Changes between Version 40 and Version 41 of TorWeeklyNews/2013/2


Ignore:
Timestamp:
Jul 17, 2013, 12:10:13 PM (6 years ago)
Author:
lunar
Comment:

sent

Legend:

Unmodified
Added
Removed
Modified
  • TorWeeklyNews/2013/2

    v40 v41  
    33'''Editor for this week:''' Lunar
    44
    5 '''Status:''' ''Frozen! — '''only language edits allowed''''', publication due on 2013-07-17 12:00 UTC. New items should go on [wiki:TorWeeklyNews/2013/3 next week newsletter].
    6 
    7 '''Subject:''' Tor Weekly News — July, 17th 2013
    8 
    9 {{{
    10 ========================================================================
    11 Tor Weekly News                                          July, 17th 2013
    12 ========================================================================
    13 
    14 Welcome to the third issue of Tor Weekly News, the weekly
    15 newsletter meant to cover what is happening in the amazing Tor
    16 community.
    17 
    18 Last call for testing Tor 0.2.4 branch
    19 --------------------------------------
    20 
    21 Roger Dingledine notified tor-talk [XXX] that there are new versions of the
    22 Tor Browser Bundle, dubbed 2.4.15-beta-1, that are ready to be tested:
    23 “If all goes well, we'll be calling the Tor 0.2.4 branch stable very
    24 soon. So now is the perfect time to let us know that it broke for you.”
    25 
    26 He also added “to be clear, it is the Tor part of the Tor Browser
    27 Bundle that needs testing. We know there are a growing pile of bugs
    28 in Vidalia, as well as a set of issues in Torbutton. Both of these
    29 should improve with the TBB 3.0 release. But that is a separate thread.”
    30 
    31  [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-July/028934.html
    32  [XXX] https://www.torproject.org/projects/torbrowser.html.en#Download-torbrowserbundlealpha
    33 
    34 Tor Hack Day, Munich, Germany
    35 -----------------------------
    36 
    37 Meet the people who spend their day making Tor a reality. Join them for
    38 a public hack day [XXX] on Friday, July 26, 2013 in Munich, Germany at the
    39 Technische Universität München [XXX].
    40 
    41 The agenda and conversations will be determined by you and Tor's team
    42 of developers and researchers - so bring your ideas, questions, projects,
    43 and technical expertise with you!
    44 
    45  [XXX] https://blog.torproject.org/blog/join-us-tor-hack-day-munich-germany
    46  [XXX] http://www.tum.de
    47 
    48 13th Privacy Enhancing Technologies Symposium
    49 ---------------------------------------------
    50 
    51 Many academic researchers and students interested in anonymity are already
    52 working with Tor. They also are part of a broader community of academics
    53 that gather every year during the Privacy Enhancing Technologies
    54 Symposium [XXX]. The 13th edition was held in Bloomington, Indiana, USA
    55 and was again well attended.
    56 
    57 Several Tor developers were among the crowd of around 130 attendees (this
    58 makes it a new record or very close). On the first day, the first
    59 workshop on Privacy Enhancing Tools (PETools) [XXX] was held, in which
    60 Roger Dingledine was invited to talk about “Lessons from Tor: How to
    61 Help Developers and Researchers Improve your Privacy Tool.”
    62 
    63 During the next two days, researchers presented the selected papers.
    64 Two of them are directly relevant to the development of the
    65 Tor network:
    66 
    67 Mashael Alsabah, Kevin Bauer, Tariq Elahi, and Ian Goldberg presented
    68 Conflux [XXX], “a dynamic traffic-splitting approach that assigns
    69 traffic to an overlay path based on its measured latency. […] Conflux
    70 considerably increases performance for clients using low-bandwidth
    71 bridges.” A thread on tor-talk [XXX] discusses effects of Conflux on
    72 website fingerprinting.
    73 
    74 John Geddes, Rob Jansen, and Nicholas Hopper studied [XXX] “balancing
    75 performance with anonymity in Tor”. They have “investigated the
    76 effects of proposed [performance enhancing] modifications on attacks
    77 that rely on network measurements as a side channel.” The paper
    78 concluded with “an analysis of the total reduction in anonymity that
    79 clients face due to each proposed mechanism.”
    80 
    81 Other papers are relevant to the wider set of Tor problems:
    82 
    83 David Fifield, Gabi Nakibly, and Dan Boneh have looked at [XXX]
    84 “web-based online scanning service […] that can be covertly used
    85 as proxies in a censorship circumvention system.” The system they
    86 describe is already “available as an experimental rendezvous for the
    87 flash proxy system [XXX] and is part of Tor's pluggable-transports
    88 web browser bundles starting with the 2.4.11-alpha-1 release [XXX].”
    89 
    90 Amir Houmansadr and Nikita Borisov presented [XXX] an analysis of
    91 how practical it is to “reliably fingerprint millions of network
    92 flows by tagging only as few as tens of packets from each flow.”
    93 
    94 An extra day was dedicated to the HotPETs workshop, intended to
    95 “foster new ideas, spirited debates, and controversial perspectives
    96 on privacy (and lack thereof).” Among other interesting
    97 submissions, Wenxuan Zhou, Amir Houmansadr, Matthew Caesar, and
    98 Nikita Borisov presented SWEET [XXX], a way to encapsulate "a
    99 censored user’s traffic inside email messages that are
    100 carried over by typical email service providers".
    101 
    102 All papers presented during the conference are available for
    103 download from the program page.
    104 
    105 The next edition of PETS will be help July 16-18, 2014, in Amsterdam.
    106 
    107  [XXX] http://petsymposium.org/
    108  [XXX] http://petsymposium.org/2013/program.php
    109  [XXX] http://petools.soic.indiana.edu/
    110  [XXX] http://freehaven.net/anonbib/papers/pets2013/paper_65.pdf
    111  [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-July/028950.html
    112  [XXX] http://freehaven.net/anonbib/papers/pets2013/paper_80.pdf
    113  [XXX] http://freehaven.net/anonbib/papers/pets2013/paper_29.pdf
    114  [XXX] https://crypto.stanford.edu/flashproxy/
    115  [XXX] https://www.torproject.org/projects/obfsproxy.html#download
    116  [XXX] http://freehaven.net/anonbib/papers/pets2013/paper_71.pdf
    117  [XXX] http://petsymposium.org/2013/papers/zhou-censorship.pdf
    118 
    119 Hardware for high bandwidth relay
    120 ---------------------------------
    121 
    122 Andreas Fink asked [XXX] for hints on hardware that could support “big fat
    123 tor exit nodes connected with multiple 1gbps or 10gps links”.
    124 
    125 Andy Isaacson answered [XXX] that Noisetor [XXX] uses "most of a 4-core
    126 X3350 2.6 GHz to push ~500 Mbps symmetric. That's without AES-NI."
    127 Mike Perry and Moritz Bartl then both confirmed that modern Intel Xeon
    128 CPUs with AES-NI could do 300 Mbit/s per core.
    129 
    130  [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-July/002241.html
    131  [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-July/002241.html
    132  [XXX] http://noisetor.net/
    133 
    134 Blocking GFW probes on the firewall
    135 -----------------------------------
    136 
    137 Marek Majkowski suggests how to resist Chinese effort to scan Tor relays
    138 and bridges [XXX] using a firewall [XXX]. Somewhere in the past month the
    139 Great Firewall of China started to actively probe the destination of any
    140 traffic that looked like a Tor bridge, plain or obfs2. If a handshake is
    141 successful, the connection is reset and the bridge address put on a blacklist.
    142 
    143 As the probe sequence is static, Marek identified the incoming connection
    144 and gave rules for the netfilter Linux firewall to filter them out.
    145 
    146 If you run a bridge under Linux, please give them a try!
    147 
    148  [XXX] http://www.cs.kau.se/philwint/pdf/foci2012.pdf
    149  [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-July/028897.html
    150 
    151 Is it worth running a relay on a home broadband connection?
    152 -----------------------------------------------------------
    153 
    154 Nick asked [XXX] on the tor-relays mailing-list: “I have a reasonable ADSL
    155 connection, and a little always-on server.  The bandwidth is in the
    156 region of 2Mib/s down, something less up (maybe 256Kib/s). Is it
    157 useful for me to run a tor relay with this bandwidth?”
    158 
    159 Lunar pointed out [XXX] that a relay with this capacity was “likely to be
    160 selected as a middle node 1 time out of 10000 circuits, if not less…”
    161 
    162 Roger Dingledine drew the cut [XXX]: "at this point if you're at least 800kbit
    163 (100KBytes/s) each way, it's useful to be a relay." He also detailed the
    164 current thresholds for the Stable and Guard flags.
    165 
    166 Roger mentioned connections can still be of use though: ”a bridge is a fine
    167 thing to run on a connection with 250KBytes down and 32KBytes up.” And maybe
    168 even more in the future as "we might end up with a system like Conflux [XXX]
    169 to let you glue together two slow bridges and get better throughput."
    170 
    171  [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-July/002240.html
    172  [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-July/002249.html
    173  [XXX] https://lists.torproject.org/pipermail/tor-relays/2013-July/002255.html
    174  [XXX] http://freehaven.net/anonbib/#pets13-splitting
    175 
    176 Using Mumble with Tor
    177 ---------------------
    178 
    179 David H. wrote a tutorial [XXX] on how to configure Mumble to use the Tor network
    180 on Ubuntu. This tutorial includes setting up a server using Amazon EC2. During the
    181 discussion, adrelanos came up with his own tutorial [XXX] on anonymous VoIP which
    182 focuses on installing Mumble on Whonix behind an hidden service.
    183 
    184 Feel free to follow the discussion on tor-talk [XXX].
    185 
    186  [XXX] http://huertanix.tumblr.com/post/55261352264/location-anonymous-voice-communication-a-step-by-step
    187  [XXX] https://whonix.org/wiki/Voip
    188  [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-July/028939.html
    189 
    190 Miscellaneous development news
    191 ------------------------------
    192 
    193 OONI has published a detailed report [XXX] on how Zambia is currently censoring the
    194 grass roots online newspaper Zambian Watchdog [XXX].
    195 
    196 Nick Mathewson merged a way to mock C functions in tor unit tests. The “mocking
    197 methodology” has been described [XXX] as “the simplest thing that could work —
    198 it's one of the ones that festoon the code with macro salad, and uglifies the
    199 declarations of functions that are going to get mocked. It has the
    200 advantage of being portable, robust, and comprehensible.”
    201 
    202 Runa A. Sandvik announced [XXX] that she has disabled translations
    203 for Vidalia on Transifex as "translators should not work
    204 on resources which are currently not being maintained by a developer."
    205 
    206 Three GSoC students have sent updates: Johannes Fürmann on the
    207 EvilGenius censorship simulation project [XXX], Robert on Tor path
    208 generation and Stream-RTT probing [XXX], and Hareesan on the
    209 steganography browser addon [XXX].
    210 
    211  [XXX] https://ooni.torproject.org/zambia-a-country-under-deep-packet-inspection.html
    212  [XXX] https://zambianwatchdog.com
    213  [XXX] https://trac.torproject.org/projects/tor/ticket/8949#comment:1
    214  [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-July/005129.html
    215  [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-July/005140.html
    216  [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-July/005141.html
    217  [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-July/005143.html
    218 
    219 Upcoming events
    220 ---------------
    221 
    222 Jul 22-26 | Tor annual dev. meeting
    223           | München, Germany
    224           | https://trac.torproject.org/projects/tor/wiki/org/meetings/2013SummerDevMeeting
    225           |
    226 Jul 26    | Tor Hack Day
    227           | München, Germany
    228           | https://blog.torproject.org/blog/join-us-tor-hack-day-munich-germany
    229           |
    230 Jul 31-05 | Tor at OHM
    231           | Geestmerambacht, Netherlands
    232           | https://ohm2013.org/
    233           |
    234 Aug 1-4   | Runa Sandvik @ DEF-CON 21
    235           | Rio Hotel, Las Vegas, USA
    236           | https://www.defcon.org/html/defcon-21/dc-21-index.html
    237 
    238 
    239 
    240 This issue of Tor Weekly News has been assembled by Lunar, luttigdev,
    241 dope457, whabib, and Roger Dingledine.
    242 
    243 Want to continue reading TWN? Please help us create this newsletter.
    244 We still need more volunteer writers who watch the Tor community
    245 and report important news. Please see the project page [XXX]
    246 and write down your name if you want to get involved!
    247 
    248 [XXX] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
    249 }}}
    250 Other possible items:
    251 
    252  * djb's better version of obfs3 http://cr.yp.to/papers.html#elligator
     5'''Status:''' ''[https://lists.torproject.org/pipermail/tor-talk/2013-July/028996.html Sent!]''