[tor-reports] SponsorF October 2014 report

Roger Dingledine arma at mit.edu
Mon Nov 10 07:52:48 UTC 2014

Here is the October report for SponsorF Year4:
(With thanks to Lunar for compiling much of it!)


1) Tor: performance, scalability, reachability, anonymity, security.

- We released Tor on October 20th. It disables SSL3 in
response to the recent "POODLE" attack (even though POODLE does
not affect Tor). It also works around a crash bug (which does
affect Tor) caused by some operating systems' response to the
"POODLE" attack. It also contains a few miscellaneous fixes.

- We released Tor the same day with backported fixes for "POODLE"
related issues.

- We released Tor on October 25th. It is the first stable
release in the 0.2.5 series, which adds several new security features,
including improved denial-of-service resistance for relays, new compiler
hardening options, and a system-call sandbox for hardened installations
on Linux (requires seccomp2). The controller protocol has several new
features, resolving IPv6 addresses should work better than before, and
relays should be a little more CPU-efficient. Support for more OpenBSD
and FreeBSD transparent proxy types has been added. The build system
and testing infrastructure now allow unit testing of more parts of the
Tor codebase. Several nagging pluggable transport usability issues have
been addressed, with many numerous other small bugfixes and features.

- The release of Tor marks the deprecation of the older stable
series 0.2.3.

- We released the first alpha release for the 0.2.6 series on October
30th. Tor includes numerous code cleanups and new tests,
and fixes a large number of annoying bugs. Out-of-memory conditions are
handled better than in 0.2.5, pluggable transports have improved proxy
support, and clients now use optimistic data for contacting hidden
services. Also, we are now more robust to changes in what we consider a
parseable directory object, so that tightening restrictions does not
have a risk of introducing infinite download loops.

- Trunnel 1.3 was released on October 2nd. Trunnel is a code generator
for binary encoders/decoders. Some code that it has generated has been
merged into the Tor master branch for the 0.2.6 release series.

- Nick Mathewson made progress on the ed25519 identity key branch.
Now it generates all its keys correctly, and includes full tests for
link handshakes (though not the handshakes themselves). It also
includes all new signatures in keys, with very high test coverage for
descriptor parsing.

- George Kadianakis wrote an initial implementation of the Tor side of
the "guardfraction" project, which aims to let us extend the rotation
period for guards while still having clients load balance effectively
on them. Directory authorities vote and produce consensuses with
guardfraction information which can later by used by clients when doing
path selection. Initial reviews outlined some subsequent work that needs
to be done.


2) Bridges and Pluggable transports: make Tor able to adapt to new
blocking events (including better tracking when these blocking events

- The OONI project has been developing a test that allows probes in
censored countries to test which bridges are blocked and which are not.
They're also running actual probes and collecting actual data. A prototype
visualisation of the data is available.

- David Fifield summarized the costs incurred by the meek pluggable
transport for the months of October 2014. The costs went from under $10
in September to a total of $171.14 for this month. There was an explosion
in users after the release of Tor Browser 4.0 on October 15th.

- Yawning Angel called for testing of the new implementation of
tor-fw-helper in Go. tor-fw-helper is a tool that automates port
forwarding to increase usability for the Flash Proxy pluggable transport;
the previous implementation pulled in unmaintained C++ libraries that
no sane user would be comfortable running.

- An obfs4proxy package for Debian and Ubuntu is now available from
the deb.torproject.org repository.

- Philipp Winter wrote an article on the Tor blog to summarize some
new findings concerning the the way in which the "Great Firewall of
China" acts upon blocked connections, like those trying to reach Tor.

- Roger Dingledine gave a keynote at the SponsorF "circumvention summit"
meeting, covering some lessons learned in the anonymity and circumvention
struggles over the past few years.


3) Bundles: improve the Tor Browser Bundle and other Tor bundles and
packages, especially improving bridge and pluggable transport support
in TBB.

- Tor Browser 4.0 was announced on October 15th. This version brings
several exciting new features to the stable series, including the meek
censorship-circumvention tool, the secure updater, and a simplified
Javascript enabling/disabling process in NoScript, all based on a
customized Firefox ESR31. SSLv3 is also disabled, in response to the
recent POODLE attack.

- Tor Browser 4.0.1 is a bugfix release made available on October 31st.
This version disables DirectShow which was causing crashes on Windows.

- We updated the Tor Browser design document to cover the 4.0 series,
describe the build reproducibility enhancements, and update the list of
known fingerprinting attacks and defenses.

- Tails 1.2 was released on October 16th. This release replaces the
custom Iceweasel browser with "most of" the regular Tor Browser and
confines several important applications with AppArmor. Minor fixes
and security upgrades are included as with every release.

- Version 0.1.3 of TorBirdy, a torifying extension for the Thunderbird
email client, was released on October 23rd. This release fixes a system
language leak which appeared with Thunderbird 31, it disables the
automatic downloading of messages from POP3 accounts, and ensures that
draft messages for IMAP accounts are stored on the local system rather
than sent over the network.

- tor-ramdisk, the micro Linux distribution to host a Tor relay, has
been updated to version 20141022. This release contains updates to Tor, OpenSSL, and the Linux kernel.


4) Metrics: provide safe but useful statistics, along with the underlying
data, about the Tor network and its users and usage.

- Karsten Loesing published a non-functional mock-up of a redesign for
the Tor Metrics portal. Leiah Jansen worked on layout and user experience
improvements based on the prototype.

- Jeremy Gillula analyzed data relating to Tor node churn found in Tor
consensuses for September 2014, and found that on average, 0.003%
of nodes switch from being relay nodes to exit nodes in any given 1-hour
period, and 0.002% switch from being exit nodes to relay nodes.

- Onionoo will soon have the search parameter accept base64-encoded
fingerprints in addition to hex-encoded fingerprints, nicknames, and IP
addresses. These searches will also return relays whose base64-encoded
fingerprints are a partial match for the search string.

- Several fixes were made to DocTor, the consensus health checker.


5) Outreach: teach a broad range of communities about how Tor works,
why it's important, and why this broad range of user communities is
needed for best safety.

- We wrote an article on the blog to respond to the abuse of Tor by
creators of so-called "ransomware", or malware that tries to restrict
access to users' files unless a ransom is paid; these extortionists
sometimes ask their victims to install Tor software in order to
communicate with them over a hidden service, leading users to the mistaken
belief that The Tor Project is somehow involved.

- Facebook set up a Tor hidden service to enable its users to interact
with the service without their traffic leaving the Tor network. This
sparked a lot of interest and many discussions. A couple of common
concerns were later answered in a Tor blog post.

- We made an index of past presentations about Tor. 87 presentations
are currently indexed.

- Tom asked for assistance in overhauling the GoodBadISP page, which is
the starting point for many relay operators around the world.

- Roger Dingledine participated in a panel organized by the International
Computer Science Institute of UC Berkeley: "Is it possible to use
technology to protect our privacy?"
Afterwards Roger met with Vern Paxson's research group to help steer
them in the right direction for research into pluggable transport metrics
and censorship efficacy.

- Both Tor and Tails received their first cinematic credits with the
première of "CITIZENFOUR", a documentary film concerning the recent
disclosure of intelligence documents by Edward Snowden.

- Roger started organizing and sending invites for our upcoming enormous
gathering in Valencia, Spain, in March 2015:


6) Research: Assist the academic community in analyzing/improving Tor.

- Otto Huhta has completed an MSc thesis to investigate the possibility
that an adversary in control of a non-exit relay could link two or more
Tor circuits back to the same client based on nothing more than timing

- Steven Murdoch published a paper on the optimization of Tor's node
selection probabilities advocating that what Tor used to do
(distributing traffic to nodes in proportion to their contribution to
network capacity) is not the best approach.

- "Defending Tor from Network Adversaries: A Case Study of Network Path
Prediction" is a new paper by Joshua Juen, Anupam Das, Aaron Johnson,
Nikita Borisov, and Matthew Caesar on the effect of network features
like autonomous systems and Internet exchanges on the security of Tor's
path selection.

- Tom Ritter sent out a detailed report of issues he encountered while
setting up his own Tor network using full-featured independent tor
daemons, rather than a network simulator like Shadow or Chutney.

- Roger met with OONI developers, Nick Feamster's research group, Philippa
Gill's research group, Jed Crandall's research group, and researchers
from Citizen Lab and many other groups to discuss and brainstorm about
measuring and reporting about Internet censorship and other interference.

More information about the tor-reports mailing list