Changes between Version 34 and Version 35 of TorWeeklyNews/2014/11


Ignore:
Timestamp:
Mar 19, 2014, 12:52:54 PM (5 years ago)
Author:
lunar
Comment:

sent!

Legend:

Unmodified
Added
Removed
Modified
  • TorWeeklyNews/2014/11

    v34 v35  
    33'''Editor:''' Lunar
    44
    5 '''Status:''' Frozen! Only language and technical fixes accepted. New items should go in [wiki:TorWeeklyNews/2014/12 next week's edition]. Expected publication time: 2014-03-19 12:00 UTC.
    6 
    7 '''Subject:''' Tor Weekly News — March 19th, 2014
    8 
    9 {{{
    10 ========================================================================
    11 Tor Weekly News                                         March 19th, 2014
    12 ========================================================================
    13 
    14 Welcome to the eleventh issue of Tor Weekly News in 2014, the weekly
    15 newsletter that covers what is happening in the Tor community.
    16 
    17 Accessing the Tor network from China
    18 ------------------------------------
    19 
    20 In a new blog post “How to read our China usage graphs” [1], Roger
    21 Dingledine looks at the current situation of how Tor is able to
    22 circumvent censorship on Chinese Internet accesses. Indeed, if one only
    23 looks at the current bridge users graph [2], one might believe that Tor
    24 is not a solution for users in China.
    25 
    26 “The correct interpretation of the graph is ‘obfs3 bridges have not been
    27 deployed enough to keep up with the demand in China’. So it isn't that
    28 Tor is blocked — it's that we haven't done much of a deployment for
    29 obfs3 bridges or ScrambleSuit bridges, which are the latest steps in the
    30 arms race” writes Roger.
    31 
    32 The upcoming version — currently in QA phase [3] — of the Tor Browser
    33 will include support for the pluggable transports [4] obfs3 [5], FTE [6]
    34 and Flashproxy [7]. Having these transports ready to be used in a couple
    35 of clicks should help Chinese users.
    36 
    37 The “obfs3” protocol is still vulnerable to active probing attacks.  The
    38 deployment of its replacement, ScrambleSuit [8], is on-going.  As Roger
    39 highlighted, “we need to get more addresses”. Several ways have been
    40 thoughts in the past [9], but until there is more cooperation from ISP
    41 and network operators, your can make a difference by running a
    42 bridge [10] if you can!
    43 
    44 On another front, work is currently on-going on the bridge
    45 distributor [11] to improve how censored users can get a hand on bridge
    46 addresses. Yawning Angel also just released [12] the first version of
    47 obfsclient [13] which should help making ScrambleSuit available on
    48 Android devices. All in all, the Tor community can hope to welcome back
    49 more users from China in a near future.
    50 
    51    [1]: https://blog.torproject.org/blog/how-to-read-our-china-usage-graphs
    52    [2]: https://metrics.torproject.org/users.html?graph=userstats-bridge-country&start=2011-10-18&end=2014-01-16&country=cn#userstats-bridge-country
    53    [3]: https://lists.torproject.org/pipermail/tor-qa/2014-March/000364.html
    54    [4]: https://www.torproject.org/docs/pluggable-transports.html
    55    [5]: https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/blob/refs/heads/master:/doc/obfs3/obfs3-protocol-spec.txt
    56    [6]: https://fteproxy.org/
    57    [7]: https://crypto.stanford.edu/flashproxy/
    58    [8]: http://www.cs.kau.se/philwint/scramblesuit/
    59    [9]: https://blog.torproject.org/blog/strategies-getting-more-bridge-addresses
    60   [10]: https://lists.torproject.org/pipermail/tor-relays/2014-February/003886.html
    61   [11]: https://gitweb.torproject.org/bridgedb.git
    62   [12]: https://lists.torproject.org/pipermail/tor-dev/2014-March/006476.html
    63   [13]: https://github.com/Yawning/obfsclient
    64 
    65 Circumventing censorship through “too-big-too-block” websites
    66 -------------------------------------------------------------
    67 
    68 Late January, David Fifield introduced [14] a new pluggable transport
    69 called “meek” [15]. It can be described as “a transport that uses HTTP
    70 for carrying bytes and TLS for obfuscation. Traffic is relayed through a
    71 third-party server (Google App Engine). It uses a trick to talk to the
    72 third party so that it looks like it is talking to an unblocked server.”
    73 The approach is close to the GoAgent [16] proxy that has a certain
    74 popularity in China.
    75 
    76 With the current version, using Google App Engine, the transport
    77 requires no additional configuration. But David also mentioned that a
    78 PHP script [17] could also be a good candidate to relay the traffic.
    79 Combined to ScrambleSuit [18], it could allow “a real web site with real
    80 pages and everything” to be used as a bridge if a user can provide the
    81 shared secret.
    82 
    83 David has made available experimental versions [19] of the Tor Browser
    84 for anyone to try. The source code [20] has recently moved [21] to the
    85 Tor Project's infrastructure, and is ready for more eyes and fingers to
    86 play with it.
    87 
    88   [14]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006159.html
    89   [15]: https://trac.torproject.org/projects/tor/wiki/doc/meek
    90   [16]: https://trac.torproject.org/projects/tor/wiki/doc/GoAgent
    91   [17]: https://trac.torproject.org/projects/tor/ticket/10984
    92   [18]: http://www.cs.kau.se/philwint/scramblesuit/
    93   [19]: https://lists.torproject.org/pipermail/tor-qa/2014-February/000340.html
    94   [20]: https://gitweb.torproject.org/pluggable-transports/meek.git
    95   [21]: https://lists.torproject.org/pipermail/tor-dev/2014-March/006506.html
    96 
    97 Switching to a single guard node?
    98 ---------------------------------
    99 
    100 Last October, Roger Dingledine called for research on improving Tor's
    101 anonymity by changing guard parameters [22]. One of these parameters is
    102 the number of guard nodes used simultaneously by a Tor client.
    103 
    104 Following up on the paper written by Tariq Elahi et al. [23], Roger's
    105 blog post, and recent discussions during the winter dev. meeting,
    106 George Kadianakis made a detailed analysis of the implications of
    107 switching to a single guard node [24]. He studied the performance
    108 implications of switching to a single guard, the performance
    109 implications of raising the minimum guard bandwidth for both clients and
    110 the overall network, and how the change would affect the overall anonymity
    111 and fingerprintability of Tor users.
    112 
    113 Jumping to conclusions: “It seems that the performance implications of
    114 switching to 1 guard are not terrible. […] A guard bandwidth threshold
    115 of 2MB/s […] seems like it would considerably improve client performance
    116 without screwing terribly with the security or the total performance of
    117 the network. The fingerprinting problem will be improved in some cases,
    118 but still remains unsolved for many of the users […] A proper solution
    119 might involve guard node buckets [25]”.
    120 
    121 For a better understanding, be sure to look at George's work which
    122 includes graphs and proper explanations.
    123 
    124   [22]: https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters
    125   [23]: http://freehaven.net/~arma/cogs-wpes.pdf
    126   [24]: https://lists.torproject.org/pipermail/tor-dev/2014-March/006458.html
    127   [25]: https://trac.torproject.org/projects/tor/ticket/9273#comment:4
    128 
    129 Miscellaneous news
    130 ------------------
    131 
    132 George Kadianakis announced [26] obfsproxy version 0.2.7. The new
    133 release fixes an important bug [27] “where scramblesuit would basically
    134 reject clients if they try to connect a second time after a short amount
    135 of time has passed.” Bridge operators are strongly advised to upgrade
    136 from source [28], pip [29], or the upcoming Debian packages.
    137 
    138   [26]: https://lists.torproject.org/pipermail/tor-relays/2014-March/004074.html
    139   [27]: https://trac.torproject.org/projects/tor/ticket/11100
    140   [28]: https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/commit/6cdbc64
    141   [29]: https://pypi.python.org/pypi/obfsproxy/0.2.7
    142 
    143 The submission deadline for this year's Google Summer of Code [30] is
    144 the 21st: this Friday. Several students already showed up on the tor-dev
    145 mailing list, but as Damian Johnson says [31]: “If you're
    146 procrastinating until the last minute then please don't!”
    147 
    148   [30]: https://blog.torproject.org/blog/tor-google-summer-code-2014
    149   [31]: https://lists.torproject.org/pipermail/tor-dev/2014-March/006498.html
    150 
    151 Tails logo contest [32] is happily on-going. Several submissions have
    152 already been received and can be seen on the relevant blueprint [33].
    153 
    154   [32]: https://tails.boum.org/news/
    155   [33]: https://tails.boum.org/blueprint/logo/
    156 
    157 Kelley Misata and Karen Reilly attended the South by Southwest (SXSW)
    158 Interactive festival [34] in Austin, Texas.
    159 
    160   [34]: https://lists.torproject.org/pipermail/tor-reports/2014-March/000485.html
    161 
    162 Relay and bridge operators might be interested in Ramo's first
    163 release [35] of a Tor plugin for Nagios [36]. It can currently check for
    164 a page fetch through the SOCKS proxy port, the hibernation state, the
    165 current bandwidth, ORPort reachability, DirPort reachability, and the
    166 bytes remaining until hibernation.
    167 
    168   [35]: https://lists.torproject.org/pipermail/tor-relays/2014-March/004062.html
    169   [36]: https://github.com/goodvikings/tor_nagios
    170 
    171 Nicolas Vigier sent his monthly report for February [37].
    172 
    173   [37]: https://lists.torproject.org/pipermail/tor-reports/2014-March/000486.html
    174 
    175 Tails won the 2014 Endpoint Security prize [38] from Access. The prize
    176 recognizes [39] Tails “unique positive impact on the endpoint security
    177 of at-risk users in need”. Congrats!
    178 
    179   [38]: https://twitter.com/accessnow/status/441043400708857856 (better find other sources than a tweet though)
    180   [39]: https://www.accessnow.org/prize
    181 
    182 The Format-Transforming Encryption project at Portland State University
    183 received [40] an unexpected 100,000 USD grant from Eric Schmidt.
    184 
    185   [40]: http://www.oregonlive.com/silicon-forest/index.ssf/2014/03/psu_professor_wins_surprise_10.html
    186 
    187 Tor help desk roundup
    188 ---------------------
    189 
    190 The help desk has seen an increase in Russian language support requests
    191 amidst news that the Russian Federation began censoring a number of
    192 websites. Unfortunately, the help desk is not able to provide support in
    193 Russian for now. Changes in the number of Tor users by country can be
    194 observed on our metrics page [41].
    195 
    196   [41]: https://metrics.torproject.org/users.html
    197 
    198 Upcoming events
    199 ---------------
    200 
    201 Mar 19 19:00 UTC | little-t tor development meeting
    202                  | #tor-dev, irc.oftc.net
    203                  | https://lists.torproject.org/pipermail/tor-dev/2014-March/006513.html
    204                  |
    205 Mar 22-23        | Tor @ LibrePlanet 2014
    206                  | Cambridge, Massachusetts, USA
    207                  | http://libreplanet.org/2014/
    208                  |
    209 Apr 11 11:00 EDT | Roger @ George Mason University
    210                  | Washington, DC, USA
    211                  | http://today.gmu.edu/64330/
    212 
    213 
    214 This issue of Tor Weekly News has been assembled by Lunar,
    215 Matt Pagan and Karsten Loesing.
    216 
    217 Want to continue reading TWN? Please help us create this newsletter.
    218 We still need more volunteers to watch the Tor community and report
    219 important news. Please see the project page [42], write down your
    220 name and subscribe to the team mailing list [43] if you want to
    221 get involved!
    222 
    223   [42]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
    224   [43]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
    225 }}}
     5'''Status:''' [https://lists.torproject.org/pipermail/tor-news/2014-March/000037.html Sent!]