[tor-talk] Tor Weekly News — January 7th, 2015

Harmony harmony01 at riseup.net
Wed Jan 7 12:48:45 UTC 2015


========================================================================
Tor Weekly News                                        January 7th, 2014
========================================================================

Welcome to the first issue in 2015 of Tor Weekly News, the weekly
newsletter that covers what’s happening in the Tor community.

Tor 0.2.6.2-alpha is out
------------------------

Nick Mathewson announced [1] the second alpha release in the Tor 0.2.6.x
series. As well as including the cell scheduling changes [2] and hidden
service statistics collection [3] reported in recent issues of TWN, this
release makes it harder to portscan hidden services by closing circuits
if a client tries to connect to a non-existent port. It also contains
numerous bugfixes and new unit tests; please see Nick’s announcement for
the full changelog. The source code is available as usual from the
distribution directory [4].

  [1]: https://blog.torproject.org/blog/tor-0262-alpha-released
  [2]: https://bugs.torproject.org/9262
  [3]: https://bugs.torproject.org/13192
  [4]: https://dist.torproject.org/

Tor at 31c3
-----------

The 31st edition of the Chaos Communication Congress [5], an annual
highlight in the free software and security calendar, took place in
Hamburg, and as usual Tor featured in several key talks over the course
of the long weekend.

Roger Dingledine and Jacob Appelbaum’s appropriately grand-sounding
“State of the Onion” address [6], a round-up of the year’s events in the
Tor community, took place once again, with guest contributions from
journalist and filmmaker Laura Poitras and OONI developer Arturo
Filastò. Topics included the relationship between censorship and
surveillance, the misinterpretation of academic research by journalists,
new pluggable transports, and much more.

Laura Poitras also joined Julia Angwin, Jack Gillum, and Nadia Heninger
for “Crypto Tales from the Trenches” [7], in which the journalists
described their experiences with security software when doing research
and communicating with sources. “I don’t think any of us could do our
work without Tor”, said Laura, while Julia described the Tails operating
system as “her favorite success story” in this field.

Tor Browser developer Mike Perry joined Seth Schoen to discuss [8] the
concept of deterministic builds, the implementation of which has been
one of the Tor Project’s major successes over the past year. Mike and
Seth demonstrated some of the attacks that this system aims to defend
against, as well as the work that Tor, F-Droid, and Debian have all been
doing to make their processes compatible with the deterministic build
process.

Finally, Dr. Gareth Owen of Portsmouth University presented [9] the
results of research into the content and usage of Tor hidden services.
The research involved setting up a number of Tor relays, waiting until
they gained the “HSDir” flag, then counting the number of times a
particular service’s descriptor was requested, as well as manually
categorizing the services whose descriptors were learned. Dr.  Owen
found that while the largest category of onion services by number could
be characterized as “drugs”, the majority of the descriptor requests he
saw were for services in his “abuse” category. The talk itself discusses
some possible limitations of the data gathered, and Tor developers have
responded on the Tor blog with further analysis [10, 11].

  [5]: https://events.ccc.de/congress/2014/wiki/Main_Page
  [6]: http://media.ccc.de/browse/congress/2014/31c3_-_6251_-_en_-_saal_1_-_201412301400_-_state_of_the_onion_-_jacob_-_arma.html
  [7]: http://media.ccc.de/browse/congress/2014/31c3_-_6154_-_en_-_saal_1_-_201412272300_-_crypto_tales_from_the_trenches_-_nadia_heninger_-_julia_angwin_-_laura_poitras_-_jack_gillum.html
  [8]: http://media.ccc.de/browse/congress/2014/31c3_-_6240_-_en_-_saal_g_-_201412271400_-_reproducible_builds_-_mike_perry_-_seth_schoen_-_hans_steiner.html
  [9]: http://media.ccc.de/browse/congress/2014/31c3_-_6112_-_en_-_saal_2_-_201412301715_-_tor_hidden_services_and_deanonymisation_-_dr_gareth_owen.html
 [10]: https://blog.torproject.org/blog/tor-80-percent-percent-1-2-percent-abusive
 [11]: https://blog.torproject.org/blog/some-thoughts-hidden-services

Monthly status reports for December 2014
----------------------------------------

The wave of regular monthly reports from Tor project members for the
month of December has begun. Philipp Winter released his report
first [12], followed by reports from Damian Johnson [13], Pearl
Crescent [14], Juha Nurmi [15], Nick Mathewson [16], Sherief Alaa [17],
Sukhbir Singh [18], Leiah Jansen [19], David Goulet [20], Michael Schloh
von Bennewitz [21], Colin C. [22], Georg Koppen [23], Arlo Breault [24],
and George Kadianakis [25].

Colin C. also sent out the help desk report [26], while Arturo Filastò
reported on behalf of the OONI team [27] and Mike Perry for the Tor
Browser team [28].

 [12]: https://lists.torproject.org/pipermail/tor-reports/2014-December/000727.html
 [13]: https://lists.torproject.org/pipermail/tor-reports/2014-December/000728.html
 [14]: https://lists.torproject.org/pipermail/tor-reports/2014-December/000729.html
 [15]: https://lists.torproject.org/pipermail/tor-reports/2014-December/000730.html
 [16]: https://lists.torproject.org/pipermail/tor-reports/2014-December/000731.html
 [17]: https://lists.torproject.org/pipermail/tor-reports/2014-December/000732.html
 [18]: https://lists.torproject.org/pipermail/tor-reports/2015-January/000733.html
 [19]: https://lists.torproject.org/pipermail/tor-reports/2015-January/000734.html
 [20]: https://lists.torproject.org/pipermail/tor-reports/2015-January/000735.html
 [21]: https://lists.torproject.org/pipermail/tor-reports/2015-January/000736.html
 [22]: https://lists.torproject.org/pipermail/tor-reports/2015-January/000738.html
 [23]: https://lists.torproject.org/pipermail/tor-reports/2015-January/000740.html
 [24]: https://lists.torproject.org/pipermail/tor-reports/2015-January/000742.html
 [25]: https://lists.torproject.org/pipermail/tor-reports/2015-January/000743.html
 [26]: https://lists.torproject.org/pipermail/tor-reports/2015-January/000737.html
 [27]: https://lists.torproject.org/pipermail/tor-reports/2015-January/000739.html
 [28]: https://lists.torproject.org/pipermail/tor-reports/2015-January/000741.html

Miscellaneous news
------------------

Nick Mathewson and Andrea Shepard drafted a proposal [29] for including
a hash chain in the consensus [30] produced by Tor directory
authorities [31], in order to prevent certain kinds of attack on the
directory authorities and their keys.

 [29]: https://lists.torproject.org/pipermail/tor-dev/2015-January/008087.html
 [30]: https://metrics.torproject.org/about.html#consensus
 [31]: https://metrics.torproject.org/about.html#directory-authority

Nick also clarified [32] that a recently-discovered Libevent
vulnerability has no effect on Tor.

 [32]: https://lists.torproject.org/pipermail/tor-talk/2015-January/036379.html

In connection with the current push to collect statistics relating to
Tor hidden services in a privacy-preserving manner, Aaron Johnson
noted [33] that there are two further desirable sets of statistics which
might pose a risk to anonymity if gathered incorrectly, and discussed
possible solutions to the problem.

 [33]: https://lists.torproject.org/pipermail/tor-dev/2015-January/008086.html

David Fifield published a summary [34] of costs incurred by the meek
pluggable transport for the month of December 2014.

 [34]: https://lists.torproject.org/pipermail/tor-dev/2015-January/008082.html

David also continued his experiments on historical Tor metrics data with
visualizations of a recent Sybil attack [35], and wondered [36] what
might have been responsible for a sudden change in the way that users in
Kazakhstan were choosing to connect to the Tor network in October 2014.

 [35]: https://lists.torproject.org/pipermail/tor-dev/2015-January/008095.html
 [36]: https://lists.torproject.org/pipermail/tor-talk/2015-January/036346.html

Sebastian Urbach noted [37] a sudden drop in the number of Tor relays
acting as hidden service directories, and wondered about the cause. As
SiNA Rabbani clarified [38], the amount of time a relay needs to have
been running before it earns the “HSDir” flag was increased by directory
authorities, in response to a recent Sybil attack.

 [37]: https://lists.torproject.org/pipermail/tor-relays/2015-January/006051.html
 [38]: https://lists.torproject.org/pipermail/tor-relays/2015-January/006063.html

The developers of ChatSecure for iOS announced [39] that their recent
3.0 release includes experimental support for connections to XMPP chat
servers over Tor, and briefly described how they added the new feature.

 [39]: https://chatsecure.org/blog/chatsecure-ios-v3-released/

Upcoming events
---------------

  Jan 07 13:30 UTC | little-t tor development meeting
                   | #tor-dev, irc.oftc.net
                   |
  Jan 12 18:00 UTC | Tor Browser online meeting
                   | #tor-dev, irc.oftc.net
                   |
  Jan 12 18:00 UTC | OONI development meeting
                   | #ooni, irc.oftc.net
                   |
  Jan 13 18:00 UTC | little-t tor patch workshop
                   | #tor-dev, irc.oftc.net
                   |
  Jan 16 19:30 UTC | Tails/Jessie progress meeting
                   | #tails-dev, irc.oftc.net
                   | https://mailman.boum.org/pipermail/tails-dev/2014-December/007696.html


This issue of Tor Weekly News has been assembled by Harmony, David
Fifield, Catfish, and Karsten Loesing.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [40], write down your
name and subscribe to the team mailing list [41] if you want to
get involved!

 [40]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
 [41]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team


More information about the tor-talk mailing list