your
directory info is suboptimal.”
[47]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006820.html
[48]: https://gitweb.torproject.org/torspec.git/blob_plain/refs/heads/master:/proposals/236-single-guard-node.txt
Jacob H. Haven, Mikhail Belous, and Noah Rahman each introduced their
Tor-related projects for this year’s Google Summer of Code: Jacob’s
project [49] is titled “A Lightweight Censorship Analyzer for Tor”, and
aims to “allow non-technical users to monitor censorship of Tor
occurring in their country/network”; Mikhail will work [50] to implement
a multicore version of the tor daemon; and Noah plans [51] on
“refactoring Stegotorus more along DRY lines as well as enhancing and
updating various handshaking protocols, and getting it ready to merge in
upstream changes from its originators at SRI.”
[49]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006808.html
[50]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006817.html
[51]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006821.html
Thanks to NetCologne [52] and fr33tux [53] for running mirrors of the
Tor Project website!
[52]: https://lists.torproject.org/pipermail/tor-mirrors/2014-April/000556.html
[53]: https://lists.torproject.org/pipermail/tor-mirrors/2014-April/000553.html
Frederic Jacobs invited comments [54] on an alternative Tor icon
designed by a friend “for fun”.
[54]: https://lists.torproject.org/pipermail/tor-talk/2014-May/032839.html
Tor help desk roundup
---------------------
Many users alerted the help desk to a new bug [55] in Tor Browser 3.6
that prevents users from setting a proxy. Developers have said this bug
is related to the introduction of Pluggable Transport support; a new Tor
Browser release addressing this issue is expected this week.
[55]: https://bugs.torproject.org/11658
News from Tor StackExchange
---------------------------
Tom Ritter wonders how the Exit Probability is calculated [56] and wants
to know if all values add up to 100 %. If anyone knows a good answer,
please don’t hesitate to add it to the question.
[56]: https://tor.stackexchange.com/q/2041/88
user1698 wants to extend the number of Tor relays in a circuit, and asks
if it is possible to have one with 5 or 6 nodes [57]. Tom Ritter
suggests that this is only possible when one changes the source code.
There is another question which deals with extending the number of nodes
in a circuit [58]: Steven Murdoch warns the user in his answer that
under some circumstances it might be possible to de-anonymize a person
who is using this technique. Furthermore alaf discusses the
performance, throughput and anonymity of longer circuits.
[57]: https://tor.stackexchange.com/q/2039/88
[58]: https://tor.stackexchange.com/q/103/88
Upcoming events
---------------
May 7 19:00 UTC | little-t tor development meeting
| #tor-dev, irc.oftc.net
| https://lists.torproject.org/pipermail/tor-dev/2014-March/006616.html
|
May 8 18:00 CET | “Create a Tor relay!” presentation at Linuxwochen
| FH Technikum Wien, Vienna, Austria
| https://cfp.linuxwochen.at/de/LWW14/public/events/108
|
May 8 20:00 UTC | Tails contributors meeting
| #tails-dev, irc.oftc.net
| https://mailman.boum.org/pipermail/tails-dev/2014-May/005654.html
|
May 9 15:00 UTC | Tor Browser online meeting
| #tor-dev, irc.oftc.net
| https://lists.torproject.org/pipermail/tbb-dev/2014-April/000049.html
|
May 9 16:00 UTC | Pluggable transports online meeting
| #tor-dev, irc.oftc.net
| https://lists.torproject.org/pipermail/tor-dev/2014-April/006764.html
|
May 27-28 | Tor @ Stockholm Internet Forum
| Stockholm, Sweden
| http://www.stockholminternetforum.se/
This issue of Tor Weekly News has been assembled by Lunar, harmony,
Matt Pagan, qbi and the Tails team.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [59], write down your
name and subscribe to the team mailing list [60] if you want to
get involved!
[59]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
[60]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-news/attachments/20140507/428186ac/attachment.sig>
More information about the tor-news
mailing list