Tor Weekly News — April 1st, 2015

Harmony harmony01 at riseup.net
Wed Apr 1 22:14:53 UTC 2015


========================================================================
Tor Weekly News                                          April 1st, 2015
========================================================================

Welcome to the thirteenth issue in 2015 of Tor Weekly News, the weekly
newsletter that covers what’s happening in the Tor community.

Tor Browser 4.0.6 and 4.5a5 are out
-----------------------------------

Mike Perry announced two new releases by the Tor Browser team. Tor
Browser 4.0.6 [1] contains updates to Firefox, meek, and OpenSSL; it is
also the last release planned to run on 32-bit Apple hardware. If you
have a 64-bit Mac and are running Mac OS X 10.8, you can expect to be
automatically upgraded to Tor Browser 4.5, optimized for your hardware,
later this month. If you are running OS X 10.6 or 10.7, however, you
will need to update manually once that version of Tor Browser is
released, as described in the end-of-life announcement last year [2].

Tor Browser 4.5a5 [3], meanwhile, includes several exciting security and
usability updates. Tor Browser’s windows, when resized, will now “snap”
to one of a limited range of sizes, to prevent an adversary from
fingerprinting a user based on their unique browser size; the Security
Slider now offers information about the features that are disabled at
each security level; and Tor circuits remain in use for a longer period,
avoiding the errors that can result when websites detect a change in
your connection. You can read about all these features and more in
Mike’s announcement.

These new releases contain important security updates, and all users
should upgrade as soon as possible. As usual, you can get your copy of
the new software using the in-browser updater, or from the project
page [4].

  [1]: https://blog.torproject.org/blog/tor-browser-406-released
  [2]: https://blog.torproject.org/blog/tor-browser-45a5-released
  [3]: https://blog.torproject.org/blog/end-life-plan-tor-browser-32-bit-macs
  [4]: https://www.torproject.org/projects/torbrowser.html

Tails 1.3.2 is out
------------------

Tails version 1.3.2 [5] was put out on March 31. This release includes
updates to key software, fixing numerous security issues. All Tails
users must upgrade as soon as possible; see the announcement for
download instructions.

  [5]: https://tails.boum.org/news/version_1.3.2

Crowdsourcing the future (of onion services)
--------------------------------------------

Onion (or hidden) services are web (or other) services hosted in the Tor
network that have anonymity, authentication, and confidentiality built
in. As George Kadianakis writes, “anything you can build on the
Internet, you can build on hidden services — but they’re better”. A
major task for the Tor community in the near future is making these
important tools more widely available, and usable by groups who urgently
need them, so George took to the Tor blog [6] to solicit ideas for
future onion service-related projects that could form the basis for a
crowdfunding campaign. “Long story short, we are looking for feedback!
What hidden services projects would you like to see us crowdfund? How do
you use hidden services; what makes them important to you? How you want
to see them evolve?…Also, we are curious about which crowdfunding
platforms you prefer and why.”

See the full post for an introduction to onion services, why they
matter, why a crowdfunding campaign makes sense, and how to join in with
your own ideas.

  [6]: https://blog.torproject.org/blog/crowdfunding-future-hidden-services

Spreading the word about Tor with free brochures
------------------------------------------------

Tor advocates play an important role in talking to groups and audiences
around the world about the ways Tor and online anonymity can benefit
them. Until now, printed materials offering a simple introduction to the
basic concepts behind Tor have been hard to come by, so Karsten Loesing
announced [7] a set of brochures, aimed at various audiences, that can
be freely printed and distributed at Tor talks, tech conferences, public
demonstrations, or just for fun.

If you don’t have access to printing facilities, you can contact the Tor
Project [8] with details of your event and requirements and receive a
stack of brochures, possibly in return for a report or other feedback.
Spread the word, and feel free to screen the Tor animation [9] in your
language while you’re at it!

  [7]: https://blog.torproject.org/blog/spread-word-about-tor
  [8]: https://www.torproject.org/about/contact
  [9]: https://blog.torproject.org/blog/releasing-tor-animation

Monthly status reports for March 2015
-------------------------------------

The wave of regular monthly reports from Tor project members for the
month of March has begun. Damian Johnson released his report first [10],
followed by reports from Tom Ritter [11], Philipp Winter [12], Pearl
Crescent [13], Nick Mathewson [14], Juha Nurmi [15], and Isabela
Bagueros [16].

 [10]: https://lists.torproject.org/pipermail/tor-reports/2015-March/000782.html
 [11]: https://lists.torproject.org/pipermail/tor-reports/2015-March/000783.html
 [12]: https://lists.torproject.org/pipermail/tor-reports/2015-March/000784.html
 [13]: https://lists.torproject.org/pipermail/tor-reports/2015-March/000785.html
 [14]: https://lists.torproject.org/pipermail/tor-reports/2015-April/000786.html
 [15]: https://lists.torproject.org/pipermail/tor-reports/2015-April/000787.html
 [16]: https://lists.torproject.org/pipermail/tor-reports/2015-April/000788.html

Miscellaneous news
------------------

Anthony G. Basile announced [17] version 20150322 of tor-ramdisk, the
micro Linux distribution whose only purpose is to host a Tor server in
an environment that maximizes security and privacy. This release
includes updates to Tor, busybox, OpenSSL, and the Linux kernel.

 [17]: https://lists.torproject.org/pipermail/tor-talk/2015-March/037355.html

George Kadianakis used some newly-discovered bridge statistics [18] to
generate visual bandwidth histories, in order “to better understand how
much bridges are used”. “Questions and feedback on my methodology are
welcome”, writes George. On the other hand, “we should think about the
privacy implications of these statistics since they are quite
fine-grained (multiple measurements per day) and some bridges don’t have
many clients (hence small anonymity set for them)”, so if you have
comments on this topic feel free to send them to the thread.

 [18]: https://lists.torproject.org/pipermail/tor-dev/2015-March/008541.html

News from Tor StackExchange
---------------------------

Tor’s StackExchange site is currently running a self-evaluation [19]. On
the evaluation page [20] you’ll see some questions and answers. Please
go through this list and rate those questions. It helps the Q&A site to
improve those answers and see where weaknesses are.

 [19]: http://meta.tor.stackexchange.com/questions/249/lets-get-critical-mar-2015-site-self-evaluation
 [20]: https://tor.stackexchange.com/review/site-eval

User 2313265939 lives in a heavily censored region and wants an
OnionPi [21] to connect to the meek-amazon pluggable transport [22]. If
you have an answer, please share it with this user.

 [21]: https://learn.adafruit.com/onion-pi/overview
 [22]: https://tor.stackexchange.com/q/6538/88

This week in Tor history
------------------------

A year ago this week [23], Tor developers were discussing the
possibility of distributing bridge relay addresses via QR code, to avoid
tricky copy-pastes and input errors that might cause a failed
connection.  Today, you can request some bridge lines from BridgeDB [24]
and select “Show QR code” to be shown…exactly that. Bridge address QR
code recognition will soon make its way [25] into the Orbot stable
release, as well, so your simple censorship circumvention is no longer
dependent on finicky touchscreen keyboards!

 [23]: https://lists.torproject.org/pipermail/tor-news/2014-April/000039.html
 [24]: https://bridges.torproject.org/
 [25]: https://lists.mayfirst.org/pipermail/guardian-dev/2015-March/004283.html

Upcoming events
---------------

  Apr 03 20:00 UTC | Tails contributors meeting
                   | #tails-dev, irc.oftc.net
                   | https://mailman.boum.org/pipermail/tails-project/2015-March/000159.html
                   |
  Apr 06 18:00 UTC | Tor Browser online meeting
                   | #tor-dev, irc.oftc.net
                   |
  Apr 06 18:00 UTC | OONI development meeting
                   | #ooni, irc.oftc.net
                   |
  Apr 07 18:00 UTC | little-t tor patch workshop
                   | #tor-dev, irc.oftc.net
                   |
  Apr 16 - 18      | Roger @ 2015 German-American Frontiers of Engineering Symposium
                   | Potsdam, Germany
                   | http://www.naefrontiers.org/Symposia/GAFOE/21649/44840.aspx
                   |
  Apr 24           | Roger @ CTIC Privacy Conference
                   | University of Pennsylvania Law School
                   | https://www.law.upenn.edu/newsevents/calendar.php#event_id/48977/view/event


This issue of Tor Weekly News has been assembled by Harmony, Karsten
Loesing, qbi, and the Tails team.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [26], write down your
name and subscribe to the team mailing list [27] if you want to
get involved!

 [26]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
 [27]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team


More information about the tor-news mailing list