Tor Weekly News — November 19th, 2014

Harmony harmony01 at
Wed Nov 19 14:01:07 UTC 2014

Tor Weekly News                                      November 19th, 2014

Welcome to the forty-sixth issue in 2014 of Tor Weekly News, the weekly
newsletter that covers what’s happening in the Tor community.

Tor Browser 4.5-alpha-1 is out

Mike Perry announced [1] the first alpha release in the Tor Browser 4.5
series. This version goes some way to restoring one of the features most
missed by users following the removal of the now-defunct Vidalia
interface from Tor Browser — the ability to quickly visualize the Tor
circuit that the current page is using. Clicking on the green Torbutton
icon in the Tor Browser window now brings up a small diagram showing the
IP addresses of all relays in a circuit, and the states in which they
are located; this may help users evaluate the suitability of the
circuits their Tor has selected, and also to quickly identify a
malicious exit relay if they notice unusual behavior in downloaded pages
and files.

Another key user-facing innovation in this release is the “security
slider”. Users can now choose from four security settings in Torbutton’s
“Preferences” window — “low (default)”, “medium-low”, “medium-high”, and
“high” — that allow them to customize their Tor Browser based on their
own security and usability needs, while still working to prevent
“partitioning” attacks, which try to identify users based on their
unusual browser configuration.

For other important additions in this series, please see the full
changelog in Mike’s post. If you want to try out this alpha version, you
can find it on the Tor Browser project page [2] or in the distribution
directory [3]; please report any bugs you find!


Tor Browser on 32-bit Macs approaches end-of-life

Now that Apple has discontinued support for the last remaining 32-bit
Mac systems, Mike Perry announced [4] that the Tor Browser team will
soon stop distributing 32-bit builds of its software. This week’s
4.5-alpha-1, like all future releases in the 4.5 series, is only
available in a 64-bit build, and all support for 32-bit systems will end
once 4.5 supersedes 4.0.

“32-bit Mac users likely have a month or two to decide what to do”,
wrote Mike. “If your actual Mac hardware is 64-bit capable, you can
upgrade to either the 64-bit edition of OSX 10.6 (which we will continue
to support for a bit longer), or use the app store to upgrade to 10.9 or
10.10. If your hardware is not 64-bit capable and won’t run these newer
Mac operating systems, you should still be able to use Tails [5], which
contains the Tor Browser.”

As a side effect of this transition, Tor Browser 4.0’s experimental
in-browser secure updater will not handle the upgrade to the 64-bit
build correctly for any Mac user; the old version must instead be
replaced manually with the new one.


Miscellaneous news

Roger Dingledine [6] and Sambuddho Chakravarty [7] responded on the Tor
blog to inaccurate reports of a new attack against Tor, based on a
recent study co-authored by Sambuddho. “It’s great to see more research
on traffic correlation attacks, especially on attacks that don’t need to
see the whole flow on each side. But it’s also important to realize that
traffic correlation attacks are not a new area”, wrote Roger.


The Tails team set out the December release schedule [8] for version
1.2.1 of the anonymous live operating system.


Giovanni Pellerano announced [9] version 3.1.30 of Tor2web, which now
supports web access to Tor hidden services over TLS. Access to the
Facebook hidden service, the most high-profile instance of an
HTTPS-enabled .onion site, is blocked in this version, as Tor2web offers
no benefit in cases where there exists an identical service on the
regular or “naked” web, and may actually present additional risk of


Griffin Boyce requested feedback [10] on a “very rough” version of
Stormy [11], the simple hidden service setup wizard. “I’d love to get
feedback on places where it breaks and where it could use a major
structural change […] the current setup is entirely for development and
should not be used as-is.”


Virgil Griffith started a discussion [12] on the suitability of the name
“hidden services” as opposed to other possible terms like “onion
service” or “onion site”. Among the many responses, Roger Dingledine
suggested [13] that an alternative name like “onion service” “makes
people have to learn what it is rather than guessing (and often guessing
wrong)”, while Nathan Freitas pointed out [14] that as “typical users
don’t talk about web services, they talk about web sites or pages”,
“onion site” might be a term worth adopting.


Tom Ritter put forward [15] a number of improvements to the integration
of HTTPS certificates and hidden services, following “a spirited debate
on IRC”.


The Wikimedia Foundation is the latest high-profile organization to set
up a non-exit Tor relay [16]. “It’s just a small contribution to the
network. Really — anyone can do it.”


Upcoming events

  Nov 19 13:30 UTC | little-t tor development meeting
                   | #tor-dev,
  Nov 19 16:00 UTC | Pluggable transports meeting
                   | #tor-dev,
  Nov 24 18:00 UTC | Tor Browser online meeting
                   | #tor-dev,
  Nov 25 17:00 UTC | little-t tor patch workshop
                   | #tor-dev,
  Dec 03 20:00 UTC | Tails contributors meeting
                   | #tails-dev,

This issue of Tor Weekly News has been assembled by Harmony and Lunar.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [17], write down your
name and subscribe to the team mailing list [18] if you want to
get involved!


More information about the tor-news mailing list