wiki:TorWeeklyNews/2013/0

Version 21 (modified by moskvax, 5 years ago) (diff)

language editing, some expansion of gsoc and updates sections

Very first edition of Tor Weekly News. Covering what's happening since June, 26th 2013. To be released on July, 3rd 2013.

Editor for this week: Lunar

Subject: Tor Weekly News — July, 3rd 2013

========================================================================
Tor Weekly News                                           July, 3rd 2013
========================================================================

Welcome to the very first issue of Tor Weekly News, the weekly
newsletter meant to cover what is happening in the vibrant Tor
community.

datagram-based transports moving forward
----------------------------------------

As Steven Murdoch explained in 2011, with the current implementation of
Tor, “when a packet gets dropped or corrupted on a link between two Tor
nodes, […], all circuits passing through this pair of nodes will be
stalled, not only the circuit corresponding to the packet which was
dropped.” [1]

Such shortcomings of the current design could be worked around by
migrating away from TCP (a stream-based transport) to a datagram-based
transport. Nick Mathewson opened #9165 [2] to track progress on the
matter.

Steven Murdoch had experimented a few months ago [3] with uTP, a
protocol “which provides provides reliable, ordered delivery while
maintaining minimum extra delay”, and is already used for uTorrent
peer-to-peer connections [4]. Nick Mathewson finally got to review his
work and wrote several comments on #9166 [5].

 [1] https://blog.torproject.org/blog/moving-tor-datagram-transport
 [2] https://bugs.torproject.org/9165
 [3] https://gitweb.torproject.org/sjm217/tor.git/shortlog/refs/heads/utp
 [4] http://www.bittorrent.org/beps/bep_0029.html
 [5] https://bugs.torproject.org/9166

obfsproxyssh
------------

Yawning Angel announced [6] the very first release of `obfsproxyssh` [7],
a pluggable transport that uses the ssh wire protocol to hide Tor
traffic.  Its behavior would appear to potential eavesdroppers to be
“identical to a user sshing to a host, authenticating with a RSA
public/private key pair and opening a direct-tcp channel to the ORPort of
the bridge.”

The announcement contains several open issues and questions. Feel free
to have a look and voice your comments!

 [6] https://lists.torproject.org/pipermail/tor-dev/2013-June/005083.html
 [7] https://github.com/Yawning/obfsproxyssh

Crowdfunding for Tor exit relays and bridges
--------------------------------------------

Moritz Bartl announced [8] that he has started a crowdfunding campaign
for Tor exit relays and bridges.

The donations will be distributed equally among all Torservers.net
partner organizations (Zwiebelfreunde e.V., DFRI, Nos Oignons, Swiss
Privacy Foundation, Frënn vun der Ënn and NoiseTor).

For a faster and better network, chip in and spread the word!

 [8] http://www.indiegogo.com/projects/tor-anti-censorship-and-anonymity-infrastructure/

Tails 0.19 is out and new stable Tor Brower Bundles
----------------------------------------------------

Last Wednesday, the two most popular pre-configured downloadable packages
allowing people to use Tor safely were both updated. The stable Tor
Browser Bundle was updated to verison 2.3.25-10 [10] to include fixes
from Firefox 17.0.7esr.

Tails 0.19 [9] contains the updated Tor browser along with an updated
3.9.5 kernel and minor security improvements to wireless, GNOME and GnuPG
defaults.

Users of either package are encouraged to upgrade as soon as possible.

 [9] https://tails.boum.org/news/version_0.19/
[10] https://blog.torproject.org/blog/new-tor-browser-bundles-and-tor-02414-alpha-packages

Jenkins + Stem catching their first regression
----------------------------------------------

Quoting Damian Johnson's June status report [16]: “Our automated Jenkins
test runs caught their first instance of tor regression. This concerned
LOADCONF's behavior after merging a branch for ticket #6752”. A bug [11]
was opened after Damian properly identified the issue.

[11] https://bugs.torproject.org/9122

First round of reports from GSoC projects
-----------------------------------------

Johannes Fürmann reported [12] on his project, a virtual network
environment intended to simulate censorship for OONI (dubbed "Evil
Genius", after Descartes). Hareesan reported [13] on the Steganography
browser addon.  Cristian-Matei Toader is working [14] on adding
capabilities-based sandboxing to Tor on Linux, using the kernel's seccomp
syscall filtering mechanism. Chang Lan implemented [15] a HTTP
proxy-based transport using CONNECT as the first step in his efforts to
implement a general Tor-over-HTTP pluggable transport.

[12] https://lists.torproject.org/pipermail/tor-dev/2013-June/005078.html
[13] https://lists.torproject.org/pipermail/tor-dev/2013-June/005082.html
[14] https://lists.torproject.org/pipermail/tor-dev/2013-June/005085.html
[15] https://lists.torproject.org/pipermail/tor-dev/2013-June/005086.html

Developer reports for June 2013
------------------------------

The wave of monthly reports has started. Damian Johnson's was the first
[16], followed by Philipp Winter [17].

[16] https://lists.torproject.org/pipermail/tor-reports/2013-June/000262.html
[17] https://lists.torproject.org/pipermail/tor-reports/2013-June/000263.html

Tor's Stackexchange page
------------------------

The Stackexchange page for "Tor - online anonymity, privacy, and 
security" has left the initial definition stage and has entered the 
commitment stage.[18] During this stage, interested users are asked to 
digitally "sign" the proposal with their full name to help assure the 
site will have an active community during it's critical early days.[19]

[18]: http://area51.stackexchange.com/proposals/56447/tor-online-anonymity-privacy-and-security
[19]: https://lists.torproject.org/pipermail/tor-talk/2013-June/028473.html


Misc. development news
----------------------

Mike Perry, Linus Nordberg and Georg Koppen all independently produced the same
binaries for Tor Browser Bundle 3.0 alpha 2 [X].

David Goulet has made good progress on his rewrite of torsocks [X] and
should have a beta ready in a couple of weeks. He awaits your review,
comments and contributions.

Someone reached for Tor developers on Twitter to report an apparant
vulnerability in the micro-descriptors implementation. Nick Mathewson
explained at length [X] how this observation was flawed.

[X] https://lists.torproject.org/pipermail/tor-qa/2013-June/000141.html
[X] https://lists.torproject.org/pipermail/tor-dev/2013-June/005069.html
[X] https://lists.torproject.org/pipermail/tor-talk/2013-June/028699.html
    https://lists.torproject.org/pipermail/tor-talk/2013-June/028700.html
    https://lists.torproject.org/pipermail/tor-talk/2013-June/028701.html

Upcoming events
-------------

Jul  6-11 | Lunar @ LSM 2013
          | Brussels, Belgium
          | https://2013.rmll.info/
          |
Jul 10-12 | Tor at Privacy Enhancing Technology Symposium
          | Bloomington, Indiana, USA
          | http://petsymposium.org/2013/
          |
Jul 22-26 | Tor annuel dev. meeting
          | München, Germany
          | https://trac.torproject.org/projects/tor/wiki/org/meetings/2013SummerDevMeeting
          |
Jul 31-05 | Tor at OHM
          | Geestmerambacht, Netherlands
          | https://ohm2013.org/
          |
Aug 1-4   | Runa Sandvik @ DEF-CON 21
          | Rio Hotel, Las Vegas, USA
          | https://www.defcon.org/html/defcon-21/dc-21-index.html
          |
Aug 13    | Roger @ FOCI '13,
          | Washington, D.C., USA
          | https://www.usenix.org/conference/foci13/



This issue of Tor Weekly News has been assembled by Lunar, dope457, moskvax and
XXX.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteer writers who watch the Tor community
and report about what is going on. Please see the project page [XXX]
and write down your name if you want to get involved!

[XXX] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews

Expand: