Tor Weekly News — April 1st, 2015
harmony01 at riseup.net
Wed Apr 1 22:14:53 UTC 2015
Tor Weekly News April 1st, 2015
Welcome to the thirteenth issue in 2015 of Tor Weekly News, the weekly
newsletter that covers what’s happening in the Tor community.
Tor Browser 4.0.6 and 4.5a5 are out
Mike Perry announced two new releases by the Tor Browser team. Tor
Browser 4.0.6  contains updates to Firefox, meek, and OpenSSL; it is
also the last release planned to run on 32-bit Apple hardware. If you
have a 64-bit Mac and are running Mac OS X 10.8, you can expect to be
automatically upgraded to Tor Browser 4.5, optimized for your hardware,
later this month. If you are running OS X 10.6 or 10.7, however, you
will need to update manually once that version of Tor Browser is
released, as described in the end-of-life announcement last year .
Tor Browser 4.5a5 , meanwhile, includes several exciting security and
usability updates. Tor Browser’s windows, when resized, will now “snap”
to one of a limited range of sizes, to prevent an adversary from
fingerprinting a user based on their unique browser size; the Security
Slider now offers information about the features that are disabled at
each security level; and Tor circuits remain in use for a longer period,
avoiding the errors that can result when websites detect a change in
your connection. You can read about all these features and more in
These new releases contain important security updates, and all users
should upgrade as soon as possible. As usual, you can get your copy of
the new software using the in-browser updater, or from the project
Tails 1.3.2 is out
Tails version 1.3.2  was put out on March 31. This release includes
updates to key software, fixing numerous security issues. All Tails
users must upgrade as soon as possible; see the announcement for
Crowdsourcing the future (of onion services)
Onion (or hidden) services are web (or other) services hosted in the Tor
network that have anonymity, authentication, and confidentiality built
in. As George Kadianakis writes, “anything you can build on the
Internet, you can build on hidden services — but they’re better”. A
major task for the Tor community in the near future is making these
important tools more widely available, and usable by groups who urgently
need them, so George took to the Tor blog  to solicit ideas for
future onion service-related projects that could form the basis for a
crowdfunding campaign. “Long story short, we are looking for feedback!
What hidden services projects would you like to see us crowdfund? How do
you use hidden services; what makes them important to you? How you want
to see them evolve?…Also, we are curious about which crowdfunding
platforms you prefer and why.”
See the full post for an introduction to onion services, why they
matter, why a crowdfunding campaign makes sense, and how to join in with
your own ideas.
Spreading the word about Tor with free brochures
Tor advocates play an important role in talking to groups and audiences
around the world about the ways Tor and online anonymity can benefit
them. Until now, printed materials offering a simple introduction to the
basic concepts behind Tor have been hard to come by, so Karsten Loesing
announced  a set of brochures, aimed at various audiences, that can
be freely printed and distributed at Tor talks, tech conferences, public
demonstrations, or just for fun.
If you don’t have access to printing facilities, you can contact the Tor
Project  with details of your event and requirements and receive a
stack of brochures, possibly in return for a report or other feedback.
Spread the word, and feel free to screen the Tor animation  in your
language while you’re at it!
Monthly status reports for March 2015
The wave of regular monthly reports from Tor project members for the
month of March has begun. Damian Johnson released his report first ,
followed by reports from Tom Ritter , Philipp Winter , Pearl
Crescent , Nick Mathewson , Juha Nurmi , and Isabela
Anthony G. Basile announced  version 20150322 of tor-ramdisk, the
micro Linux distribution whose only purpose is to host a Tor server in
an environment that maximizes security and privacy. This release
includes updates to Tor, busybox, OpenSSL, and the Linux kernel.
George Kadianakis used some newly-discovered bridge statistics  to
generate visual bandwidth histories, in order “to better understand how
much bridges are used”. “Questions and feedback on my methodology are
welcome”, writes George. On the other hand, “we should think about the
privacy implications of these statistics since they are quite
fine-grained (multiple measurements per day) and some bridges don’t have
many clients (hence small anonymity set for them)”, so if you have
comments on this topic feel free to send them to the thread.
News from Tor StackExchange
Tor’s StackExchange site is currently running a self-evaluation . On
the evaluation page  you’ll see some questions and answers. Please
go through this list and rate those questions. It helps the Q&A site to
improve those answers and see where weaknesses are.
User 2313265939 lives in a heavily censored region and wants an
OnionPi  to connect to the meek-amazon pluggable transport . If
you have an answer, please share it with this user.
This week in Tor history
A year ago this week , Tor developers were discussing the
possibility of distributing bridge relay addresses via QR code, to avoid
tricky copy-pastes and input errors that might cause a failed
connection. Today, you can request some bridge lines from BridgeDB 
and select “Show QR code” to be shown…exactly that. Bridge address QR
code recognition will soon make its way  into the Orbot stable
release, as well, so your simple censorship circumvention is no longer
dependent on finicky touchscreen keyboards!
Apr 03 20:00 UTC | Tails contributors meeting
| #tails-dev, irc.oftc.net
Apr 06 18:00 UTC | Tor Browser online meeting
| #tor-dev, irc.oftc.net
Apr 06 18:00 UTC | OONI development meeting
| #ooni, irc.oftc.net
Apr 07 18:00 UTC | little-t tor patch workshop
| #tor-dev, irc.oftc.net
Apr 16 - 18 | Roger @ 2015 German-American Frontiers of Engineering Symposium
| Potsdam, Germany
Apr 24 | Roger @ CTIC Privacy Conference
| University of Pennsylvania Law School
This issue of Tor Weekly News has been assembled by Harmony, Karsten
Loesing, qbi, and the Tails team.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page , write down your
name and subscribe to the team mailing list  if you want to
More information about the tor-news