Tor Weekly News — November 26th, 2014

Harmony harmony01 at
Wed Nov 26 15:09:42 UTC 2014

Tor Weekly News                                      November 26th, 2014

Welcome to the forty-seventh issue in 2014 of Tor Weekly News, the
weekly newsletter that covers what’s happening in the Tor community.

A new Tor directory authority

Tor, being free software, can be used by anyone to set up their own
anonymity network, as Tom Ritter demonstrated last month [1]; but “the
Tor network” as we know it today consists of the 6500+ relays voted on
by nine “directory authorities” (or “dirauths”) [2], operated by trusted
members of the Tor development team and community [3].

As Mike Perry, a longtime directory authority operator, wished to retire
his machine, “turtles”, without unbalancing the number of authorities
producing the consensus [4], a new authority named “longclaw” [5] was
brought online by the autonomous tech collective Riseup [6], which has
been offering free and secure methods of communication (most of them now
available as hidden services [7]) since 1999.

Thanks to Riseup for playing this key role in the operation of the Tor


Miscellaneous news

Nathan Freitas announced [8] the release of Orbot 14.1.3, which includes
improved handling of background processes; it builds on the earlier
14.1.0 [9], which brought with it support for Android 5.0 Lollipop, as
well as stability fixes. Orweb was brought up to version 0.7, also
introducing support for the new Android release.


George Kadianakis sent out [10] a co-authored draft of a proposal for
statistics concerning hidden service activity that relays could collect
and publish without harming the anonymity or security of users and
hidden services, and which might “be useful to Tor developers and to
people who want to understand hidden services and the onionspace


Tom Ritter drafted a proposal [11] exploring methods a hidden service
operator might use to prove to certificate authorities that they control
the service’s private key when requesting SSL certificates.


Karsten Loesing spruced up [12] the documentation on the Tor Metrics
portal [13], including a handy glossary of frequently-used Tor-specific
terms [14].


Damian Johnson sketched out a roadmap [15] for further development of
Stem [16], the Tor controller library in Python, welcoming “more general
ideas on directions to take Stem, the tor-prompt, and this whole space”.


Andrew Lewman reported [17] on his experiments in mirroring the Tor
Project website using the Fastly CDN as well as the BitTorrent Sync


Following a suggestion [18] that a guide to server hardening should be
distributed with the tor software package, Libertas drafted [19] a
sample document and asked for reviews. “Please share any opinions or
contributions you have. This was written in a little more than an hour,
so it’s still a work in progress.”


Libertas also scanned [20] a large number of currently-running Tor
relays to check which ssh access authentication methods their servers
supported, finding 2051 relays that still permitted password-based ssh
authentication. “Generally, it is far more secure to allow only public
key auth. The Ubuntu help pages have a good guide [21] on setting up
key-based auth”.


SiNA Rabbani noted [22] that a large proportion of Tor exit relays are
located in Europe, and called for relay operators to consider running
nodes with US hosts. “I am not sure if the reason is lack of
Tor-friendly ISPs or people are just too freaked out about the summer of
Snowden. I think it’s very wrong to assume that EU countries are not
part of the world-wide-wiretap, packets are going through a few internet
exchanges anyways.”


Thanks to Andy Weber [23], Matt Kraai [24], Alexander Dietrich [25],
James Murphy [26], Jesse Victors [27], Lucid Networks [28], [29], NTU Open Source Society [30], and Justaguy [31]
for running mirrors of the Tor Project’s website and software!


Tor help desk roundup

The help desk commonly sees questions from users who get error messages
when using Vidalia, the graphical Tor controller. Vidalia is
unmaintained and many of its features simply do not work any more, so it
has been deprecated [32]. For web browsing, only the latest version of
Tor Browser [33] should be used. If you were trying to use the (now
also defunct) Vidalia Bridge or Relay Bundles, documentation for how to
set up bridges [34] and regular relays [35] more effectively without
Vidalia can be found on the website.


Upcoming events

  Nov 26 13:30 UTC | little-t tor development meeting
                   | #tor-dev,
  Nov 26 16:00 UTC | Pluggable transports meeting
                   | #tor-dev,
  Dec 01 18:00 UTC | Tor Browser online meeting
                   | #tor-dev,
  Dec 01 18:00 UTC | OONI development meeting
                   | #ooni,
  Dec 02 17:00 UTC | little-t tor patch workshop
                   | #tor-dev,
  Dec 03 20:00 UTC | Tails contributors meeting
                   | #tails-dev,

This issue of Tor Weekly News has been assembled by Harmony, Matt Pagan,
Roger Dingledine, and Karsten Loesing.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [36], write down your
name and subscribe to the team mailing list [37] if you want to
get involved!


More information about the tor-news mailing list