Changes between Version 42 and Version 43 of TorWeeklyNews/2013/7


Ignore:
Timestamp:
Aug 21, 2013, 12:54:39 PM (4 years ago)
Author:
lunar
Comment:

sent!

Legend:

Unmodified
Added
Removed
Modified
  • TorWeeklyNews/2013/7

    v42 v43  
    33'''Editor:''' Lunar
    44
    5 '''Status:''' '''FROZEN'''. Changes should go to [wiki:TorWeeklyNews/2013/8 next week edition]. Expected release time 2013-08-21 12:00 UTC. ''
    6 
    7 '''Subject:''' Tor Weekly News — August, 21st 2013
    8 
    9 {{{
    10 ========================================================================
    11 Tor Weekly News                                        August 21st, 2013
    12 ========================================================================
    13 
    14 Welcome to the eighth issue of Tor Weekly News, the weekly newsletter
    15 that covers what is happening in the great Tor community.
    16 
    17 Future of pluggable transports integration
    18 ------------------------------------------
    19 
    20 While David Fifield was busy updating the Pluggable Transports Bundle to
    21 match the “classic” bundle version 0.2.4.16-beta-1 [1], several
    22 discussions took place on how to better integrate pluggable transports
    23 in the future.
    24 
    25 bastik opened #9444 [2], pointing out that “currently TBB with Pluggable
    26 Transports are build separately, thus lagging behind”. Having two
    27 separate bundles is also a long standing usability issue, as often users
    28 have tried to add “obfs” bridges to their normal TBB [3].
    29 
    30 Mike Perry is fully aware of the issue and stated in the discussion that
    31 his “long term goal is to try to cram all of the pluggable transports
    32 into The One True Bundle.”
    33 
    34 This will require modifications to the new “Tor Launcher” component of
    35 the TBB 3.x series in order to allow users to select the bridges and
    36 pluggable transports they wish to use. Compromises might be needed on
    37 how users should input bridges. BridgeDB recently stopped having the
    38 “bridge” keyword in front of the addresses it replies [4] with as
    39 Vidalia would not understand it. Mike Perry was thinking in exactly the
    40 opposite direction: “take bridge lines directly from bridgedb […]
    41 verifying only that they start with ‘bridge’”. Maybe the transition
    42 could be easier if Florian Stinglmayr’s patch to Vidalia [5] was merged
    43 so that current bundles would ignore the “bridge” keyword when entering
    44 bridges [6].
    45 
    46 In any case, Mike wants to solve these issues “before we release as
    47 beta/stable, to minimize user confusion.”
    48 
    49 Another tricky part of the “One True Bundle” solution is the bundle
    50 size, making it harder to circumvent download restrictions through
    51 email [7]. But, as Mike said, “even if they don’t, we’ll probably have
    52 to find some other solution anyway for gettor, because the intersection
    53 of gettor users and PT users is probably high.”
    54 
    55    [1] https://www.torproject.org/docs/pluggable-transports.html.en
    56    [2] https://bugs.torproject.org/9444
    57    [3] https://bugs.torproject.org/9156
    58    [4] https://gitweb.torproject.org/user/isis/bridgedb.git/commit/792cfd9
    59    [5] https://github.com/n0la/vidalia/tree/master-bug/6724
    60    [6] https://bugs.torproject.org/6724
    61    [7] https://www.torproject.org/projects/gettor.html
    62 
    63 Extended ORPort land in tor 0.2.5
    64 ---------------------------------
    65 
    66 After more than a year and a half in the making, the Extended ORPort
    67 mechanism [8] has been merged by Nick Mathewson into the tor master
    68 branch [9]. This will allow pluggable transport proxies to exchange
    69 arbitrary operational information and metadata with tor clients and
    70 bridges.
    71 
    72 Such plumbing was needed in order to make some pluggable transports
    73 easier to use or to allow Tor to gather more data about the state of
    74 the transports used.
    75 
    76 obfsproxy has supported this new communication channel [10] for a
    77 little while and was only waiting for tor to catch up. George
    78 Kadianakis thus asked obfsbridge operators to upgrade their tor to git
    79 master to enable client statistics [11].
    80 
    81 Once they do, their bridges will send statistics on users per transport
    82 to the bridge authority, and they will be published on
    83 metrics.torproject.org [12]. This helps track deployment of pluggable
    84 transports in the future.
    85 
    86    [8] https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/196-transport-control-ports.txt
    87    [9] https://gitweb.torproject.org/tor.git/commit/74262f15
    88   [10] https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/blob/HEAD:/obfsproxy/network/extended_orport.py
    89   [11] https://lists.torproject.org/pipermail/tor-relays/2013-August/002477.html
    90   [12] https://metrics.torproject.org/users.html?graph=userstats-bridge-transport&transport=obfs3#userstats-bridge-transport
    91 
    92 A new implementation for the web side of check.torproject.org
    93 -------------------------------------------------------------
    94 
    95 Arlo Breault wrote a new implementation for the web component of
    96 check.torproject.org in the Go programming language [13], in response
    97 to Roger Dingledine’s appeal: “Check could really use some love. Any
    98 volunteers please?”. [14,15]
    99 
    100 There is already a ticket to replace the check.torproject.org servers
    101 with Arlo’s Go version [16]. Andrew Lewman stated again that “As for
    102 check.tpo website, it shouldn’t exist at all”, as it is an architectural
    103 issue to “have the entire tor browser userbase hit a single website to
    104 learn ’Tor or not’”. Until all clients are changed to stop using check,
    105 deploying a new code base would only make sense if it was at least able
    106 to handle “500 requests per second on really busy times”. More
    107 benchmarks are probably needed with Arlo’s implementation.
    108 
    109 On another front, tup, the initial author of TorDNSEL [17], has
    110 resurfaced to offer [18] to update the code to work with newer Haskell
    111 environments after many years of silence!
    112 
    113   [13] https://github.com/arlolra/check/
    114   [14] https://lists.torproject.org/pipermail/tor-talk/2013-August/029306.html
    115   [15] https://bugs.torproject.org/9529
    116   [16] https://gitweb.torproject.org/tordnsel.git/commit/99d490
    117   [17] https://bugs.torproject.org/9204#comment:14
    118 
    119 Tor exit crowdfunding
    120 ---------------------
    121 
    122 Moritz Bartl from torservers.net [18] posted an update [19] on their
    123 ongoing crowdfunding campaign to support Tor exit bandwidth. The fund
    124 just went over €3000, and there are still a few days left!
    125 
    126 For more information, and ways to contribute, please visit the Indiegogo
    127 page [20].
    128 
    129   [18] https://www.torservers.net/
    130   [19] https://lists.torproject.org/pipermail/tor-talk/2013-August/029431.html
    131   [20] http://www.indiegogo.com/projects/tor-anti-censorship-and-anonymity-infrastructure/
    132 
    133 A Flattr-like incentive for Tor relays?
    134 ---------------------------------------
    135 
    136 While torservers.net is presently collecting euros, George Kadianakis
    137 asked for comments from the Tor community about “a practical crowdfunded
    138 Flattr-like incentive scheme for Tor relays”, dubbed Flattor [21].
    139 
    140 George’s proposal is meant to solve “one of the problems of scaling Tor
    141 to tens of millions of users”, that “Tor’s bandwidth capacity is
    142 finite”.  He observes that “lately the bandwidth coming out of
    143 Tor-friendly organizations (like torservers.net, universities, etc.)
    144 seems to increase” and is worried that “Tor might end up looking like
    145 the Bitcoin network — where a number of organizations (mining pools)
    146 drive the network.”
    147 
    148 What George would like to see is incentives for contributing to the
    149 network.  After studying schemes proposed in the past, all deemed “hard
    150 to implement and deploy”, George proposes a simple approach: users can
    151 opt to spend a fixed amount of bitcoins to support the Tor network, and
    152 their donation will be divided according to the bandwidth of each relay.
    153 Obviously, relay operators who wish to receive such contributions would
    154 need to publish a bitcoin address, probably in the “contact” field.
    155 
    156 There might be some concerns with such scheme, or any monetary
    157 incentives scheme, as George summarized: “If relay operators start
    158 getting money for their bandwidth, we might end up with relay operators
    159 that are just in for the money.  It might then be easier for a
    160 three-letter org to persuade those relay operators to snoop on their
    161 users (by giving them double the money they are currently getting).”
    162 
    163 Moritz Bartl commented [22] that the idea was already quite close to
    164 torservers.net current plan, to the extent that donations
    165 were distributed “across all participating organizations based on […]
    166 advertised bandwidth and a country-specific factor.” Moritz also pointed
    167 out that similar discussions had already happened in the past when a
    168 sponsor wished to fund faster exit relays [23].
    169 
    170 George concluded his mail by saying that he is “not even sure if such an
    171 incentive scheme is a good idea, but posting bad ideas to mailing lists
    172 is what the Internet is for, right?”
    173 
    174 Feel free to join the discussion, or hack wildly.
    175 
    176   [21] https://lists.torproject.org/pipermail/tor-talk/2013-August/029419.html
    177   [22] https://lists.torproject.org/pipermail/tor-talk/2013-August/029421.html
    178   [23] https://blog.torproject.org/blog/turning-funding-more-exit-relays
    179 
    180 Miscellaneous news
    181 ------------------
    182 
    183 The new release of Orbot 12.0.3 comes with a shiny new icon and
    184 graphics, bugfixes, and Tor 0.2.4.16-rc. You can download the update via
    185 Google Play [24] or straight from Guardian Project’s website [25].
    186 
    187   [24] https://play.google.com/store/apps/details?id=org.torproject.android
    188   [25] https://guardianproject.info/releases/orbot-latest.apk
    189 
    190 Andrew Lewman has published the financial reports of the Tor Project for
    191 the year 2012 [26].
    192 
    193   [26] https://blog.torproject.org/blog/transparency-openness-and-our-2012-financial-docs
    194 
    195 Arturo has sent his report for July 2013 [27].
    196 
    197   [27] https://lists.torproject.org/pipermail/tor-reports/2013-August/000313.html
    198 
    199 Runa Sandvik reported on her trip to Black Hat & DEF CON [28]. She
    200 managed to fill “the Penn & Teller theater (~1500 people)” for a
    201 talk [29] about “the safety of the Tor network which focused on network
    202 diversity, relay operators, and misbehaving relays.” The former Tor GSoC
    203 student Brandon Wiley also gave an update [30] on Dust — “an Internet
    204 protocol designed to resist a number of attacks currently in active use
    205 to censor Internet communication.” [31]
    206 
    207   [28] https://lists.torproject.org/pipermail/tor-reports/2013-August/000312.html
    208   [29] https://www.defcon.org/html/defcon-21/dc-21-speakers.html#Sandvik
    209   [30] https://www.defcon.org/html/defcon-21/dc-21-speakers.html#Wiley
    210   [31] https://github.com/blanu/Dust/
    211 
    212 Karsten Loesing has made progress on “experimenting with a client and
    213 private bridge connected over uTP” [32]. The connection can be
    214 established, but strange timing issues remain to be solved.
    215 
    216   [32] https://trac.torproject.org/projects/tor/ticket/9166#comment:23
    217 
    218 George Kadianakis has sent two new proposals to improve hidden service
    219 identity key security [33] and prevent address enumeration [34]. TWN
    220 will cover these proposals in detail once the draft deployment strategy
    221 is published. Feel free to help refine the proposals in the meantime!
    222 
    223   [33] https://lists.torproject.org/pipermail/tor-dev/2013-August/005279.html
    224   [34] https://lists.torproject.org/pipermail/tor-dev/2013-August/005280.html
    225 
    226 Help Desk Roundup
    227 -----------------
    228 
    229 Users experience confusion when trying to update the Tor Browser Bundle.
    230 Users are not always aware that the Tor Browser Bundle does not have an
    231 autoupdate function. Some users will download the latest release from
    232 the Tor Project website, then ask “Ok, what do I do now?”. We recommend
    233 closing the browser, then deleting one’s current Tor Browser folder
    234 before unpacking the new download.
    235 
    236 One person asked for help while using the Pirate Browser.
    237 Torrent-sharing website The Pirate Bay released the Pirate Browser this
    238 week as a fork of the Tor Browser Bundle. The Pirate Browser is not
    239 endorsed or recommended by the Tor Project. It is unclear what the
    240 advantages are compared to using the Tor Browser Bundle and no source
    241 code is available.
    242 
    243 
    244 
    245 This issue of Tor Weekly News has been assembled by Lunar, dope457,
    246 malaparte, mttp, Karsten Loesing, and harmony.
    247 
    248 Want to continue reading TWN? Please help us create this newsletter.
    249 We still need more volunteers to watch the Tor community and report
    250 important news. Please see the project page [35], write down your
    251 name and subscribe to the team mailing-list [36] if you want to
    252 get involved!
    253 
    254   [35] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
    255   [36] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
    256 }}}
     5'''Status:''' [https://lists.torproject.org/pipermail/tor-news/2013-August/000008.html Sent!]