wiki:TorWeeklyNews/2013/12

Version 25 (modified by harmony, 6 years ago) (diff)

finish reimbursement item/minor language fixes

Thirteenth issue of Tor Weekly News. Covering what's happening from September 17th, 2013 to September 24th, 2013. To be released on September 25th, 2013.

Editor: dope457

Subject: Tor Weekly News — September 25th, 2013

========================================================================
Tor Weekly News                                     September 25th, 2013
========================================================================

Welcome to the thirteenth issue of Tor Weekly News, the weekly newsletter that
covers what is happening in the XXX Tor community.

Reimbursement of exit operators
-------------------------------

In July 2012, Roger Dingledine wrote a post on the Tor blog [XXX] in which he
raised the prospect of offering funding to organizations running fast Tor exit
nodes. In so doing, Roger wrote, 'we will improve the network's diversity as
well as being able to handle more users.' He also announced that donors were
already interested in financing such a scheme. Then, in April this year, Moritz
Bartl stated [XXX] that torservers.net was looking to move away from establishing
additional exit nodes, in favor of providing support of various kinds to partner
organizations running their own exits.

These plans, and the discussion they provoked, are now about to bear fruit
in the form of a financial reimbursement scheme directed at torservers.net's
partner organizations. Moritz wrote again on the the tor-relays list [XXX]
to announce that reimbursements are scheduled to begin at the end of this
month, drawn from a one-time donation by the U.S. Government's Broadcasting
Board of Governors.

The ensuing debate focused both on the technical aspects of reimbursement
— that is, how best to determine the division of funds based on information
harvested from the network metrics [XXX] — and the question of the security
issues that could potentially arise from such a scheme [XXX].

Moritz stipulated that currently the only organizations to qualify for
reimbursements are those that he personally knows: “so, if you're interested
in becoming a partner, start social interaction with me”, he wrote. Questions
or comments regarding these proposals are welcome on the tor-relays list, and
further announcements and discussion about the reimbursement system will be
published on its dedicated mailing lists [XXX].

 [XXX] https://blog.torproject.org/blog/turning-funding-more-exit-relays
 [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-April/001996.html
 [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-September/002824.html
 [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-September/002825.html
 [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-September/002831.html
 [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-May/002138.html

Tails 0.20.1 is out
-------------------

Tails saw its 33rd release on September 19th [XXX]. The most visible change
might be the upgrade of tor to version 0.2.4.17-rc, which should result in
faster and more reliable access to the network after the sudden bump in
Tor clients [XXX]. 

Among other minor bugfixes and improvements, persistence volumes are now properly unmounted
on shutdown. This should prevent data loss in some situations, and avoid a sometimes lengthy
pause upon activation.

It also fixes several important security issues [XXX]. It is recommended that
all users upgrade as soon as possible [XXX].

 [XXX] https://tails.boum.org/news/version_0.20.1/
 [XXX] https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients
 [XXX] https://tails.boum.org/security/Numerous_security_holes_in_0.20/
 [XXX] https://tails.boum.org/news/version_0.20.1/

New Tor Browser Bundles released
--------------------------------

A new set of stable and beta Tor Browser Bundles was released [XXX] on September 20th.
The Tor Browser is now based on Firefox 17.0.9esr and fixes several important
security issues [XXX].

Queries for the default search engine, Startpage, are no longer subject to its
invasive “family filter” [XXX]. The beta branch also include an updated version of
HTTPS Everywhere that no longer causes a storm of requests to clients1.google.com,
an issue reported by many users after the last release [XXX].

Once again, it is recommended that all users upgrade as soon as possible.

 [XXX] https://blog.torproject.org/blog/new-tor-browser-bundles-firefox-1709esr
 [XXX] https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.9
 [XXX] https://bugs.torproject.org/8839
 [XXX] https://bugs.torproject.org/9713

Tor mini-hackathon at GNU 30th Anniversary Celebration
------------------------------------------------------

Nick Mathewson sent an invitation [XXX] encouraging everyone to attend the GNU 30th Anniversary 
Celebration [XXX] this weekend at MIT, where Tor is going to be featured alongside a few other projects. 
Part of the event is a hackathon, so if you like to program, and you're interested in helping the Tor
community, sign up on the webpage [XXX] and come along! 

 [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/030154.html
 [XXX] https://gnu.org/gnu30/celebration
 [XXX] https://crm.fsf.org/civicrm/event/register?id=10

Clock skew: false alarm
-----------------------

Small offsets in system time offer an attractive opportunity for fingerprinting Tor
clients. In order to eliminate unnecessary exposure, Nick Mathewson has been working on
proposal 222 [XXX].

Unfortunately, this process introduced a bug into the tor daemon which became apparent
after the directory authority named “turtles” was upgraded. The result was that relays
started to warn their operators of an implausible clock skew [XXX]. This was, of course,
a false alarm.

The issue was quickly worked around, and fixed properly a few hours later [XXX].

 [XXX] https://gitweb.torproject.org/torspec.git/blob_plain/refs/heads/master:/proposals/222-remove-client-timestamps.txt
 [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-September/002888.html
 [XXX] https://bugs.torproject.org/9798

Miscellaneous news
------------------

Jacob Appelbaum inquired with VUPEN about the Tor Project having the right of first
refusal for Tor Browser bugs, in order to protect users [XXX].

 [XXX] http://storify.com/fredericjacobs/discussion-between-tor-s-ioerror-and-vupen-s-chaou

The proposed Tor page on Stack Exchange has now reached 100% commitment, and will soon
be launching as a live beta. Thanks to everyone who signed up! [XXX].

 [XXX] http://area51.stackexchange.com/proposals/56447/tor

Upcoming events
---------------

Sep 28-29 | Tor mini-hackathon at GNU 30th Anniversary Celebration
          | MIT, Cambridge, Massachusetts
          | https://gnu.org/gnu30/celebration
          |
Sep 30th  | Congress on Privacy & Surveillance
          | A one-day event triggered by recent announcements about secret Internet mass surveillance
          | Lausanne, Switzerland
          | http://ic.epfl.ch/privacy-surveillance
          |
Jul XX-XX | Event XXX brief description
          | Event City, Event Country
          | Event website URL


This issue of Tor Weekly News has been assembled by XXX, XXX, Jacob Appelbaum, and
XXX

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [XXX], write down your
name and subscribe to the team mailing list [XXX] if you want to
get involved!

  [XXX] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
  [XXX] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team

Possible items :

on EvilGenius by Johannes Fürmann https://lists.torproject.org/pipermail/tor-dev/2013-September/005484.html