Changes between Version 45 and Version 46 of TorWeeklyNews/2013/12


Ignore:
Timestamp:
Sep 25, 2013, 12:21:33 PM (6 years ago)
Author:
dope457
Comment:

sent

Legend:

Unmodified
Added
Removed
Modified
  • TorWeeklyNews/2013/12

    v45 v46  
    33'''Editor: dope457'''
    44
    5 '''Status: FROZEN.''' New items should go in [wiki:TorWeeklyNews/2013/13 next week's edition]. Expected release time 2013-09-25 12:00 UTC.
    6 
    7 '''Subject:''' Tor Weekly News — September 25th, 2013
    8 
    9 {{{
    10 ========================================================================
    11 Tor Weekly News                                     September 25th, 2013
    12 ========================================================================
    13 
    14 Welcome to the thirteenth issue of Tor Weekly News, the weekly newsletter
    15 that covers what's happening in the well-heeled Tor community.
    16 
    17 Reimbursement of exit operators
    18 -------------------------------
    19 
    20 In July 2012, Roger Dingledine wrote a post on the Tor blog [1] in which
    21 he raised the prospect of offering funding to organizations running fast
    22 Tor exit nodes. In so doing, Roger wrote, “we will improve the network's
    23 diversity as well as being able to handle more users.” He also announced
    24 that donors were already interested in financing such a scheme. Then, in
    25 April this year, Moritz Bartl stated [2] that torservers.net was looking
    26 to move away from establishing additional exit nodes, in favor of
    27 providing support of various kinds to partner organizations running their
    28 own exits.
    29 
    30 These plans, and the discussion they provoked, are now about to bear
    31 fruit in the form of a financial reimbursement scheme directed at
    32 torservers.net's partner organizations. Moritz wrote again on the the
    33 tor-relays list [3] to announce that reimbursements are scheduled to
    34 begin at the end of this month, drawn from a one-time donation by the
    35 U.S. Government's Broadcasting Board of Governors.
    36 
    37 The ensuing debate focused both on the technical aspects of reimbursement
    38 — that is, how best to determine the division of funds based on
    39 information harvested from the network metrics [4] — and the question of
    40 the security issues that could potentially arise from such a scheme [5].
    41 
    42 Moritz specified that currently the only organizations to qualify for
    43 reimbursements are those that he personally knows: “so, if you’re
    44 interested in becoming a partner, start social interaction with me”, he
    45 wrote. Questions or comments regarding these proposals are welcome on the
    46 tor-relays list, and further announcements and discussion about the
    47 reimbursement system will be published on its dedicated mailing lists [6].
    48 
    49    [1] https://blog.torproject.org/blog/turning-funding-more-exit-relays
    50    [2] https://lists.torproject.org/pipermail/tor-relays/2013-April/001996.html
    51    [3] https://lists.torproject.org/pipermail/tor-relays/2013-September/002824.html
    52    [4] https://lists.torproject.org/pipermail/tor-relays/2013-September/002825.html
    53    [5] https://lists.torproject.org/pipermail/tor-relays/2013-September/002831.html
    54    [6] https://lists.torproject.org/pipermail/tor-relays/2013-May/002138.html
    55 
    56 Tails 0.20.1 is out
    57 -------------------
    58 
    59 Tails saw its 33rd release on September 19th [7]. The most visible change
    60 might be the upgrade of tor to version 0.2.4.17-rc, which should result
    61 in faster and more reliable access to the network after the sudden bump
    62 in Tor clients [8].
    63 
    64 Among other minor bugfixes and improvements, persistence volumes are now
    65 properly unmounted on shutdown. This should prevent data loss in some
    66 situations, and avoid a sometimes lengthy pause upon activation.
    67 
    68 It also fixes several important security issues [9]. It is recommended
    69 that all users upgrade as soon as possible [10].
    70 
    71    [7] https://tails.boum.org/news/version_0.20.1/
    72    [8] https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients
    73    [9] https://tails.boum.org/security/Numerous_security_holes_in_0.20/
    74   [10] https://tails.boum.org/news/version_0.20.1/
    75 
    76 New Tor Browser Bundles released
    77 --------------------------------
    78 
    79 A new set of stable and beta Tor Browser Bundles was released [11] on
    80 September 20th. The Tor Browser is now based on Firefox 17.0.9esr and
    81 fixes several important security issues [12].
    82 
    83 Queries for the default search engine, Startpage, are no longer subject
    84 to its invasive “family filter” [13]. The beta branch also include an
    85 updated version of HTTPS Everywhere that no longer causes a storm of
    86 requests to clients1.google.com, an issue reported by many users after
    87 the last release [14].
    88 
    89 Once again, it is recommended that all users upgrade as soon as possible.
    90 
    91   [11] https://blog.torproject.org/blog/new-tor-browser-bundles-firefox-1709esr
    92   [12] https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.9
    93   [13] https://bugs.torproject.org/8839
    94   [14] https://bugs.torproject.org/9713
    95 
    96 Tor mini-hackathon at GNU 30th Anniversary Celebration
    97 ------------------------------------------------------
    98 
    99 Nick Mathewson sent an invitation [15] encouraging everyone to attend the
    100 GNU 30th Anniversary Celebration [16] on September 28th and 29th at MIT,
    101 Cambridge, MA, USA. Part of the event is a hackathon, and Tor is featured
    102 alongside a few other projects. If you want to spend some of the weekend
    103 helping the Tor community, sign up on the webpage [17] and come along!
    104 
    105   [15] https://lists.torproject.org/pipermail/tor-talk/2013-September/030154.html
    106   [16] https://gnu.org/gnu30/celebration
    107   [17] https://crm.fsf.org/civicrm/event/register?id=10
    108 
    109 Clock skew: false alarm
    110 -----------------------
    111 
    112 Small offsets in system time offer an attractive opportunity for
    113 fingerprinting Tor clients. In order to eliminate unnecessary exposure,
    114 Nick Mathewson has been working on proposal 222 [18].
    115 
    116 Unfortunately, this process introduced a bug into the tor daemon which
    117 became apparent after the directory authority named “turtles” was
    118 upgraded. The result was that relays started to warn their operators of
    119 an implausible clock skew [19]. This was, of course, a false alarm.
    120 
    121 The issue was quickly worked around, and fixed properly a few hours later [20].
    122 
    123   [18] https://gitweb.torproject.org/torspec.git/blob_plain/refs/heads/master:/proposals/222-remove-client-timestamps.txt
    124   [19] https://lists.torproject.org/pipermail/tor-relays/2013-September/002888.html
    125   [20] https://bugs.torproject.org/9798
    126 
    127 Tor Help Desk Roundup
    128 ---------------------
    129 
    130 One user contacted the help desk for assistance running torbrowser, an
    131 application not affiliated with the Tor Project that attempts to mimic
    132 the Tor Browser Bundle. The torbrowser application violates the Tor
    133 Project’s trademark, and the Tor Project encourages users to avoid it.
    134 Multiple Tor Project developers have contacted SourceForge, which hosts
    135 this application’s website, attempting to get the project removed. Andrew
    136 Lewman has said that lawyers have now been engaged [21].
    137 
    138 A number of University students continued to contact the help desk to
    139 report difficulties circumventing their University’s Cyberoam firewall.
    140 These students report being unable to access the Tor network even when
    141 using the Pluggable Transports Browser with obfs3 bridges. One person
    142 reported success circumventing the firewall when using an obfsproxy
    143 bridge on port 443. This issue is ongoing, but a bug report has been
    144 filed [22].
    145 
    146   [21] https://lists.torproject.org/pipermail/tor-talk/2013-August/029614.html
    147   [22] https://bugs.torproject.org/projects/tor/ticket/9601
    148 
    149 Miscellaneous news
    150 ------------------
    151 
    152 Jacob Appelbaum inquired with VUPEN about the Tor Project having the
    153 right of first refusal for Tor Browser bugs, in order to protect users [23].
    154 
    155   [23] http://storify.com/fredericjacobs/discussion-between-tor-s-ioerror-and-vupen-s-chaou
    156 
    157 The proposed Tor page on Stack Exchange has now reached 100% commitment,
    158 and will soon be launching as a live beta. Thanks to everyone who signed
    159 up! [24].
    160 
    161   [24] http://area51.stackexchange.com/proposals/56447/tor
    162 
    163 sajolida reported on the latest Tails “low-hanging fruits session”. The
    164 date and a tentative agenda for the next online contributors meeting have
    165 also been set [25,26].
    166 
    167   [25] https://mailman.boum.org/pipermail/tails-dev/2013-September/003703.html
    168   [26] https://mailman.boum.org/pipermail/tails-dev/2013-September/003696.html
    169 
    170 As GSoC entered its final phase, Kostas Jakeliunas reported on the
    171 searchable metrics archive [27], Johannes Fürmann on EvilGenius [28], and
    172 Cristian-Matei Toader on Tor capabilities [29].
    173 
    174   [27] https://lists.torproject.org/pipermail/tor-dev/2013-September/005483.html
    175   [28] https://lists.torproject.org/pipermail/tor-dev/2013-September/005484.html
    176   [29] https://lists.torproject.org/pipermail/tor-dev/2013-September/005490.html
    177 
    178 How can we provide Tor users an easy way to verify the signatures on Tor
    179 software? Sherief Alaa raised this question on the tor-dev mailing list
    180 when asking for comments on plans to write a “small” GUI tool [30].
    181 
    182   [30] https://lists.torproject.org/pipermail/tor-dev/2013-September/005491.html
    183 
    184 Upcoming events
    185 ---------------
    186 
    187 Sep 28-29 | Tor mini-hackathon at GNU 30th Anniversary Celebration
    188           | MIT, Cambridge, Massachusetts
    189           | https://gnu.org/gnu30/celebration
    190           |
    191 Sep 29    | Colin at the Winnipeg Cryptoparty
    192           | Winnipeg, Manitoba, Canada
    193           | http://wiki.skullspace.ca/index.php/CryptoParty
    194           |
    195 Sep 29-01 | Tor at OpenITP Circumvention Tech Summit IV
    196           | Berlin, Germany
    197           | https://www.openitp.org/openitp/circumvention-tech-summit.html
    198           |
    199 Sep 30    | Congress on Privacy & Surveillance
    200           | Lausanne, Switzerland
    201           | http://ic.epfl.ch/privacy-surveillance
    202 
    203 
    204 This issue of Tor Weekly News has been assembled by harmony, Lunar,
    205 dope457, Matt Pagan, and Jacob Appelbaum.
    206 
    207 Want to continue reading TWN? Please help us create this newsletter.
    208 We still need more volunteers to watch the Tor community and report
    209 important news. Please see the project page [31], write down your
    210 name and subscribe to the team mailing list [32] if you want to
    211 get involved!
    212 
    213   [31] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
    214   [32] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
    215 }}}
     5'''Status:''' [https://lists.torproject.org/pipermail/tor-talk/2013-September/030186.html Sent!]