[tor-reports] SponsorR September 2015 report

George Kadianakis desnacked at riseup.net
Sat Oct 10 14:44:05 UTC 2015 

Hello,

here is the September 2015 report for SponsorR:

- We attended the Tor development meeting in Berlin!

  We spent plenty of time roadmapping the following months: 
    https://trac.torproject.org/projects/tor/wiki/org/meetings/2015SummerDevMeeting/Roadmap/HiddenServices?version=1
  And discussed various aspects of guard security:
    https://gitweb.torproject.org/user/mikeperry/torspec.git/commit/?h=guard_discovery_dev
    https://lists.torproject.org/pipermail/tor-dev/2015-September/009497.html
    https://lists.torproject.org/pipermail/tor-dev/2015-September/009406.html

- We started compiling a list of suggestions and guidelines for
  conducting ethical research on Tor. In the future, this will turn
  into a document to help researchers evaluate the safety of their
  proposed research plan, especially when it deals with real users on
  the Tor network:
     https://trac.torproject.org/projects/tor/wiki/doc/ResearchEthics

  Some subsequent discussion can be found here:
     https://lists.torproject.org/pipermail/tor-dev/2015-October/009620.html
     https://lists.torproject.org/pipermail/tor-dev/2015-October/009639.htmlx

- We addressed an information leak that allowed attackers to enumerate
  hidden service addresses using the Referer field of HTTP (#9623).

- We improved our techniques for the detection of malicious HSDir
  nodes and caught a few more enumerators.

- Finally published the first version of the Single Onion Services proposal:
     https://lists.torproject.org/pipermail/tor-dev/2015-September/009408.html
  This new system allows a whole new class of use cases, and provides
  greater performance and versatility than the previous proposed
  system.

- Continued design on the shared randomness proposal (prop250):
     https://lists.torproject.org/pipermail/tor-dev/2015-September/009425.html
  and also started with implementation:
     https://trac.torproject.org/projects/tor/ticket/16943

  This proposal will help us in the arms race against attackers crawling
  the HSDir.

- We also created trac tickets for the various tasks that need to be
  done to implement Next Generation Hidden Services:
    https://trac.torproject.org/projects/tor/ticket/17239
    https://trac.torproject.org/projects/tor/ticket/17240
    https://trac.torproject.org/projects/tor/ticket/17241
    https://trac.torproject.org/projects/tor/ticket/17242
    https://trac.torproject.org/projects/tor/ticket/17238

- Donncha suggested an improvement for Tor2Web mode which will allow
  it to serve end-to-end encrypted traffic to clients:
     https://lists.torproject.org/pipermail/tor-dev/2015-September/009507.html

- Tom suggested a scalability improvement for busy hidden services,
  which allows them to have one host handling introduction requests
  and a different host for actually doing the rendezvous.

More information about the tor-reports mailing list