[tor-talk] Tor Weekly News — December 10th, 2014

Harmony harmony01 at riseup.net
Wed Dec 10 12:08:25 UTC 2014

Tor Weekly News                                      December 10th, 2014

Welcome to the forty-ninth issue in 2014 of Tor Weekly News, the weekly
newsletter that covers what’s happening in the Tor community.

Tor Browser 4.0.2 and 4.5-alpha-2 are out

Georg Koppen announced new stable and alpha releases by the Tor Browser
team. Tor Browser 4.0.2 [1] fixes the Windows compiler bugs that were
resulting in frequent crashes, ensures entries in the cache are once
again isolated by URL bar domain, and prevents the user’s locale setting
from being leaked by the JavaScript engine. Tor Browser 4.5-alpha-2 [2]
brings further improvements to Torbutton’s new circuit visualization
panel, which can now be turned off by visiting about:config and setting
“extensions.torbutton.display_circuit” to “false”, as well as to the
security slider.

Both releases contain important security updates and all users should
upgrade as soon as possible; please see Georg’s post for full details.
You can obtain your copy from the project page [3], or through the
in-browser updater.

  [1]: https://blog.torproject.org/blog/tor-browser-402-released
  [2]: https://blog.torproject.org/blog/tor-browser-45-alpha-2-released
  [3]: https://www.torproject.org/projects/torbrowser.html

Tails 1.2.1 is out

The Tails team announced [4] a new version of the amnesic live operating
system. Alongside updates to Linux and Tor Browser, Tails 1.2.1 finally
disables the Truecrypt encryption manager, which was abandoned by its
developers earlier this year. There have been warnings about this change
for several months, but users who have not yet migrated their data away
from Truecrypt (or who are not able to) can still access these volumes
with cryptsetup by following Tails’ own guide [5].

The default configuration of GnuPG has also been changed in line with
accepted best practices [6]. If you want to take advantage of this,
there is a simple step you need to perform; please see the team’s post
for more details, and get your copy of the new Tails from the download
page [7] or through the incremental updater.

  [4]: https://tails.boum.org/news/version_1.2.1/
  [5]: https://tails.boum.org/doc/encryption_and_privacy/truecrypt/
  [6]: https://help.riseup.net/en/security/message-security/openpgp/best-practices
  [7]: https://tails.boum.org/download/

More monthly status reports for November 2014

The wave of regular monthly reports from Tor project members for the
month of November continued, with reports from Pearl Crescent [8],
Sukhbir Singh [9], Leiah Jansen [10], Matt Pagan [11], Arlo
Breault [12], Colin C. [13], and Nicolas Vigier [14].

Karsten Loesing reported on behalf of the Tor Network Tools team [15],
and Roger Dingledine sent out the report for SponsorF [16].

  [8]: https://lists.torproject.org/pipermail/tor-reports/2014-December/000718.html
  [9]: https://lists.torproject.org/pipermail/tor-reports/2014-December/000719.html
 [10]: https://lists.torproject.org/pipermail/tor-reports/2014-December/000720.html
 [11]: https://lists.torproject.org/pipermail/tor-reports/2014-December/000721.html
 [12]: https://lists.torproject.org/pipermail/tor-reports/2014-December/000723.html
 [13]: https://lists.torproject.org/pipermail/tor-reports/2014-December/000724.html
 [14]: https://lists.torproject.org/pipermail/tor-reports/2014-December/000725.html
 [15]: https://lists.torproject.org/pipermail/tor-reports/2014-December/000722.html
 [16]: https://lists.torproject.org/pipermail/tor-reports/2014-December/000726.html

Miscellaneous news

George Kadianakis sent out [17] an updated draft of the proposal to
safely collect hidden service statistics from Tor relays.

 [17]: https://lists.torproject.org/pipermail/tor-dev/2014-December/007928.html

Nick Mathewson gave a talk [18] to the Computer Systems Security class
at MIT on the subject of “Anonymous Communication”.

 [18]: https://www.youtube.com/watch?v=rIf_VZQr-dw

David Fifield summarized [19] the costs incurred in November by the
infrastructure for the meek pluggable transport.

 [19]: https://lists.torproject.org/pipermail/tor-dev/2014-December/007916.html

The Tails team wondered [20] about the best way to prioritize adding
support for pluggable transports: “Assuming we add support for
Scramblesuit in Tails 1.3, then what usecases won’t we be supporting,
that we could support better with obfs4 or meek?”

 [20]: https://mailman.boum.org/pipermail/tails-dev/2014-December/007580.html

usprey wrote up a guide [21] to configuring a Tor relay on a server
running Arch Linux: “All and any feedback will be appreciated! Are there
any privacy concerns about using pdnsd to cache DNS locally?”

 [21]: https://lists.torproject.org/pipermail/tor-relays/2014-December/005907.html

Jacob Appelbaum recommended [22] possible ways to reduce the attack
surface presented by the kernel and the firewall in Tails. He also
compiled [23] a dataset containing historical hashes and signatures of
Tails files: “In the future, I’ll write a program that uses the dataset
in a useful manner. In an ideal world, we’d have a way to use a Tails
disk to verify any other Tails disk.”

 [22]: https://mailman.boum.org/pipermail/tails-dev/2014-December/007537.html
 [23]: https://mailman.boum.org/pipermail/tails-dev/2014-December/007588.html

Tor help desk roundup

Users often write to find out how they can help the Tor Project. There
are several ways to help out.

If you have access to a server, consider setting up a Tor relay [24] to
expand the network, or a bridge relay [25] to help internet users stuck
behind censorship.

If you’re a coder, see if any of the projects on our volunteer page [26]
capture your interest. You can also look for tickets on our
bug tracker [27] that are filed with the “easy” component if you want to
submit some patches.

If you’re interested in doing outreach, consider joining the Tor Weekly
News team [28].

If you’d like to get involved with translations, please join a team on
our Transifex [29]. If a team for the language you’d like to translate
into does not yet exist (check carefully), please go ahead and request a
new team. It will take a day or two for the team to be approved, so
please be patient.

 [24]: https://www.torproject.org/docs/debian
 [25]: https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports#Howtosetupabridgewithpluggabletransports
 [26]: https://www.torproject.org/getinvolved/volunteer#Projects
 [27]: https://trac.torproject.org/projects/tor/report
 [28]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
 [29]: https://www.transifex.com/projects/p/torproject/

News from Tor StackExchange

strand raised a question about the code regarding rendezvous and
introduction points [30]. Within src/or/rendservice.c there are several
occurrences of onion_address, and strand wants to know which function
catches what from a hidden service. If you can answer this question,
please come to Tor’s Q&A page and give us some insights.

 [30]: https://tor.stackexchange.com/q/848/88

This week in Tor history

A year ago this week [31], the Freedom of the Press Foundation launched
its “Encryption Tools for Journalists” crowdfunding campaign [32],
distributing the proceeds to five free software security projects,
including the Tor Project and Tails. As of this writing, 1256 donors
have contributed $136,977.05 in support of journalists’ right to
communicate with sources and carry out research without being subjected
to invasive surveillance. Thanks to the FPF and to everyone who has
donated so far!

 [31]: https://lists.torproject.org/pipermail/tor-news/2013-December/000024.html
 [32]: https://freedom.press/bundle/encryption-tools-journalists

Upcoming events

  Dec 10 13:30 UTC | little-t tor development meeting
                   | #tor-dev, irc.oftc.net
  Dec 10 16:00 UTC | Pluggable transports meeting
                   | #tor-dev, irc.oftc.net
  Dec 12 20:00 UTC | Tails low-hanging fruit session
                   | #tails-dev, irc.oftc.net
                   | https://mailman.boum.org/pipermail/tails-dev/2014-December/007593.html
  Dec 15 18:00 UTC | Tor Browser online meeting
                   | #tor-dev, irc.oftc.net
  Dec 15 18:00 UTC | OONI development meeting
                   | #ooni, irc.oftc.net
  Dec 16 18:00 UTC | little-t tor patch workshop
                   | #tor-dev, irc.oftc.net
                   | https://lists.torproject.org/pipermail/tor-dev/2014-December/007929.html
  Dec 27-31        | Tor @ 31st Chaos Communication Congress
                   | Hamburg, Germany
                   | https://events.ccc.de/congress/2014/wiki/Main_Page

This issue of Tor Weekly News has been assembled by Matt Pagan, qbi,
David Fifield, Arlo Breault, Karsten Loesing, and Harmony.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [33], write down your
name and subscribe to the team mailing list [34] if you want to
get involved!

 [33]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
 [34]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team

More information about the tor-talk mailing list