Version 39 (modified by lunar, 7 years ago) (diff)

mention the discussion on tor-dev about file verification tool

Thirteenth issue of Tor Weekly News. Covering what's happening from September 17th, 2013 to September 24th, 2013. To be released on September 25th, 2013.

Editor: dope457

Subject: Tor Weekly News — September 25th, 2013

Tor Weekly News                                     September 25th, 2013

Welcome to the thirteenth issue of Tor Weekly News, the weekly newsletter that
covers what's happening in the well-heeled Tor community.

Reimbursement of exit operators

In July 2012, Roger Dingledine wrote a post on the Tor blog [XXX] in which he
raised the prospect of offering funding to organizations running fast Tor exit
nodes. In so doing, Roger wrote, “we will improve the network's diversity as
well as being able to handle more users.” He also announced that donors were
already interested in financing such a scheme. Then, in April this year, Moritz
Bartl stated [XXX] that was looking to move away from establishing
additional exit nodes, in favor of providing support of various kinds to partner
organizations running their own exits.

These plans, and the discussion they provoked, are now about to bear fruit
in the form of a financial reimbursement scheme directed at's
partner organizations. Moritz wrote again on the the tor-relays list [XXX]
to announce that reimbursements are scheduled to begin at the end of this
month, drawn from a one-time donation by the U.S. Government's Broadcasting
Board of Governors.

The ensuing debate focused both on the technical aspects of reimbursement —
that is, how best to determine the division of funds based on information
harvested from the network metrics [XXX] — and the question of the security
issues that could potentially arise from such a scheme [XXX].

Moritz specified that currently the only organizations to qualify for
reimbursements are those that he personally knows: “so, if you're interested
in becoming a partner, start social interaction with me”, he wrote. Questions
or comments regarding these proposals are welcome on the tor-relays list, and
further announcements and discussion about the reimbursement system will be
published on its dedicated mailing lists [XXX].


Tails 0.20.1 is out

Tails saw its 33rd release on September 19th [XXX]. The most visible change
might be the upgrade of tor to version, which should result in
faster and more reliable access to the network after the sudden bump in
Tor clients [XXX]. 

Among other minor bugfixes and improvements, persistence volumes are now properly unmounted
on shutdown. This should prevent data loss in some situations, and avoid a sometimes lengthy
pause upon activation.

It also fixes several important security issues [XXX]. It is recommended that
all users upgrade as soon as possible [XXX].


New Tor Browser Bundles released

A new set of stable and beta Tor Browser Bundles was released [XXX] on September 20th.
The Tor Browser is now based on Firefox 17.0.9esr and fixes several important
security issues [XXX].

Queries for the default search engine, Startpage, are no longer subject to its
invasive “family filter” [XXX]. The beta branch also include an updated version of
HTTPS Everywhere that no longer causes a storm of requests to,
an issue reported by many users after the last release [XXX].

Once again, it is recommended that all users upgrade as soon as possible.


Tor mini-hackathon at GNU 30th Anniversary Celebration

Nick Mathewson sent an invitation [XXX] encouraging everyone to attend the GNU 30th Anniversary 
Celebration [XXX] on September 28th and 29th at MIT, Cambridge, MA, USA.
Part of the event is a hackathon and Tor is featured alongside a few other projects.
So if you want to spend some of the week-end to help the Tor community, sign up on the webpage [XXX] and come along! 


Clock skew: false alarm

Small offsets in system time offer an attractive opportunity for fingerprinting Tor
clients. In order to eliminate unnecessary exposure, Nick Mathewson has been working on
proposal 222 [XXX].

Unfortunately, this process introduced a bug into the tor daemon which became apparent
after the directory authority named “turtles” was upgraded. The result was that relays
started to warn their operators of an implausible clock skew [XXX]. This was, of course,
a false alarm.

The issue was quickly worked around, and fixed properly a few hours later [XXX].


Tor Help Desk Roundup

One user contacted the help desk for assistance running torbrowser, an application 
not affiliated with the Tor Project that attempts to mimic the Tor Browser Bundle. 
The torbrowser application violates the Tor Project's trademark, and the Tor Project 
encourages users to avoid it . Multiple Tor Project developers have contacted 
SourceForge, which hosts this application's website, attempting to get the project 
removed. Andrew Lewman has said that lawyers have now been engaged [XXX].

A number of University students continue contacting the help desk to report difficulties 
circumventing their University's Cyberoam firewall. These students report being unable 
to access the Tor network even when using the Pluggable Transports Browser with obfs3
bridges. One person reported success circumventing the firewall when using an obfsproxy
bridge on port 443. This issue is ongoing, but a bug report has been filed [XXX].


Miscellaneous news

Jacob Appelbaum inquired with VUPEN about the Tor Project having the right of first
refusal for Tor Browser bugs, in order to protect users [XXX].


The proposed Tor page on Stack Exchange has now reached 100% commitment, and will soon
be launching as a live beta. Thanks to everyone who signed up! [XXX].


sajolida reported on the latest Tails “low-hanging fruits session”. The date and a
tentative agenda for the next online contributors meeting have also been set [XXX].


While GSoC entered its final phase, Kostas Jakeliunas reported on the searchable
metrics archive [XXX], Johannes Fürmann on EvilGenius [XXX], and Cristian-Matei Toader
on Tor capabilities [XXX].


How can we provide Tor users an easy way to verify the signatures on Tor software?
Sherief Alaa has raised the question on the tor-dev mailing list when asking for
comments on plans to write a “small” GUI tool [XXX].


Upcoming events

Sep 28-29 | Tor mini-hackathon at GNU 30th Anniversary Celebration
          | MIT, Cambridge, Massachusetts
Sep 29    | Colin at the Winnipeg Cryptoparty
          | Winnipeg, Manitoba, Canada
Sep 29-01 | Tor at OpenITP Circumvention Tech Summit IV
          | Berlin, Germany
Sep 30    | Congress on Privacy & Surveillance
          | Lausanne, Switzerland

This issue of Tor Weekly News has been assembled by Lunar, harmony, dope457, 
Jacob Appelbaum, Matt Pagan, and XXX.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [XXX], write down your
name and subscribe to the team mailing list [XXX] if you want to
get involved!


Possible items :