Changes between Version 54 and Version 55 of TorWeeklyNews/2014/29


Ignore:
Timestamp:
Jul 23, 2014, 1:24:22 PM (5 years ago)
Author:
lunar
Comment:

sent

Legend:

Unmodified
Added
Removed
Modified
  • TorWeeklyNews/2014/29

    v54 v55  
    55'''Subject:''' Tor Weekly News — July 23rd, 2014
    66
    7 '''Status:''' Frozen! Only language and technical fixes allowed. New items should go in [wiki:TorWeeklyNews/2014/30 next week's edition]. Expected publication time 2014-07-23 12:00 UTC.
    8 
    9 {{{
    10 ========================================================================
    11 Tor Weekly News                                          July 23rd, 2014
    12 ========================================================================
    13 
    14 Welcome to the twenty-ninth issue of Tor Weekly News in 2014, the
    15 weekly newsletter that covers what is happening in the Tor community.
    16 
    17 Tails 1.1 is out!
    18 -----------------
    19 
    20 Tails, the Debian-based live system that protects its users’
    21 communications by ensuring they are all sent through the Tor network,
    22 has been updated. This new 1.1 release [1] reminds Tails users of the
    23 distribution’s roots in Debian [2]: Tails is now based on the current
    24 stable version of Debian, dubbed “Wheezy”.
    25 
    26 This means that almost all software components have been updated. One
    27 noticeable example is the desktop environment. The user experience of
    28 the GNOME 3 in fallback mode should be similar to previous Tails
    29 versions, but things will look a bit differently than they used to.
    30 
    31 One of the most keenly-awaited features of this new version is the
    32 support for UEFI firmware. Mac users now have only to press the Alt
    33 key [3] while booting their computer to start Tails from a DVD or USB
    34 stick. The same goes for owners of computers displaying “Windows 8”
    35 stickers. And, talking of Windows 8, the camouflage mode [4] has been
    36 updated to look more like it, instead of the now discontinued XP.
    37 
    38 This new release also contains security fixes [5], and minor tweaks over
    39 the previous versions.
    40 
    41 Because of the newly-introduced support for UEFI and the amount of
    42 upgraded software, incremental upgrades will not be offered for
    43 Tails 1.1. A full upgrade is needed through the Tails Installer. The
    44 safest method for upgrading Tails sticks is to go through a freshly
    45 burned DVD. Be sure to have a look at the list of known issues [6] to
    46 learn about other oddities that might happen in the process.
    47 
    48    [1]: https://tails.boum.org/news/version_1.1/
    49    [2]: https://tails.boum.org/contribute/relationship_with_upstream/
    50    [3]: https://tails.boum.org/doc/first_steps/start_tails/#usb-mac
    51    [4]: https://tails.boum.org/doc/first_steps/startup_options/windows_camouflage/
    52    [5]: https://tails.boum.org/security/Numerous_security_holes_in_1.0.1
    53    [6]: https://tails.boum.org/news/version_1.1/#index2h1
    54 
    55 PETS 2014
    56 ---------
    57 
    58 The fourteenth Privacy Enhancing Technologies Symposium was held in
    59 Amsterdam, Netherlands, July 16-18, 2014. A wide range of research in
    60 privacy enhancing technologies was presented, with many of relevance to
    61 Tor. Keynotes were given by Martin Ortlieb, Senior User Experience
    62 Researcher in Privacy at Google, and William Binney, a former NSA
    63 employee.
    64 
    65 Some papers focusing on Tor include:
    66 
    67 - “Spoiled Onions: Exposing Malicious Tor Exit Relays” by Philipp
    68   Winter, Richard Köwer, Martin Mulazzani, Markus Huber, Sebastian
    69   Schrittwieser, Stefan Lindskog, and Edgar Weippl [7]
    70 - “One Fast Guard for Life (or 9 months)” by Roger Dingledine, Nicholas
    71   Hopper, George Kadianakis, and Nick Mathewson [8]
    72 - “From Onions to Shallots: Rewarding Tor Relays with TEARS“ by Rob
    73   Jansen, Andrew Miller, Paul Syverson, and Bryan Ford [9]
    74 - “A TorPath to TorCoin: Proof-of-Bandwidth Altcoins for Compensating
    75   Relays” by Mainak Ghosh, Miles Richardson, Bryan Ford, and Rob
    76   Jansen [10]
    77 - “Measuring the Leakage of Onion at the Root, A measurement of Tor’s
    78   .onion pseudo-top-level domain in the global domain name system” by
    79   Matthew Thomas and Aziz Mohaisen [11]
    80 
    81 Also announced at PETS was the 2014 PET Award for Outstanding Research
    82 in Privacy Enhancing Technologies, for “A Scanner Darkly: Protecting
    83 User Privacy From Perceptual Applications” by Suman Jana, Arvind
    84 Narayanan†, and Vitaly Shmatikov [12]. The winner of the best student
    85 paper at PETS was “I Know Why You Went to the Clinic: Risks and
    86 Realization of HTTPS Traffic Analysis” by Brad Miller, Ling Huang, A. D.
    87 Joseph and J. D. Tygar [13].
    88 
    89 Prior to PETS, there was a Tor meet-up which Moritz Bartl reported as a
    90 great success [14]. Hopefully there will also be such an event at the
    91 2015 PETS, to be held in Philadelphia, US, in the week of June 29, 2015.
    92 
    93    [7]: https://petsymposium.org/2014/papers/Winter.pdf
    94    [8]: https://petsymposium.org/2014/papers/Dingledine.pdf
    95    [9]: https://petsymposium.org/2014/papers/Jansen.pdf
    96   [10]: https://petsymposium.org/2014/papers/Ghosh.pdf
    97   [11]: https://petsymposium.org/2014/papers/Thomas.pdf
    98   [12]: https://freedom-to-tinker.com/blog/shmat/a-scanner-darkly-protecting-user-privacy-from-perceptual-applications/
    99   [13]: https://petsymposium.org/2014/papers/Miller.pdf
    100   [14]: https://lists.torproject.org/pipermail/tor-talk/2014-July/033936.html
    101 
    102 Miscellaneous news
    103 ------------------
    104 
    105 txtorcon [15], the Tor control protocol implementation for the Twisted
    106 framework [16], received a new minor release [17]. Version 0.10.1 fixes
    107 “a couple bugs introduced along with the endpoints feature in 0.10.0”.
    108 
    109   [15]: https://twistedmatrix.com/
    110   [16]: https://pypi.python.org/pypi/txtorcon
    111   [17]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007166.html
    112 
    113 Roger Dingledine posted [18] an official reaction to the cancellation of
    114 a proposed talk at the upcoming Blackhat2014 conference dealing with
    115 possible deanonymization attacks on Tor users and hidden services.
    116 
    117   [18]: https://blog.torproject.org/blog/recent-black-hat-2014-talk-cancellation
    118 
    119 Tor ships with a sample webpage [19] that can be used by exit node
    120 operators to identify their system as such to anyone wishing to identify
    121 the source of Tor traffic. Operators most often copy and adapt this
    122 template to the local situation. Mick Morgan discovered than his version
    123 was out of sync [20] and contained broken links. “If other operators are
    124 similarly using a page based on the old template, they may wish to
    125 update”, Mick advised.
    126 
    127   [19]: https://gitweb.torproject.org/tor.git/blob_plain/HEAD:/contrib/operator-tools/tor-exit-notice.html
    128   [20]: https://lists.torproject.org/pipermail/tor-relays/2014-July/004982.html
    129 
    130 Michael Rogers, one of the developers of Briar [21], announced [22] a
    131 new mailing list [23] for discussing peer-to-peer-based communication
    132 systems based on Tor hidden services. As Briar and other systems might
    133 be “running into similar issues”, a shared place to discuss them seemed
    134 worthwhile.
    135 
    136   [21]: https://briarproject.org/
    137   [22]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007161.html
    138   [23]: https://fulpool.org/cgi-bin/mailman/listinfo/hidden-services
    139 
    140 Karsten Loesing and Philipp Winter are looking for front-end web
    141 developers [24]: “We are looking for somebody to fork and extend one of
    142 the two main Tor network status websites Atlas [25] or Globe [26]”
    143 writes Karsten. Both websites currently need love and new maintainers.
    144 Please reach out if you want to help!
    145 
    146   [24]: https://blog.torproject.org/blog/looking-front-end-web-developers-network-status-websites-atlas-and-globe
    147   [25]: https://atlas.torproject.org/
    148   [26]: https://globe.torproject.org/
    149 
    150 The database which holds Tor bridges, usually called BridgeDB [27], is
    151 able to give out bridge addresses through email. This feature was
    152 recently extended to make the email autoresponder support more bridge
    153 types, which required introducing new keywords that must be used in the
    154 initial request. Matthew Finkel is looking for feedback [28] on the
    155 current set of commands and how they could be improved.
    156 
    157   [27]: https://gitweb.torproject.org/bridgedb.git
    158   [28]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007164.html
    159 
    160 Lunar wrote a detailed report [29] on his week at the Libre Software
    161 Meeting in Montpellier, France. The report covers the booth jointly held
    162 with Nos Oignons [30], his talk in the security track, and several
    163 contacts made with other free software projects.
    164 
    165   [29]: https://lists.torproject.org/pipermail/tor-reports/2014-July/000593.html
    166   [30]: https://nos-oignons.net/
    167 
    168 Here’s another round of reports from Google Summer of Code students: the
    169 mid-term: Amogh Pradeep on Orbot and Orfox improvements [31], Israel
    170 Leiva on the GetTor revamp [32], Quinn Jarrell on the pluggable
    171 transport combiner [33], Juha Nurmi on the ahmia.fi project [34], Marc
    172 Juarez on website fingerprinting defenses [35], and Daniel Martí on
    173 incremental updates to consensus documents [36].
    174 
    175   [31]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007152.html
    176   [32]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007156.html
    177   [33]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007157.html
    178   [34]: https://lists.torproject.org/pipermail/tor-reports/2014-July/000594.html
    179   [35]: https://lists.torproject.org/pipermail/tor-reports/2014-July/000595.html
    180   [36]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007163.html
    181 
    182 Tim Retout announced [37] that apt-transport-tor [38] 0.2.1 has entered
    183 Debian unstable. This package enables APT to download Debian packages
    184 through Tor.
    185 
    186   [37]: http://retout.co.uk/blog/2014/07/21/apt-transport-tor
    187   [38]: https://tracker.debian.org/pkg/apt-transport-tor
    188 
    189 Atlas [39] can now also be used to search for Tor bridges. In the past,
    190 Atlas was only able to search for relays. This was made possible thanks
    191 to a patch [40] developed by Dmitry Eremin-Solenikov.
    192 
    193   [39]: https://atlas.torproject.org
    194   [40]: https://bugs.torproject.org/6320
    195 
    196 Thanks to Tim Semeijn [41] and Tobias Bauer [42] for setting up new
    197 mirrors of the Tor Project’s website and its software.
    198 
    199   [41]: https://lists.torproject.org/pipermail/tor-mirrors/2014-July/000642.html
    200   [42]: https://lists.torproject.org/pipermail/tor-mirrors/2014-July/000646.html
    201 
    202 Tor help desk roundup
    203 ---------------------
    204 
    205 Some Linux users have experienced missing dependency errors when trying
    206 to install Tor Browser from their operating system’s software
    207 repositories. Tor Browser should only be installed from the Tor
    208 Project’s website, and never from a software repository. In other words,
    209 using apt-get or yum to install Tor Browser is discouraged. Downloading
    210 and verifying Tor Browser from the Tor Project website allows users to
    211 keep up with important security updates as they are released.
    212 
    213 News from Tor StackExchange
    214 ---------------------------
    215 
    216 user3224 wants to log in to its Google, Microsoft etc. accounts and
    217 wonders if they will know the real name and other personal
    218 information [43]. Roya and mirimir explained that if someone logs into
    219 an already personalized account Tor can’t anonymize this user. Instead
    220 it might be wise to use Tor to register a pseudonym and also use an
    221 anonymous operating system like Tails or Whonix.
    222 
    223   [43]: https://tor.stackexchange.com/q/3603/88
    224 
    225 escapologybb has set up a Raspberry Pi. It serves as SOCKS proxy for the
    226 internal network. While everyone can use it, escapologybb asks what the
    227 security implications are and if this lowers the overall anonymity [44].
    228 If you know a good answer please share your knowledge with the users of
    229 Tor StackExchange.
    230 
    231   [44]: https://tor.stackexchange.com/q/3596/88
    232 
    233 Upcoming events
    234 ---------------
    235 
    236  Aug. 3 19:00 UTC  | Tails contributors meeting
    237                    | #tails-dev @ irc.indymedia.org / h7gf2ha3hefoj5ls.onion
    238                    | https://mailman.boum.org/pipermail/tails-project/2014-July/000000.html
    239 
    240  August 18         | Roger @ FOCI ’14
    241                    | San Diego, California, USA
    242                    | https://www.usenix.org/conference/foci14
    243                    |
    244  August 20-22      | Roger @ USENIX Security Symposium ’14
    245                    | San Diego, California, USA
    246                    | https://www.usenix.org/conference/usenixsecurity14
    247 
    248 
    249 This issue of Tor Weekly News has been assembled by Lunar, Steven Murdoch,
    250 harmony, Philipp Winter, Matt Pagan, qbi, and Karsten Loesing.
    251 
    252 Want to continue reading TWN? Please help us create this newsletter.
    253 We still need more volunteers to watch the Tor community and report
    254 important news. Please see the project page [45], write down your
    255 name and subscribe to the team mailing list [46] if you want to
    256 get involved!
    257 
    258   [45]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
    259   [46]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
    260 }}}
     7'''Status:''' [https://lists.torproject.org/pipermail/tor-news/2014-July/000055.html Sent]