Version 35 (modified by mttp, 6 years ago) (diff)

Help desk roundup

57th issue of Tor Weekly News. Covering what's happening from July 29th, 2014 to August 5th, 2014. To be released on August 6th, 2014.


Subject: Tor Weekly News — August 6th, 2014

Tor Weekly News                                         August 6th, 2014

Welcome to the thirty-first issue of Tor Weekly News in 2014, the weekly
newsletter that covers what is happening in the XXX Tor community.

Tor and the RELAY_EARLY traffic confirmation attack

Roger Dingledine ended several months of concern and speculation in the
Tor community with a security advisory posted to the tor-announce
mailing list [XXX] and the Tor blog [XXX].

In it, he gave details of a five-month-long active attack on operators
and users of Tor hidden services that involved a variant of the
so-called “Sybil attack”: the attacker signed up “around 115 fast
non-exit relays” (now removed from the Tor network), and configured them
to inject a traffic header signal consisting of RELAY_EARLY cells to
“tag” any hidden service descriptor requests received by malicious
relays — a tag which could then be picked up by other bad nodes acting
as entry guards [XXX], in the process identifying clients which
requested information about a particular hidden service.

The attack is suspected to be linked to a now-cancelled talk that was
due to be delivered at the BlackHat security conference [XXX]. There
have been several fruitful and positive research projects involving
theoretical attacks on Tor’s security, but this was not among them. Not
only were there problems with the process of responsible disclosure,
but, as Roger wrote, “the attacker encoded the name of the hidden
service in the injected signal (as opposed to, say, sending a random
number and keeping a local list mapping random number to hidden service
name)”, thereby “[putting] users at risk indefinitely into the future”.

On the other hand, it is important to note that “while this particular
variant of the traffic confirmation attack allows high-confidence and
efficient correlation, the general class of passive (statistical)
traffic confirmation attacks remains unsolved and would likely have
worked just fine here”. In other words, the tagging mechanism used in
this case is the innovation; the other element of the attack is a known
weakness of low-latency anonymity systems, and defending against it is a
much harder problem.

“Users who operated or accessed hidden services from early February
through July 4 should assume they were affected” and act accordingly; in
the case of hidden service operators, this may mean changing the
location of the service. Accompanying the advisory were two new releases
for both the stable and alpha tor branches ( and;
both include a fix for the signal-injection issue that causes tor to
drop circuits and give a warning if RELAY_EARLY cells are detected going
in the wrong direction (towards the client), and both prepare the ground
for clients to move to single entry guards (rather than sets of three)
in the near future. Relay operators should be sure to upgrade; a
point-release of the Tor Browser will offer the same fixes to ordinary
users. Nusenu suggested [XXX] that relay operators regularly check
their logs for the new warning, “even if the attack origin is not
directly attributable from a relay’s point of view”. Be sure to read the
full security advisory for a fuller explanation of the attack and its


Why is bad-relays a closed mailing list?

Damian Johnson and Philipp Winter have been working on improving the
process of reporting bad relays [XXX]. The process starts by having
users report odd behaviors to the bad-relays mailing list.

Only a few trusted volunteers receive and review these reports. Nusenu
started a discussion on tor-talk [XXX] advocating for more transparency.
Nusenu argues that an open list would “likely get more confirm/can't
confirm feedback for a given badexit candidate”, and that it would allow
worried users to act faster than operators of directory authorities.

Despite being “usually on the side of transparency”, Roger Dingledine
described [XXX] being “stuck” on the issue, “because the arms race is so
lopsidedly against us”.

Roger explains: “we can scan for whether exit relays handle certain
websites poorly, but if the list that we scan for is public, then exit
relays can mess with other websites and know they’ll get away with it.
We can scan for incorrect behavior on various ports, but if the list of
ports and the set of behavior we do is public, then again relays are
free to mess with things we don’t look for.”

A better future and more transparency probably lies in adaptative test
systems run by multiple volunteer groups. Until they come to existence,
as a small improvement, Philipp Winter wrote [XXX] it was probably safe
to publish why relays were disabled, through “short sentence along the
lines of ‘running HTTPS MitM’ or ‘running sslstrip’”.


Monthly status reports for July 2014

Time for monthly reports from Tor project members. The July 2014 round
was opened by Georg Koppen [XXX], followed by Philipp Winter [XXX],
Sherief Alaa [XXX], Lunar [XXX], Nick Mathewson [XXX], Pearl
Crescent [XXX], George Kadianakis [XXX], Matt Pagan [XXX], Isis
Lovecruft [XXX], and Griffin Boyce [XXX].


Lunar reported on behalf of the help desk [XXX] and Mike Perry for the
Tor Browser team [XXX].


Miscellaneous news

Anthony G. Basile announced a new release of tor-ramdisk, an i686 or
x86_64 uClibc-based micro Linux distribution whose only purpose is to
host a Tor server. Version 20140801 [XXX] updates Tor to version, and the kernel to 3.15.7 with Gentoo’s hardened patches.


meejah has announced [XXX] a new command-line application. carml is a versatile
set of tools to “query and control a running Tor”. It can do things like “list
and remove streams and circuits; monitor stream, circuit and address-map
events; watch for any Tor event and print it (or many) out; monitor bandwidth;
run any Tor control-protocol command; pipe through common Unix tools like grep,
less, cut, etcetera; download TBB through Tor, with pinned certs and signature
checking; and even spit out and run xplanet configs (with router/circuit
markers)!” The application is written in Python and uses the
txtorcon library [XXX]. meejah describes it as early-alpha and warns that it
might contain “serious, anonymity-destroying bugs”. Watch out!


Only two weeks left for the Google Summer of Code students, and the last round of
reports but one: Juha Nurmi on the project [XXX], Marc Juarez on
website fingerprinting defenses [XXX], Amogh Pradeep on Orbot and Orfox
improvements [XXX], Zack Mullaly on the HTTPS Everywhere secure ruleset update
mechanism [XXX], Israel Leiva on the GetTor revamp [XXX], Quinn Jarrell on the
pluggable transport combiner [XXX], Daniel Martí on incremental updates to
consensus documents [XXX], Noah Rahman on Stegotorus enhancements [XXX],
and Sreenatha Bhatlapenumarthi on the Tor Weather rewrite [XXX].


The Tails team is looking for testers to solve a possible incompatiblity
in one of the recommended installation procedures. If you have a running Tails
system, a spare USB stick and some time, please help [XXX]. Don't miss
the recommended command-line options [XXX]!


The Citizen Lab Summer Institute [XXX] took place at the University of Toronto
from July 28 to 31. The event brought together policy and technology
researchers who focus on Internet censorship and measurement. A lot of great
work was presented including but not limited to a proposal to measure the
chilling effect, ongoing work to deploy Telex [XXX], and several projects to
measure censorship in different countries. Some Tor-related work was also
presented: Researchers are working on understanding how the Tor network is used
for political purposes. Another project makes use of TCP/IP side channels to
measure the reachability of Tor relays from within China [XXX].


Tor help desk roundup

Users occasionally ask if there is any way to set Tor Browser as the default
browser on their system. Currently this is not possible, although it may be
possible in a future Tor Browser release [XXX]. In the mean time, Tails
provides another way to prevent accidentally opening hyperlinks in a non-Tor


News from Tor StackExchange

Text with cited source [XXX].


Easy development tasks to get involved with

Text with cited source [XXX].


Upcoming events

 Aug.  6 19:00 UTC | little-t tor development meeting
                   | #tor-dev,
 Aug. 11 18:00 UTC | Tor Browser online meeting
                   | #tor-dev,
 August 18         | Roger @ FOCI ’14
                   | San Diego, California, USA
 August 20-22      | Roger @ USENIX Security Symposium ’14
                   | San Diego, California, USA

This issue of Tor Weekly News has been assembled by XXX, XXX, and

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [XXX], write down your
name and subscribe to the team mailing list [XXX] if you want to
get involved!


Possible items: