Version 21 (modified by moskvax, 5 years ago) (diff)

language editing, some expansion of gsoc and updates sections

Very first edition of Tor Weekly News. Covering what's happening since June, 26th 2013. To be released on July, 3rd 2013.

Editor for this week: Lunar

Subject: Tor Weekly News — July, 3rd 2013

Tor Weekly News                                           July, 3rd 2013

Welcome to the very first issue of Tor Weekly News, the weekly
newsletter meant to cover what is happening in the vibrant Tor

datagram-based transports moving forward

As Steven Murdoch explained in 2011, with the current implementation of
Tor, “when a packet gets dropped or corrupted on a link between two Tor
nodes, […], all circuits passing through this pair of nodes will be
stalled, not only the circuit corresponding to the packet which was
dropped.” [1]

Such shortcomings of the current design could be worked around by
migrating away from TCP (a stream-based transport) to a datagram-based
transport. Nick Mathewson opened #9165 [2] to track progress on the

Steven Murdoch had experimented a few months ago [3] with uTP, a
protocol “which provides provides reliable, ordered delivery while
maintaining minimum extra delay”, and is already used for uTorrent
peer-to-peer connections [4]. Nick Mathewson finally got to review his
work and wrote several comments on #9166 [5].



Yawning Angel announced [6] the very first release of `obfsproxyssh` [7],
a pluggable transport that uses the ssh wire protocol to hide Tor
traffic.  Its behavior would appear to potential eavesdroppers to be
“identical to a user sshing to a host, authenticating with a RSA
public/private key pair and opening a direct-tcp channel to the ORPort of
the bridge.”

The announcement contains several open issues and questions. Feel free
to have a look and voice your comments!


Crowdfunding for Tor exit relays and bridges

Moritz Bartl announced [8] that he has started a crowdfunding campaign
for Tor exit relays and bridges.

The donations will be distributed equally among all
partner organizations (Zwiebelfreunde e.V., DFRI, Nos Oignons, Swiss
Privacy Foundation, Frënn vun der Ënn and NoiseTor).

For a faster and better network, chip in and spread the word!


Tails 0.19 is out and new stable Tor Brower Bundles

Last Wednesday, the two most popular pre-configured downloadable packages
allowing people to use Tor safely were both updated. The stable Tor
Browser Bundle was updated to verison 2.3.25-10 [10] to include fixes
from Firefox 17.0.7esr.

Tails 0.19 [9] contains the updated Tor browser along with an updated
3.9.5 kernel and minor security improvements to wireless, GNOME and GnuPG

Users of either package are encouraged to upgrade as soon as possible.


Jenkins + Stem catching their first regression

Quoting Damian Johnson's June status report [16]: “Our automated Jenkins
test runs caught their first instance of tor regression. This concerned
LOADCONF's behavior after merging a branch for ticket #6752”. A bug [11]
was opened after Damian properly identified the issue.


First round of reports from GSoC projects

Johannes Fürmann reported [12] on his project, a virtual network
environment intended to simulate censorship for OONI (dubbed "Evil
Genius", after Descartes). Hareesan reported [13] on the Steganography
browser addon.  Cristian-Matei Toader is working [14] on adding
capabilities-based sandboxing to Tor on Linux, using the kernel's seccomp
syscall filtering mechanism. Chang Lan implemented [15] a HTTP
proxy-based transport using CONNECT as the first step in his efforts to
implement a general Tor-over-HTTP pluggable transport.


Developer reports for June 2013

The wave of monthly reports has started. Damian Johnson's was the first
[16], followed by Philipp Winter [17].


Tor's Stackexchange page

The Stackexchange page for "Tor - online anonymity, privacy, and 
security" has left the initial definition stage and has entered the 
commitment stage.[18] During this stage, interested users are asked to 
digitally "sign" the proposal with their full name to help assure the 
site will have an active community during it's critical early days.[19]


Misc. development news

Mike Perry, Linus Nordberg and Georg Koppen all independently produced the same
binaries for Tor Browser Bundle 3.0 alpha 2 [X].

David Goulet has made good progress on his rewrite of torsocks [X] and
should have a beta ready in a couple of weeks. He awaits your review,
comments and contributions.

Someone reached for Tor developers on Twitter to report an apparant
vulnerability in the micro-descriptors implementation. Nick Mathewson
explained at length [X] how this observation was flawed.


Upcoming events

Jul  6-11 | Lunar @ LSM 2013
          | Brussels, Belgium
Jul 10-12 | Tor at Privacy Enhancing Technology Symposium
          | Bloomington, Indiana, USA
Jul 22-26 | Tor annuel dev. meeting
          | München, Germany
Jul 31-05 | Tor at OHM
          | Geestmerambacht, Netherlands
Aug 1-4   | Runa Sandvik @ DEF-CON 21
          | Rio Hotel, Las Vegas, USA
Aug 13    | Roger @ FOCI '13,
          | Washington, D.C., USA

This issue of Tor Weekly News has been assembled by Lunar, dope457, moskvax and

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteer writers who watch the Tor community
and report about what is going on. Please see the project page [XXX]
and write down your name if you want to get involved!