[tor-talk] Tor Weekly News — November 27th, 2013
lunar at torproject.org
Wed Nov 27 12:17:03 UTC 2013
Tor Weekly News November 27th, 2013
Welcome to the twenty-second issue of Tor Weekly News, the weekly
newsletter that covers what is happening in the Tor community.
Round of updated Tor Browser Bundles
Mozilla put out an urgent security release  of the stable Firefox
branch with version 17.0.11esr. The stable version of the Tor Browser
Bundle has been updated accordingly . The 2.4 release candidate also
received an update, together with the latest incarnation of tor
0.2.4.18-rc. Both were then given a further update due to an issue on 64
bit GNU/Linux systems .
The 3.0 branch saw the release of 3.0rc1  which — on top of updating
its base software — fixed a build reproducibility issue on Windows, and
a few other small fixes.
An updated version of Tails  and the pluggable transport bundle are
still in the making at the time of writing.
Tor is looking for a Browser Hacker and an Extension Developer!
Mike Perry wrote a blog post  to announce two new positions available
at the Tor Project: “We are looking for a C++ browser developer  to
work on our Firefox-based browser, and a Firefox extension developer 
to work on our growing number of Firefox extensions. Our ideal
candidates would be comfortable in both roles, but we are also
interested in hearing from people with either skillset.”
Look at the job descriptions for more details and how to apply for these
exciting opportunities to make Tor software even better.
Roman Mamedov reported  that the Californian company Cloud Engines is
now shipping a device called the “Safeplug”. Exactly how the device
works is unclear, but according to their FAQ, it looks like a router
which transparently directs its client connections through Tor.
Such an approach is known to be flawed. Sean Alexandre  was prompt
in reminding everyone that “application protocols can still reveal your
identity”, and quoted the warning on Tor’s download page : “To avoid
problems with Tor configuration, we strongly recommend you use the Tor
Browser Bundle. It is pre-configured to protect your privacy and
anonymity on the web as long as you’re browsing with the Tor Browser
itself. Almost any other web browser configuration is likely to be
unsafe to use with Tor.”
Aaron Gibson detailed other concerns , namely the absence of source
code or design documents, the mandatory router registration procedure,
issues with the automatic update system, and the terms of service. He
also criticized the “torified everything” approach and outlined an
alternative which he had discussed with Roger Dingledine: “providing a
captive portal that would instruct a user to download a copy of TBB and
use the local router device as a first hop into the Tor network, perhaps
by configuring the device as a bridge.”
On the upside, Andrew Lewman views the product  as “a fine test case
for consumer-level torouter market analysis. It would be great to learn
6 months from now how many they sold and a summary of customer
feedback.” Despite having “lots of concerns” , Andrew is “trying to
discuss them with Cloud Engines” and praised the community for “doing a
fine job of raising questions”.
Nick Mathewson gave the number 223  to Esfandiar Mohammadi’s
proposal titled “Ace: Improved circuit-creation key exchange” .
Matt Pagan reported on his trip to Washington, D.C., USA for the Rally
Against Mass Surveillance . He gave an account of his talk during
the cryptoparty and the march that happened the next day.
Arturo Filastò sent his report about his activities in October .
Nathan Freitas reported  on his efforts to use GeckoView on Android
4.4, which can be seen as the “first step towards Tor Browser on
Kevin Dyer announced  a new release of a pluggable transport powered
by Format-Transforming Encryption . Cross-platform builds of the
pluggable transport Tor Browser Bundle are available for download for
Tor help desk roundup
Echoing the tor-talk thread summarized above, multiple people asked
whether or not the Tor Project could recommend the Safeplug device.
An OS X user asked if it was always necessary to open the Tor Browser
folder in order to start the Tor Browser Bundle. It is possible to
create an alias in Mac OS or a shortcut in Windows to the “Start Tor
Browser” script and place that alias or shortcut in a convenient place,
such as the Desktop.
Dec 27-30 | Tor @ 30th Chaos Communication Congress
| Hamburg, Germany
This issue of Tor Weekly News has been assembled by Lunar, Matt Pagan,
harmony, Philipp Winter, and dope457.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page , write down your
name and subscribe to the team mailing list  if you want to
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: Digital signature
More information about the tor-talk