Changes between Version 53 and Version 54 of TorWeeklyNews/2014/21


Ignore:
Timestamp:
May 27, 2014, 12:45:53 PM (4 years ago)
Author:
harmony
Comment:

numerize

Legend:

Unmodified
Added
Removed
Modified
  • TorWeeklyNews/2014/21

    v53 v54  
    1616--------------------------------
    1717
    18 Micah Lee published OnionShare [XXX], a program that “makes it simple to
     18Micah Lee published OnionShare [1], a program that “makes it simple to
    1919share a file securely using a password-protected Tor hidden service”. It
    2020originally ran only in Tails, but has now been made compatible with
    2121other GNU/Linux distros, Windows, and OS X. As part of that process,
    22 Micah wondered [XXX] about the best way to make the program work with a
     22Micah wondered [2] about the best way to make the program work with a
    2323Tor Browser or system tor process, as “I would really like to not be in
    24 the business of distributing Tor myself”. meejah [XXX] and David
    25 Stainton [XXX] responded with relevant details of the Stem [XXX] and
    26 txtorcon [XXX] controller libraries, which allow this kind of operation
    27 to take place via tor’s ControlPort.
    28 
    29  [XXX]: https://github.com/micahflee/onionshare
    30  [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006895.html
    31  [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006896.html
    32  [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006899.html
    33  [XXX]: https://stem.torproject.org/
    34  [XXX]: https://github.com/meejah/txtorcon
     24the business of distributing Tor myself”. meejah [3] and David
     25Stainton [4] responded with relevant details of the Stem [5] and
     26txtorcon [6] controller libraries, which allow this kind of operation to
     27take place via tor’s ControlPort.
     28
     29  [1]: https://github.com/micahflee/onionshare
     30  [2]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006895.html
     31  [3]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006896.html
     32  [4]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006899.html
     33  [5]: https://stem.torproject.org/
     34  [6]: https://github.com/meejah/txtorcon
    3535
    3636The “Tor and HTTPS” visualization made translatable
    3737---------------------------------------------------
    3838
    39 Lunar announced [XXX] the creation of a repository [XXX] for an
     39Lunar announced [7] the creation of a repository [8] for an
    4040SVG+Javascript version of the EFF’s interactive “Tor and HTTPS”
    41 visualization [XXX], which has proven useful in explaining to users the
     41visualization [9], which has proven useful in explaining to users the
    4242types of data that can be leaked or intercepted, and by whom, when using
    4343Tor or HTTPS (or both, or neither). As Lunar wrote, “The good news is
    44 that it’s translatable”: copies have so far been published in over twenty
    45 languages. The amount of translation required is very small, so if you'd
    46 like to contribute in your language then download the POT file [XXX] and
    47 submit a patch!
    48 
    49  [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-May/033001.html
    50  [XXX]: https://people.torproject.org/~lunar/tor-and-https/
    51  [XXX]: https://www.eff.org/pages/tor-and-https/
    52  [XXX]: https://gitweb.torproject.org/user/lunar/tor-and-https.git/blob/HEAD:/tor-and-https.pot
     44that it’s translatable”: copies have so far been published in over
     45twenty languages. The amount of translation required is very small, so
     46if you'd like to contribute in your language then download the POT
     47file [10] and submit a patch!
     48
     49  [7]: https://lists.torproject.org/pipermail/tor-talk/2014-May/033001.html
     50  [8]: https://people.torproject.org/~lunar/tor-and-https/
     51  [9]: https://www.eff.org/pages/tor-and-https/
     52 [10]: https://gitweb.torproject.org/user/lunar/tor-and-https.git/blob/HEAD:/tor-and-https.pot
    5353
    5454A Child’s Garden of Pluggable Transports
    5555----------------------------------------
    5656
    57 David Fifield published [XXX] “A Child’s Garden of Pluggable
    58 Transports” [XXX], a detailed visualization of different pluggable
     57David Fifield published [11] “A Child’s Garden of Pluggable
     58Transports” [12], a detailed visualization of different pluggable
    5959transport protocols, including “aspects of different transports that I
    6060think are hard to intuit, such as what flash proxy rendezvous looks
    6161like, and how transports look under the encrypted layer that is visible
    62 to a censor”. A few other transports supported by Tor [XXX] are not yet
     62to a censor”. A few other transports supported by Tor [13] are not yet
    6363discussed in the guide; “if you know how to run any of those transports,
    6464and you know an effective way to visualize it, please add it to the
    6565page”, wrote David.
    6666
    67  [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006891.html
    68  [XXX]: https://trac.torproject.org/projects/tor/wiki/doc/AChildsGardenOfPluggableTransports
    69  [XXX]: https://www.torproject.org/docs/pluggable-transports
     67 [11]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006891.html
     68 [12]: https://trac.torproject.org/projects/tor/wiki/doc/AChildsGardenOfPluggableTransports
     69 [13]: https://www.torproject.org/docs/pluggable-transports
    7070
    7171Miscellaneous news
    7272------------------
    7373
    74 Anthony G. Basile released [XXX] version 20140520 of tor-ramdisk [XXX],
     74Anthony G. Basile released [14] version 20140520 of tor-ramdisk [15],
    7575the micro Linux distribution “whose only purpose is to host a Tor server
    7676in an environment that maximizes security and privacy”. The new version
     
    8080recommended”.
    8181
    82  [XXX]: http://opensource.dyc.edu/pipermail/tor-ramdisk/2014-May/000131.html
    83  [XXX]: http://opensource.dyc.edu/tor-ramdisk
    84 
    85 Cure53 audited the security [XXX] of the Onion Browser [XXX], a web
     82 [14]: http://opensource.dyc.edu/pipermail/tor-ramdisk/2014-May/000131.html
     83 [15]: http://opensource.dyc.edu/tor-ramdisk
     84
     85Cure53 audited the security [16] of the Onion Browser [17], a web
    8686browser for iOS platforms tunneling traffic through Tor. From the
    8787conclusion: “we believe that the Onion Browser project is on the right
     
    8989appropriately ‘ripe’ for usage in actually privacy-relevant and
    9090critically important scenarios.” All reported issues should have been
    91 fixed in release 1.5 [XXX] on May 14th.
    92 
    93  [XXX]: https://cure53.de/pentest-report_onion-browser.pdf
    94  [XXX]: https://mike.tig.as/onionbrowser/
    95  [XXX]: https://mike.tig.as/onionbrowser/security/#v1_5
    96 
    97 A new pluggable transport, currently named obfs4 [XXX], is being crafted by
    98 Yawning Angel: “obfs4 is ScrambleSuit with djb crypto. Instead of obfs3 style
    99 UniformDH and CTR-AES256/HMAC-SHA256, obfs4 uses a combination of
    100 Curve25519, Elligator2, HMAC-SHA256, XSalsa20/Poly1305 and SipHash-2-4”.
    101 The feature set offered by obfs4 is comparable to ScrambleSuit, with minor
    102 differences. Yawning is now asking the community for comments, reviews, and
    103 tests [XXX].
    104 
    105  [XXX]: https://github.com/Yawning/obfs4
    106  [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006897.html
     91fixed in release 1.5 [18] on May 14th.
     92
     93 [16]: https://cure53.de/pentest-report_onion-browser.pdf
     94 [17]: https://mike.tig.as/onionbrowser/
     95 [18]: https://mike.tig.as/onionbrowser/security/#v1_5
     96
     97A new pluggable transport, currently named obfs4 [19], is being crafted
     98by Yawning Angel: “obfs4 is ScrambleSuit with djb crypto. Instead of
     99obfs3 style UniformDH and CTR-AES256/HMAC-SHA256, obfs4 uses a
     100combination of Curve25519, Elligator2, HMAC-SHA256, XSalsa20/Poly1305
     101and SipHash-2-4”. The feature set offered by obfs4 is comparable to
     102ScrambleSuit, with minor differences. Yawning is now asking the
     103community for comments, reviews, and tests [20].
     104
     105 [19]: https://github.com/Yawning/obfs4
     106 [20]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006897.html
    107107
    108108Stem now offers a control interpreter, “a new method for interacting
    109109with Tor’s control interface that combines an interactive python
    110 interpreter with raw access similar to telnet” [XXX]. Damian Johnson
    111 wrote a new tutorial [XXX] to give an overview of what can be done with it.
    112 
    113  [XXX]: https://blog.torproject.org/blog/new-feature-tor-interpreter
    114  [XXX]: https://stem.torproject.org/tutorials/down_the_rabbit_hole.html
    115 
    116 Also on the controller front, Yawning Angel hacked on or-applet [XXX],
    117 a Gtk+ system tray applet to monitor Tor circuits.
    118 
    119  [XXX]: https://github.com/yawning/or-applet
     110interpreter with raw access similar to telnet” [21]. Damian Johnson
     111wrote a new tutorial [22] to give an overview of what can be done with
     112it.
     113
     114 [21]: https://blog.torproject.org/blog/new-feature-tor-interpreter
     115 [22]: https://stem.torproject.org/tutorials/down_the_rabbit_hole.html
     116
     117Also on the controller front, Yawning Angel hacked on or-applet [23], a
     118Gtk+ system tray applet to monitor Tor circuits.
     119
     120 [23]: https://github.com/yawning/or-applet
    120121
    121122Arlo Breault is making progress on the Tor Instant Messenger Bundle: a
    122 minimalistic user interface for OTR encryption in Instantbird [XXX], one
     123minimalistic user interface for OTR encryption in Instantbird [24], one
    123124of the key features missing from the finished software, has now been
    124125implemented.
    125126
    126  [XXX]: https://bugs.torproject.org/11533
    127 
    128 Nicolas Vigier has been working [XXX] on improving the Mbox sandboxing
    129 environment [XXX] to test the Tor Browser for disk or network leaks.
    130 
    131  [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006911.html
    132  [XXX]: https://github.com/tsgates/mbox/
    133 
    134 Israel Leiva published [XXX] the initial version of a design
    135 proposal [XXX] for the “Revamp GetTor” Google Summer of Code project,
     127 [24]: https://bugs.torproject.org/11533
     128
     129Nicolas Vigier has been working [25] on improving the Mbox sandboxing
     130environment [26] to test the Tor Browser for disk or network leaks.
     131
     132 [25]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006911.html
     133 [26]: https://github.com/tsgates/mbox/
     134
     135Israel Leiva published [27] the initial version of a design
     136proposal [28] for the “Revamp GetTor” Google Summer of Code project,
    136137having concluded that a full rewrite is needed.
    137138
    138  [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006903.html
    139  [XXX]: https://github.com/ileiva/gettor/blob/master/spec/overview.txt
    140 
    141 Juha Nurmi submitted [XXX] the first weekly report for the ahmia.fi GSoC
     139 [27]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006903.html
     140 [28]: https://github.com/ileiva/gettor/blob/master/spec/overview.txt
     141
     142Juha Nurmi submitted [29] the first weekly report for the ahmia.fi GSoC
    142143project.
    143144
    144  [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-May/000536.html
    145 
    146 kzhm sent out [XXX] instructions for installing obfsproxy on Fedora 20,
    147 to go with those for other Linux distributions [XXX].
    148 
    149  [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-May/033032.html
    150  [XXX]: https://www.torproject.org/projects/obfsproxy-instructions.html
    151 
    152 AddressSanitizer [XXX] (ASan) is a powerful memory error detector: software
    153 built with such technology makes it a lot harder to exploit programming errors
    154 related to memory management. Happily, Georg Koppen has announced [XXX]
    155 the first test packages of the Tor Browser built with ASan hardening.
    156 
    157  [XXX]: https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer
    158  [XXX]: https://lists.torproject.org/pipermail/tor-qa/2014-May/000414.html
    159 
    160 Karsten Loesing is planning on spinning off the directory archive
    161 from the metrics portal [XXX].
    162 
    163  [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006909.html
     145 [29]: https://lists.torproject.org/pipermail/tor-reports/2014-May/000536.html
     146
     147kzhm sent out [30] instructions for installing obfsproxy on Fedora 20,
     148to go with those for other Linux distributions [31].
     149
     150 [30]: https://lists.torproject.org/pipermail/tor-talk/2014-May/033032.html
     151 [31]: https://www.torproject.org/projects/obfsproxy-instructions.html
     152
     153AddressSanitizer [32] (ASan) is a powerful memory error detector:
     154software built with such technology makes it a lot harder to exploit
     155programming errors related to memory management. Happily, Georg Koppen
     156has announced [33] the first test packages of the Tor Browser built with
     157ASan hardening.
     158
     159 [32]: https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer
     160 [33]: https://lists.torproject.org/pipermail/tor-qa/2014-May/000414.html
     161
     162Karsten Loesing is planning on spinning off the directory archive from
     163the metrics portal [34].
     164
     165 [34]: https://lists.torproject.org/pipermail/tor-dev/2014-May/006909.html
    164166
    165167Tor help desk roundup
    166168---------------------
    167169
    168 Multiple Mac OS X users complained that despite seeing the “Congratulations”
    169 welcome page, they were unable to reach any website with the Tor Browser.
    170 It appears that with a recent update, the Sophos anti-virus solution
    171 interferes with the Tor Browser. In order to be able to use the Tor Browser
    172 again, one must open Sophos Anti-Virus, then “Preferences”, and in the
    173 “Web Protection” panel position all switches to off.
     170Multiple Mac OS X users complained that despite seeing the
     171“Congratulations” welcome page, they were unable to reach any website
     172with the Tor Browser.  It appears that with a recent update, the Sophos
     173anti-virus solution interferes with the Tor Browser. In order to be able
     174to use the Tor Browser again, one must open Sophos Anti-Virus, then
     175“Preferences”, and in the “Web Protection” panel position all switches
     176to off.
    174177
    175178News from Tor StackExchange
     
    177180
    178181yohann2008 doesn’t want their hidden service to be indexed by search
    179 engines [XXX]. puser suggested using a robots.txt file [XXX],
    180 as on a normal webpage. Jens Kubieziel later received confirmation
    181 on the IRC channel of ahmia.fi [XXX] that this search engine does indeed
    182 respect the robots.txt; however, it is unknown whether others do.
    183 
    184  [XXX]: https://tor.stackexchange.com/q/2130/88
    185  [XXX]: https://en.wikipedia.org/wiki/Robots_exclusion_standard
    186  [XXX]: https://ahmia.fi/
    187 
    188 Herbalist saw the following line in their log file [XXX] and
    189 wonders what it could mean: “Rejecting INTRODUCE1 on non-OR
    190 or non-edge circuit 7503”. If you can unravel this mystery,
    191 please submit your answer to the question.
    192 
    193  [XXX]: https://tor.stackexchange.com/q/1866/88
     182engines [35]. puser suggested using a robots.txt file [36], as on a
     183normal webpage. Jens Kubieziel later received confirmation on the IRC
     184channel of ahmia.fi [37] that this search engine does indeed respect the
     185robots.txt; however, it is unknown whether others do.
     186
     187 [35]: https://tor.stackexchange.com/q/2130/88
     188 [36]: https://en.wikipedia.org/wiki/Robots_exclusion_standard
     189 [37]: https://ahmia.fi/
     190
     191Herbalist saw the following line in their log file [38] and wonders what
     192it could mean: “Rejecting INTRODUCE1 on non-OR or non-edge circuit
     1937503”. If you can unravel this mystery, please submit your answer to the
     194question.
     195
     196 [38]: https://tor.stackexchange.com/q/1866/88
    194197
    195198Easy development tasks to get involved with
     
    197200
    198201The metrics website displays graphs on bridge users by pluggable
    199 transport [XXX], but we’d like to have another graph with total
    200 pluggable transport usage [XXX]. Karsten Loesing outlined the steps
    201 for adding such a graph, which require some knowledge of R and ggplot2.
    202 If you enjoy writing R and want to add this new graph to the metrics
    203 website, give it a try and post your results on the ticket.
    204 
    205  [XXX]: https://metrics.torproject.org/users.html#userstats-bridge-transport
    206  [XXX]: https://bugs.torproject.org/11799
     202transport [39], but we’d like to have another graph with total pluggable
     203transport usage [40]. Karsten Loesing outlined the steps for adding such
     204a graph, which require some knowledge of R and ggplot2.  If you enjoy
     205writing R and want to add this new graph to the metrics website, give it
     206a try and post your results on the ticket.
     207
     208 [39]: https://metrics.torproject.org/users.html#userstats-bridge-transport
     209 [40]: https://bugs.torproject.org/11799
    207210
    208211Upcoming events
     
    226229Want to continue reading TWN? Please help us create this newsletter.
    227230We still need more volunteers to watch the Tor community and report
    228 important news. Please see the project page [XXX], write down your
    229 name and subscribe to the team mailing list [XXX] if you want to
     231important news. Please see the project page [41], write down your
     232name and subscribe to the team mailing list [42] if you want to
    230233get involved!
    231234
    232   [XXX]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
    233   [XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
     235 [41]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
     236 [42]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
    234237}}}