[tor-talk] Tor Weekly News — March 19th, 2014
lunar at torproject.org
Wed Mar 19 12:48:03 UTC 2014
Tor Weekly News March 19th, 2014
Welcome to the eleventh issue of Tor Weekly News in 2014, the weekly
newsletter that covers what is happening in the Tor community.
Accessing the Tor network from China
In a new blog post “How to read our China usage graphs” , Roger
Dingledine looks at the current situation of how Tor is able to
circumvent censorship on Chinese Internet accesses. Indeed, if one only
looks at the current bridge users graph , one might believe that Tor
is not a solution for users in China.
“The correct interpretation of the graph is ‘obfs3 bridges have not been
deployed enough to keep up with the demand in China’. So it isn’t that
Tor is blocked — it’s that we haven’t done much of a deployment for
obfs3 bridges or ScrambleSuit bridges, which are the latest steps in the
arms race” writes Roger.
The upcoming version — currently in QA phase  — of the Tor Browser
will include support for the pluggable transports  obfs3 , FTE 
and Flashproxy . Having these transports ready to be used in a couple
of clicks should help Chinese users.
The “obfs3” protocol is still vulnerable to active probing attacks. The
deployment of its replacement, ScrambleSuit , is on-going. As Roger
highlighted, “we need to get more addresses”. Several ways have been
thoughts in the past , but until there is more cooperation from ISP
and network operators, your can make a difference by running a
bridge  if you can!
On another front, work is currently on-going on the bridge
distributor  to improve how censored users can get a hand on bridge
addresses. Yawning Angel also just released  the first version of
obfsclient  which should help making ScrambleSuit available on
Android devices. All in all, the Tor community can hope to welcome back
more users from China in a near future.
Circumventing censorship through “too-big-too-block” websites
Late January, David Fifield introduced  a new pluggable transport
called “meek” . It can be described as “a transport that uses HTTP
for carrying bytes and TLS for obfuscation. Traffic is relayed through a
third-party server (Google App Engine). It uses a trick to talk to the
third party so that it looks like it is talking to an unblocked server.”
The approach is close to the GoAgent  proxy that has a certain
popularity in China.
With the current version, using Google App Engine, the transport
requires no additional configuration. But David also mentioned that a
PHP script  could also be a good candidate to relay the traffic.
Combined to ScrambleSuit , it could allow “a real web site with real
pages and everything” to be used as a bridge if a user can provide the
David has made available experimental versions  of the Tor Browser
for anyone to try. The source code  has recently moved  to the
Tor Project’s infrastructure, and is ready for more eyes and fingers to
play with it.
Switching to a single guard node?
Last October, Roger Dingledine called for research on improving Tor’s
anonymity by changing guard parameters . One of these parameters is
the number of guard nodes used simultaneously by a Tor client.
Following up on the paper written by Tariq Elahi et al. , Roger’s
blog post, and recent discussions during the winter dev. meeting, George
Kadianakis made a detailed analysis of the implications of switching to
a single guard node . He studied the performance implications of
switching to a single guard, the performance implications of raising the
minimum guard bandwidth for both clients and the overall network, and
how the change would affect the overall anonymity and fingerprintability
of Tor users.
Jumping to conclusions: “It seems that the performance implications of
switching to 1 guard are not terrible. […] A guard bandwidth threshold
of 2MB/s […] seems like it would considerably improve client performance
without screwing terribly with the security or the total performance of
the network. The fingerprinting problem will be improved in some cases,
but still remains unsolved for many of the users […] A proper solution
might involve guard node buckets ”.
For a better understanding, be sure to look at George’s work which
includes graphs and proper explanations.
George Kadianakis announced  obfsproxy version 0.2.7. The new
release fixes an important bug  “where scramblesuit would basically
reject clients if they try to connect a second time after a short amount
of time has passed.” Bridge operators are strongly advised to upgrade
from source , pip , or the upcoming Debian packages.
The submission deadline for this year’s Google Summer of Code  is
the 21st: this Friday. Several students already showed up on the tor-dev
mailing list, but as Damian Johnson says : “If you’re
procrastinating until the last minute then please don’t!”
Tails logo contest  is happily on-going. Several submissions have
already been received and can be seen on the relevant blueprint .
Kelley Misata and Karen Reilly attended the South by Southwest (SXSW)
Interactive festival  in Austin, Texas.
Relay and bridge operators might be interested in Ramo’s first
release  of a Tor plugin for Nagios . It can currently check for
a page fetch through the SOCKS proxy port, the hibernation state, the
current bandwidth, ORPort reachability, DirPort reachability, and the
bytes remaining until hibernation.
Nicolas Vigier sent his monthly report for February .
Tails won the 2014 Endpoint Security prize  from Access. The prize
recognizes  Tails “unique positive impact on the endpoint security
of at-risk users in need”. Congrats!
The Format-Transforming Encryption project at Portland State University
received  an unexpected 100,000 USD grant from Eric Schmidt.
Tor help desk roundup
The help desk has seen an increase in Russian language support requests
amidst news that the Russian Federation began censoring a number of
websites. Unfortunately, the help desk is not able to provide support in
Russian for now. Changes in the number of Tor users by country can be
observed on the project’s metrics page .
Mar 19 19:00 UTC | little-t tor development meeting
| #tor-dev, irc.oftc.net
Mar 22-23 | Tor @ LibrePlanet 2014
| Cambridge, Massachusetts, USA
Apr 11 11:00 EDT | Roger @ George Mason University
| Washington, DC, USA
This issue of Tor Weekly News has been assembled by Lunar,
Matt Pagan and Karsten Loesing.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page , write down your
name and subscribe to the team mailing list  if you want to
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: Digital signature
More information about the tor-talk