wiki:TorWeeklyNews/2013/12

Version 36 (modified by mttpgn, 6 years ago) (diff)

--

Thirteenth issue of Tor Weekly News. Covering what's happening from September 17th, 2013 to September 24th, 2013. To be released on September 25th, 2013.

Editor: dope457

Subject: Tor Weekly News — September 25th, 2013

========================================================================
Tor Weekly News                                     September 25th, 2013
========================================================================

Welcome to the thirteenth issue of Tor Weekly News, the weekly newsletter that
covers what's happening in the well-heeled Tor community.

Reimbursement of exit operators
-------------------------------

In July 2012, Roger Dingledine wrote a post on the Tor blog [XXX] in which he
raised the prospect of offering funding to organizations running fast Tor exit
nodes. In so doing, Roger wrote, “we will improve the network's diversity as
well as being able to handle more users.” He also announced that donors were
already interested in financing such a scheme. Then, in April this year, Moritz
Bartl stated [XXX] that torservers.net was looking to move away from establishing
additional exit nodes, in favor of providing support of various kinds to partner
organizations running their own exits.

These plans, and the discussion they provoked, are now about to bear fruit
in the form of a financial reimbursement scheme directed at torservers.net's
partner organizations. Moritz wrote again on the the tor-relays list [XXX]
to announce that reimbursements are scheduled to begin at the end of this
month, drawn from a one-time donation by the U.S. Government's Broadcasting
Board of Governors.

The ensuing debate focused both on the technical aspects of reimbursement —
that is, how best to determine the division of funds based on information
harvested from the network metrics [XXX] — and the question of the security
issues that could potentially arise from such a scheme [XXX].

Moritz specified that currently the only organizations to qualify for
reimbursements are those that he personally knows: “so, if you're interested
in becoming a partner, start social interaction with me”, he wrote. Questions
or comments regarding these proposals are welcome on the tor-relays list, and
further announcements and discussion about the reimbursement system will be
published on its dedicated mailing lists [XXX].

 [XXX] https://blog.torproject.org/blog/turning-funding-more-exit-relays
 [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-April/001996.html
 [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-September/002824.html
 [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-September/002825.html
 [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-September/002831.html
 [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-May/002138.html

Tails 0.20.1 is out
-------------------

Tails saw its 33rd release on September 19th [XXX]. The most visible change
might be the upgrade of tor to version 0.2.4.17-rc, which should result in
faster and more reliable access to the network after the sudden bump in
Tor clients [XXX]. 

Among other minor bugfixes and improvements, persistence volumes are now properly unmounted
on shutdown. This should prevent data loss in some situations, and avoid a sometimes lengthy
pause upon activation.

It also fixes several important security issues [XXX]. It is recommended that
all users upgrade as soon as possible [XXX].

 [XXX] https://tails.boum.org/news/version_0.20.1/
 [XXX] https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients
 [XXX] https://tails.boum.org/security/Numerous_security_holes_in_0.20/
 [XXX] https://tails.boum.org/news/version_0.20.1/

New Tor Browser Bundles released
--------------------------------

A new set of stable and beta Tor Browser Bundles was released [XXX] on September 20th.
The Tor Browser is now based on Firefox 17.0.9esr and fixes several important
security issues [XXX].

Queries for the default search engine, Startpage, are no longer subject to its
invasive “family filter” [XXX]. The beta branch also include an updated version of
HTTPS Everywhere that no longer causes a storm of requests to clients1.google.com,
an issue reported by many users after the last release [XXX].

Once again, it is recommended that all users upgrade as soon as possible.

 [XXX] https://blog.torproject.org/blog/new-tor-browser-bundles-firefox-1709esr
 [XXX] https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.9
 [XXX] https://bugs.torproject.org/8839
 [XXX] https://bugs.torproject.org/9713

Tor mini-hackathon at GNU 30th Anniversary Celebration
------------------------------------------------------

Nick Mathewson sent an invitation [XXX] encouraging everyone to attend the GNU 30th Anniversary 
Celebration [XXX] on September 28th and 29th at MIT, Cambridge, MA, USA.
Part of the event is a hackathon and Tor is featured alongside a few other projects.
So if you want to spend some of the week-end to help the Tor community, sign up on the webpage [XXX] and come along! 

 [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-September/030154.html
 [XXX] https://gnu.org/gnu30/celebration
 [XXX] https://crm.fsf.org/civicrm/event/register?id=10

Clock skew: false alarm
-----------------------

Small offsets in system time offer an attractive opportunity for fingerprinting Tor
clients. In order to eliminate unnecessary exposure, Nick Mathewson has been working on
proposal 222 [XXX].

Unfortunately, this process introduced a bug into the tor daemon which became apparent
after the directory authority named “turtles” was upgraded. The result was that relays
started to warn their operators of an implausible clock skew [XXX]. This was, of course,
a false alarm.

The issue was quickly worked around, and fixed properly a few hours later [XXX].

 [XXX] https://gitweb.torproject.org/torspec.git/blob_plain/refs/heads/master:/proposals/222-remove-client-timestamps.txt
 [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-September/002888.html
 [XXX] https://bugs.torproject.org/9798

Tor Help Desk Roundup
---------------------

One user contacted the help desk for assistance running torbrowser, an application 
not affiliated with the Tor Project that attempts to mimic the Tor Browser Bundle. 
The torbrowser application violates the Tor Project's trademark, and the Tor Project 
encourages users to avoid it . Multiple Tor Project developers have contacted 
SourceForge, which hosts this application's website, attempting to get the project 
removed. Andrew Lewman has said that lawyers have now been engaged [XXX].

University students continue contacting the help desk to report having difficulties 
circumventing their University's Cyberoam firewall. These students report being unable 
to access the Tor network even when using the Pluggable Transports Browser with obfs3
bridges. This issue is ongoing, but a bug ticket has been opened [XXX].

 [XXX]: https://lists.torproject.org/pipermail/tor-talk/2013-August/029614.html
Miscellaneous news
 [XXX]: https://bugs.torproject.org/projects/tor/ticket/9601

 
------------------

Jacob Appelbaum inquired with VUPEN about the Tor Project having the right of first
refusal for Tor Browser bugs, in order to protect users [XXX].

 [XXX] http://storify.com/fredericjacobs/discussion-between-tor-s-ioerror-and-vupen-s-chaou

The proposed Tor page on Stack Exchange has now reached 100% commitment, and will soon
be launching as a live beta. Thanks to everyone who signed up! [XXX].

 [XXX] http://area51.stackexchange.com/proposals/56447/tor

sajolida reported on the latest Tails “low-hanging fruits session”. The date and a
tentative agenda for the next online contributors meeting have also been set [XXX].

 [XXX] https://mailman.boum.org/pipermail/tails-dev/2013-September/003703.html
 [XXX] https://mailman.boum.org/pipermail/tails-dev/2013-September/003696.html

While GSoC entered its final phase, Kostas Jakeliunas reported on the searchable
metrics archive [XXX], Johannes Fürmann on EvilGenius [XXX], and Cristian-Matei Toader
on Tor capabilities [XXX].

 [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005483.html
 [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005484.html
 [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-September/005490.html

Upcoming events
---------------

Sep 28-29 | Tor mini-hackathon at GNU 30th Anniversary Celebration
          | MIT, Cambridge, Massachusetts
          | https://gnu.org/gnu30/celebration
          |
Sep 29    | Colin at the Winnipeg Cryptoparty
          | Winnipeg, Manitoba, Canada
          | http://wiki.skullspace.ca/index.php/CryptoParty
          |
Sep 29-01 | Tor at OpenITP Circumvention Tech Summit IV
          | Berlin, Germany
          | https://www.openitp.org/openitp/circumvention-tech-summit.html
          |
Sep 30    | Congress on Privacy & Surveillance
          | Lausanne, Switzerland
          | http://ic.epfl.ch/privacy-surveillance


This issue of Tor Weekly News has been assembled by Lunar, harmony, dope457, 
Jacob Appelbaum, and XXX

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [XXX], write down your
name and subscribe to the team mailing list [XXX] if you want to
get involved!

  [XXX] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
  [XXX] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team

Possible items :