Tor Weekly News — September 4th, 2015

Fri Sep 4 18:50:57 UTC 2015

========================================================================
Tor Weekly News                                      September 4th, 2015
========================================================================

Welcome to the thirty-fourth issue in 2015 of Tor Weekly News, the
weekly newsletter that covers what’s happening in the Tor community.

Contents
--------

 1. Tor Browser 5.0.2 and 5.5a2 are out
 2. Final reports from two Summer of Privacy students
 3. Should cloud-based Tor relays be rejected?
 4. Miscellaneous news
 5. Upcoming events

Tor Browser 5.0.2 and 5.5a2 are out
-----------------------------------

The Tor Browser team announced new stable and alpha releases of the
privacy-preserving web browser. Version 5.0.2 [1] fixes a bug that was
causing the browser’s launcher icons in the Ubuntu Unity and GNOME
desktops to be duplicated, and includes a newer version of the NoScript
add-on. Version 5.5a2 [2] incorporates these updates along with another
small crash bug fix from the stable series.

Both new releases include important security updates to their respective
Firefox versions, so please ensure you upgrade as soon as possible. If
you are already running a recent Tor Browser, it has probably updated
itself already; if not, head to the project page [3] to download your
copy now.

  [1]: https://blog.torproject.org/blog/tor-browser-502-released
  [2]: https://blog.torproject.org/blog/tor-browser-55a2-released
  [3]: https://www.torproject.org/projects/torbrowser.html

Final reports from two Summer of Privacy students
-------------------------------------------------

Two of the developers participating in Tor’s first-ever Summer of
Privacy coding season [4], Jesse Victors [5] and Donncha
O’Cearbhaill [6], submitted their final progress reports after months of
intensive development.

Jesse’s DNS-like naming system for onion services is already in a
testable state [7]. “All of the infrastructure for OnioNS is in place”,
and while a few protocols are still to be finished, “the client-side and
HS-side software is pretty reliable and stable at this point”, with
support for Debian, Ubuntu, Mint, and Fedora. Development will continue
into the future, and “once the OnioNS software is fully ready, no
modifications to Tor should be necessary to merge OnioNS into the Tor
network”.

Donncha’s project, the onion service load-balancing manager
OnionBalance, has also seen one testing release [8], and the next steps
in development are to package the software for Debian, clarify the
documentation, and implement “smartcard / HSM support master service key
storage and signing”. “I’ll continue developing OnionBalance so that if
possible, it can facilitate some form of load balancing and redundancy
with next-gen hidden services”.

Congratulations to Jesse and Donncha on getting their innovative
projects to this stage, and thanks to the mentors and coordinators who
have made the Summer of Privacy a success. The southern-hemisphere
development timetable is still ongoing, however, so stay tuned for
updates from Israel and Cristóbal Leiva on their TSoP projects.

  [4]: https://trac.torproject.org/projects/tor/wiki/org/TorSoP
  [5]: https://lists.torproject.org/pipermail/tor-dev/2015-August/009375.html
  [6]: https://lists.torproject.org/pipermail/tor-dev/2015-August/009376.html
  [7]: https://lists.torproject.org/pipermail/tor-dev/2015-August/009221.html
  [8]: https://lists.torproject.org/pipermail/tor-talk/2015-July/038312.html

Should cloud-based Tor relays be rejected?
------------------------------------------

Observing that “we sometimes see attacks from relays that are hosted on
cloud platforms”, Philipp Winter investigated [9] the actual benefit to
the Tor network that these relays provide. He found that in an average
consensus from July 2015, “cloud-hosted relays contributed only around
0.8% of bandwidth” (with the caveat that “this is just a lower bound”).
Rejecting such relays from the consensus might force attackers to jump
through more hoops, but would mean “obtaining the netblocks that are
periodically published by all three (and perhaps more) cloud providers”.

Tim Wilson-Brown (teor) wondered [10] about the effect this might have
on Tor developers and researchers who would like to use cloud-based
relays, while nusenu requested [11] that any rejection be publicly
documented “so volunteers don’t waste their time and money setting up
blacklisted relays”.

  [9]: https://lists.torproject.org/pipermail/tor-dev/2015-August/009389.html
 [10]: https://lists.torproject.org/pipermail/tor-dev/2015-August/009390.html
 [11]: https://lists.torproject.org/pipermail/tor-dev/2015-August/009391.html

Miscellaneous news
------------------

Karsten Loesing announced [12] version 2.6 of Onionoo, the Tor network
data observatory. This release adds two new relay family-related fields
to details documents that, together with the “effective_family” field
introduced in version 2.4, replace the older “family” field, which is
now deprecated. These new fields support different family-mapping
use-cases that may be required by Tor network tools such as Atlas,
Globe, and Roster. “The current ‘family’ field will stay available until
Atlas and Globe are updated. If I should also wait for other clients to
be updated, please let me know.”

 [12]: https://lists.torproject.org/pipermail/tor-dev/2015-August/009385.html

After several television appearances over the past few years, Tor made
its literary debut last month in the fourth installment of the late
Stieg Larsson’s Millennium series. A warm Tor community welcome to
Lisbeth Salander — though a subscription to Tor Weekly News might clear
up some of her misconceptions… [13]

 [13]: http://penguinrandomhouse.ca/content/penguin-random-house-canada/blog/excerpt-girl-spiders-web

Upcoming events
---------------

  Sep 07 17:00 UTC | OONI development meeting
                   | #ooni, irc.oftc.net
                   |
  Sep 07 18:00 UTC | Tor Browser meeting
                   | #tor-dev, irc.oftc.net
                   |
  Sep 08 18:00 UTC | little-t tor patch workshop
                   | #tor-dev, irc.oftc.net
                   |
  Sep 09 13:30 UTC | little-t tor development meeting
                   | #tor-dev, irc.oftc.net
                   |
  Sep 09 14:00 UTC | Measurement team meeting
                   | #tor-project, irc.oftc.net
                   |
  Sep 12 19:00 UTC | Tails low-hanging fruit session
                   | #tails-dev, irc.oftc.net
                   | https://mailman.boum.org/pipermail/tails-project/2015-September/000301.html
                   |
  Sep 27 - Oct 03  | Tor summer dev meeting 2015
                   | Berlin, Germany
                   | https://trac.torproject.org/projects/tor/wiki/org/meetings/2015SummerDevMeeting
                   |
  Oct 01 - Oct 03  | ADINA15: A Dive Into Network Anomalies
                   | Rome, Italy
                   | https://ooni.torproject.org/event/adina15/

This issue of Tor Weekly News has been assembled by Harmony.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [14], write down your
name and subscribe to the team mailing list [15] if you want to
get involved!

 [14]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
 [15]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team