wiki:TorWeeklyNews/2013/11

Version 13 (modified by harmony, 6 years ago) (diff)

draft of entry guards/linkability item

Twelfth issue of Tor Weekly News. Covering what's happening from September 10th, 2013 to September 17th, 2013. To be released on September 18th, 2013.

Editor: harmony

Subject: Tor Weekly News — September, 18th 2013

========================================================================
Tor Weekly News                                     September 18th, 2013
========================================================================

Welcome to the twelfth issue of Tor Weekly News, the weekly newsletter that
covers what is happening in the XXX Tor community.

New Release of XXX
------------------

XXX: cite specific release date, numbers, and developers responsible

XXX: details about release

 [XXX]

Official response to QUICK ANT disclosure
-----------------------------------------

A certain amount of speculation was provoked by a slide leaked as
part of the ongoing Snowden disclosures and featured in an edition of
the Brazilian current-affairs show 'Fantástico' broadcast on September
8th [XXX], which appeared to show a tab in the alleged NSA/GCHQ FLYING
PIG surveillance interface labelled 'Query QUICK ANT - Tor events QFD'.
Users on Reddit [XXX] and Twitter [XXX] began to suggest possible attacks
on Tor that might be managed through such an interface.

Andrew Lewman posted an official response on the Tor Blog [XXX] in which
he reiterated that "it's not clear what the NSA or GCHQ can or cannot do",
and that well-known theoretical attacks against the Tor network are clearly
described on the project's FAQ page [XXX].

He further added that the tool in question was more likely to involve
"some "Tor flow detector" scripts that let them pick Tor flows out of a
set of flows they're looking at" than "anything to do with deanonymizing
Tor users, except insofar as they might have traffic flows from both sides
of the circuit in their database."

Finally, he remarked that rather than engaging in speculation based on
limited evidence, "we'd rather spend our time developing Tor and conducting
research to make a better Tor."

 [XXX] http://www.reddit.com/r/TOR/comments/1m3jum/gchq_tor_events_capture/
 [XXX] https://twitter.com/jonathanmayer/status/377292928718499841
 [XXX] http://g1.globo.com/fantastico/noticia/2013/09/nsa-documents-show-united-states-spied-brazilian-oil-giant.html
 [XXX] https://blog.torproject.org/blog/tor-nsa-gchq-and-quick-ant-speculation
 [XXX] https://www.torproject.org/docs/faq.html.en#AttacksOnOnionRouting

Entry guards and linkability
----------------------------

Leif Ryge pointed out [XXX] an issue with Tor's current 'entry guards'
system, whereby connections entering Tor from different points on the
same network could potentially be linked to an individual user based on
the three entry nodes selected by that user's Tor client, which remain
constant for a period of 4-8 weeks [XXX].

Leif suggested that "assuming this is an accurate assessment, wouldn't
it make sense to maintain separate sets of entry guards for each network
that the user connects from?"

Nick Mathewson replied [XXX] with an acknowledgement of the problem and
a number of reasons why simply generating separate sets of guards might
also harm a user's anonymity: "You would *not*, for example, want to
maintain a different set of entry guards for every IP that you receive,
since if you did, a hostile DHCP server could feed you new IPs until you
picked a hostile guard. Similarly, if you are a busy traveller who changes
your view of what network you are on hundreds or thousands of times, your
chance of picking a hostile guard would rise accordingly." He also pointed
out that "having a record in your state file of every network you have
visited is not necessarily the best idea either."

Nick concluded by mentioning Roger Dingledine's proposal to lower the
number of entry guards selected by a client to one only, "to avoid the
property of letting guard choices identify Tor clients".

 [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005423.html
 [XXX] https://blog.torproject.org/blog/lifecycle-of-a-new-relay
 [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005424.html

Miscellaneous news
------------------

Item 1 with cited source [XXX].

Item 2 with cited source [XXX].

Item 3 with cited source [XXX].

 [XXX]
 [XXX]
 [XXX]

Vulnerabilities
---------------

XXX: Reported vulnerabilities [XXX].

 [XXX] vulnerability report source

Upcoming events
---------------

Jul XX-XX | Event XXX brief description
          | Event City, Event Country
          | Event website URL
          |
Jul XX-XX | Event XXX brief description
          | Event City, Event Country
          | Event website URL


This issue of Tor Weekly News has been assembled by harmony, XXX, and
XXX.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [XXX], write down your
name and subscribe to the team mailing list [XXX] if you want to
get involved!

  [XXX] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
  [XXX] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team

Possible items: