[tor-talk] Tor Weekly News — July 16th, 2014

Lunar lunar at torproject.org
Wed Jul 16 13:09:46 UTC 2014


========================================================================
Tor Weekly News                                          July 16th, 2014
========================================================================

Welcome to the sixteenth issue of Tor Weekly News in 2014, the weekly
newsletter that covers what is happening in the Tor community.

Roundup of research on incentives for running Tor relays
---------------------------------------------------------

As an hors-d’œuvre to the now on-going the Privacy Enhancing Technology
Symposium [1], Rob Jansen wrote a long blog post covering the last five
years of research on incentives for running Tor relays [2].

Rob introduces the topic by describing the current “volunteer resource
model” and mentions that “has succeeded so far: Tor now consists of over
5000 relays transferring between 4 and 5 GiB/s in aggregate”. Rob lists
several possible reasons why volunteers run relays right now. They are
all intrinsic motivations: current operators run relays because they
really want to.

Is only relying on volunteers going to limit the growth of the Tor
network in the future? There are already not-for-profit
organizations [3] operating relays based on donations, but growing them
too much would also be problematic. Another area being explored are
extrinsic motivations: making Tor clients faster when someone runs a
relay or giving a financial reward — in a currency or another — for the
service. Some can legitimately ask if they are suitable for Tor at
all [4] and Rob raises plenty of legitimate concerns on how they would
interact with the current set of volunteers.

The problem keeps interesting researchers, and Rob details no less than
six schemes: the oldest are PAR [5] and Gold Star [6] which introduced
anonymity problems, BRAIDS [7] where double spending of rewards is
prevented without leaking timing information, LIRA [8] which focused on
scalability, TEARS [9] where a publicly auditable e-cash protocol reduce
the reliance on trusted parties, and finally, the (not ideally
named [10]) TorCoin [11] which introduces the idea of a crypto-currency
based on “proof-of-bandwidth”.

Rob details the novel ideas and drawbacks of each schemes, so be sure to
read the original blog post for more details. After this roundup, Rob
highlights that “recent research has made great improvements in the area
of Tor incentives”. But that’s for the technical side as “it is unclear
how to make headway on the social issues”.

“Tor has some choices to make in terms of how to grow the network and
how to position the community during that growth process” concludes Rob.
So let’s have that conversation.

   [1]: https://petsymposium.org/2014/
   [2]: https://blog.torproject.org/blog/tor-incentives-research-roundup-goldstar-par-braids-lira-tears-and-torcoin
   [3]: https://www.torservers.net/
   [4]: http://p2pfoundation.net/Intrinsic_vs._Extrinsic_Motivation#Why_Extrinsic_Motivation_Doesn.27t_Work
   [5]: http://cs.gmu.edu/~astavrou/research/Par_PET_2008.pdf
   [6]: http://freehaven.net/anonbib/papers/incentives-fc10.pdf
   [7]: http://www.robgjansen.com/publications/braids-ccs2010.pdf
   [8]: http://www.robgjansen.com/publications/lira-ndss2013.pdf
   [9]: http://www.robgjansen.com/publications/tears-hotpets2014.pdf
  [10]: https://www.torproject.org/docs/trademark-faq#researchpapers
  [11]: http://www.robgjansen.com/publications/torpath-hotpets2014.pdf

Defending against guard discovery attacks with layered rotation time
--------------------------------------------------------------------

Guard nodes are a key component of a Tor client’s anonymity. Once an
attacker gains knowledge of which guard node is being used by a
particular client, putting the guard node under monitoring is likely the
last step before finding a client’s IP address.

George Kadianakis has restarted the discussion [12] on how to slow down
guard discovery of hidden services [13] by exploring the idea of
“keeping our middle nodes more static”. The idea is to slow down the
attacks based on repeated circuit destruction by reusing the same
“middle nodes for 3-4 days instead of choosing new ones for every
circuit”. Introducing this new behavior will slow down the attack, but
George asks “are there any serious negative implications?”

The idea is not new, as Paul Syverson pointed out [14]: “Lasse and I
suggested and explored the idea of layered guards when we introduced
guards”. He adds “there are lots of possibilities here”.

George worries that middle nodes would then “always see your traffic
coming through your guard (assuming a single guard per client)”. Ian
Goldberg added [15] “the exit will now know that circuits coming from
the same middle are more likely to be the same client”. Restricting the
change to only hidden services and not every client means that it will
be “easy for an entry guard to learn whether a client has static middle
nodes or not”.

As George puts it the latest message in the thread [16]: “As always,
more research is needed…” Please help!

  [12]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007122.html
  [13]: https://bugs.torproject.org/9001
  [14]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007125.html
  [15]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007123.html
  [16]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007126.html

More monthly status reports for June 2014
-----------------------------------------

The wave of regular monthly reports from Tor project members for the
month of June continued, with submissions from Michael Schloh von
Bennewitz [17] and Andrew Lewman [18].

Arturo Filastò reported on behalf of the OONI team [19], while Roger
Dingledine submitted the SponsorF report [20]

  [17]: https://lists.torproject.org/pipermail/tor-reports/2014-July/000587.html
  [18]: https://lists.torproject.org/pipermail/tor-reports/2014-July/000588.html
  [19]: https://lists.torproject.org/pipermail/tor-reports/2014-July/000586.html
  [20]: https://lists.torproject.org/pipermail/tor-reports/2014-July/000589.html

Miscellaneous news
------------------

The various roadmaps that came out of the 2014 summer dev. meeting [21]
have been transcribed [22] in a joint effort by George Kadianakis,
Yawning Angel, Karsten Loesing, and an anonymous person. Most items will
probably be matched with a ticket soon.

  [21]: https://trac.torproject.org/projects/tor/wiki/org/meetings/2014SummerDevMeeting
  [22]: https://trac.torproject.org/projects/tor/wiki/org/meetings/2014SummerDevMeeting/Roadmaps

The Tor Project is hiring a financial controller [23]. This is a part
time position, approximately 20 hours per week, at the office in
Cambridge, Massachusetts.

  [23]: https://www.torproject.org/about/jobs-controller.html

The Tails developers announced the creation of two new mailing lists.
“If you are a designer, UX/UI expert or beginner” [24] interested in the
theory and practice of designing user interfaces for Tails, the tails-ux
list [25] is for you, while the tails-project list [26] is dedicated to
“the ‘life’ of the project“ [27]; however, “technical questions should
stay on tails-dev”.

  [24]: https://mailman.boum.org/pipermail/tails-dev/2014-July/006330.html
  [25]: https://mailman.boum.org/listinfo/tails-ux
  [26]: https://mailman.boum.org/listinfo/tails-project
  [27]: https://mailman.boum.org/pipermail/tails-dev/2014-July/006329.html

Alan kicked of the aforementioned tails-ux mailing list announcing
progress [28] on Tails initial login screen. The new set of mockups is
visible on the corresponding blueprint [29].

  [28]: https://mailman.boum.org/pipermail/tails-ux/2014-July/000000.html
  [29]: https://tails.boum.org/blueprint/tails-greeter:_revamp_UI/

More mockups! Nima Fatemi produced [30] some for a possible
browser-based Tor control panel, incorporating features that were lost
with the removal of Vidalia from the Tor Browser, such as the world map
with Tor circuit visualizations. “How would you perfect that image? [31]
What’s missing?”, asked Nima, hoping “to inspire people to start hacking
on it”.

  [30]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007115.html
  [31]: https://people.torproject.org/~nima/ux/about-tor.png

Meanwhile, Sean Robinson had been working [32] on a new graphical Tor
controller called Syboa [33]. Sean’s “primary motivation for Syboa was
to replace TorK, so it looks [34] more like TorK than Vidalia”. Sean
announces that he will not have time for further development soon but
that he would answer questions.

  [32]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007136.html
  [33]: https://gitorious.org/syboa/syboa
  [34]: https://gitorious.org/syboa/syboa/source/7082a82:docs/screenshot-basic.png

Juha Nurmi submitted [35] the weekly status report for the ahmia.fi GSoC
project.

  [35]: https://lists.torproject.org/pipermail/tor-reports/2014-July/000590.html

Thanks to the University of Edinburgh’s School of Informatics [36],
funcube.fr [37], Stefano Fenoglio [38], IP-Connect [39], Justin
Ramos [40], Jacob Henner from Anatomical Networks [41], and
Hackabit.nl [42] for running mirrors of the Tor Project website!

  [36]: https://lists.torproject.org/pipermail/tor-mirrors/2014-July/000623.html
  [37]: https://lists.torproject.org/pipermail/tor-mirrors/2014-July/000624.html
  [38]: https://lists.torproject.org/pipermail/tor-mirrors/2014-July/000627.html
  [39]: https://lists.torproject.org/pipermail/tor-mirrors/2014-July/000632.html
  [40]: https://lists.torproject.org/pipermail/tor-mirrors/2014-July/000633.html
  [41]: https://lists.torproject.org/pipermail/tor-mirrors/2014-July/000634.html
  [42]: https://lists.torproject.org/pipermail/tor-mirrors/2014-July/000638.html

Tor help desk roundup
---------------------

Users often ask about for assistance setting up Tor Cloud instances.
Sina Rabbani is taking over the maintenance of Tor Cloud and is working
on updating the packages and documentation. Until new documentation on
using the up-to-date images and Amazon Web Services interface lands,
users not already familiar with AWS may want to use a different virtual
server provider to host their bridges.

Easy development tasks to get involved with
-------------------------------------------

The setup scripts of the Flashproxy and Obfsproxy pluggable transports
attempt to download and build the M2Crypto library if they are not
already installed. We´d really want to avoid this and have the setup
script fail if not all libraries are present for building Flashproxy.
The ticket that describes this bug also outlines a possible workaround
that disables all downloads during the setup process [43]. If you know a
bit about setuptools and want to turn this description into a patch and
test it, please give it a try.

  [43]: https://bugs.torproject.org/10847#comment:4

Upcoming events
---------------

 July 15-19        | 14th Privacy Enhancing Technologies Symposium
                   | Amsterdam, The Netherlands
                   | https://petsymposium.org/2014/
                   |
 August 20-22      | Roger @ USENIX Security Symposium ’14
                   | San Diego, California, USA
                   | https://www.usenix.org/conference/usenixsecurity14


This issue of Tor Weekly News has been assembled by Lunar, harmony,
Matt Pagan, Karsten Loesing, and George Kadianakis.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [44], write down your
name and subscribe to the team mailing list [45] if you want to
get involved!

  [44]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
  [45]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20140716/dea4f358/attachment-0001.sig>


More information about the tor-talk mailing list