Tor Weekly News — January 7th, 2015
harmony01 at riseup.net
Wed Jan 7 12:48:45 UTC 2015
Tor Weekly News January 7th, 2014
Welcome to the first issue in 2015 of Tor Weekly News, the weekly
newsletter that covers what’s happening in the Tor community.
Tor 0.2.6.2-alpha is out
Nick Mathewson announced  the second alpha release in the Tor 0.2.6.x
series. As well as including the cell scheduling changes  and hidden
service statistics collection  reported in recent issues of TWN, this
release makes it harder to portscan hidden services by closing circuits
if a client tries to connect to a non-existent port. It also contains
numerous bugfixes and new unit tests; please see Nick’s announcement for
the full changelog. The source code is available as usual from the
distribution directory .
Tor at 31c3
The 31st edition of the Chaos Communication Congress , an annual
highlight in the free software and security calendar, took place in
Hamburg, and as usual Tor featured in several key talks over the course
of the long weekend.
Roger Dingledine and Jacob Appelbaum’s appropriately grand-sounding
“State of the Onion” address , a round-up of the year’s events in the
Tor community, took place once again, with guest contributions from
journalist and filmmaker Laura Poitras and OONI developer Arturo
Filastò. Topics included the relationship between censorship and
surveillance, the misinterpretation of academic research by journalists,
new pluggable transports, and much more.
Laura Poitras also joined Julia Angwin, Jack Gillum, and Nadia Heninger
for “Crypto Tales from the Trenches” , in which the journalists
described their experiences with security software when doing research
and communicating with sources. “I don’t think any of us could do our
work without Tor”, said Laura, while Julia described the Tails operating
system as “her favorite success story” in this field.
Tor Browser developer Mike Perry joined Seth Schoen to discuss  the
concept of deterministic builds, the implementation of which has been
one of the Tor Project’s major successes over the past year. Mike and
Seth demonstrated some of the attacks that this system aims to defend
against, as well as the work that Tor, F-Droid, and Debian have all been
doing to make their processes compatible with the deterministic build
Finally, Dr. Gareth Owen of Portsmouth University presented  the
results of research into the content and usage of Tor hidden services.
The research involved setting up a number of Tor relays, waiting until
they gained the “HSDir” flag, then counting the number of times a
particular service’s descriptor was requested, as well as manually
categorizing the services whose descriptors were learned. Dr. Owen
found that while the largest category of onion services by number could
be characterized as “drugs”, the majority of the descriptor requests he
saw were for services in his “abuse” category. The talk itself discusses
some possible limitations of the data gathered, and Tor developers have
responded on the Tor blog with further analysis [10, 11].
Monthly status reports for December 2014
The wave of regular monthly reports from Tor project members for the
month of December has begun. Philipp Winter released his report
first , followed by reports from Damian Johnson , Pearl
Crescent , Juha Nurmi , Nick Mathewson , Sherief Alaa ,
Sukhbir Singh , Leiah Jansen , David Goulet , Michael Schloh
von Bennewitz , Colin C. , Georg Koppen , Arlo Breault ,
and George Kadianakis .
Colin C. also sent out the help desk report , while Arturo Filastò
reported on behalf of the OONI team  and Mike Perry for the Tor
Browser team .
Nick Mathewson and Andrea Shepard drafted a proposal  for including
a hash chain in the consensus  produced by Tor directory
authorities , in order to prevent certain kinds of attack on the
directory authorities and their keys.
Nick also clarified  that a recently-discovered Libevent
vulnerability has no effect on Tor.
In connection with the current push to collect statistics relating to
Tor hidden services in a privacy-preserving manner, Aaron Johnson
noted  that there are two further desirable sets of statistics which
might pose a risk to anonymity if gathered incorrectly, and discussed
possible solutions to the problem.
David Fifield published a summary  of costs incurred by the meek
pluggable transport for the month of December 2014.
David also continued his experiments on historical Tor metrics data with
visualizations of a recent Sybil attack , and wondered  what
might have been responsible for a sudden change in the way that users in
Kazakhstan were choosing to connect to the Tor network in October 2014.
Sebastian Urbach noted  a sudden drop in the number of Tor relays
acting as hidden service directories, and wondered about the cause. As
SiNA Rabbani clarified , the amount of time a relay needs to have
been running before it earns the “HSDir” flag was increased by directory
authorities, in response to a recent Sybil attack.
The developers of ChatSecure for iOS announced  that their recent
3.0 release includes experimental support for connections to XMPP chat
servers over Tor, and briefly described how they added the new feature.
Jan 07 13:30 UTC | little-t tor development meeting
| #tor-dev, irc.oftc.net
Jan 12 18:00 UTC | Tor Browser online meeting
| #tor-dev, irc.oftc.net
Jan 12 18:00 UTC | OONI development meeting
| #ooni, irc.oftc.net
Jan 13 18:00 UTC | little-t tor patch workshop
| #tor-dev, irc.oftc.net
Jan 16 19:30 UTC | Tails/Jessie progress meeting
| #tails-dev, irc.oftc.net
This issue of Tor Weekly News has been assembled by Harmony, David
Fifield, Catfish, and Karsten Loesing.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page , write down your
name and subscribe to the team mailing list  if you want to
More information about the tor-news