Changes between Version 47 and Version 48 of TorWeeklyNews/2014/35


Ignore:
Timestamp:
Sep 3, 2014, 2:22:01 PM (5 years ago)
Author:
harmony
Comment:

sent

Legend:

Unmodified
Added
Removed
Modified
  • TorWeeklyNews/2014/35

    v47 v48  
    55'''Subject:''' Tor Weekly News — September 3rd, 2014
    66
    7 '''Status:''' Frozen. Only technical and language fixes are welcome. New items should go in [wiki:TorWeeklyNews/2014/36 next week's edition]
    8 
    9 {{{
    10 ========================================================================
    11 Tor Weekly News                                      September 3rd, 2014
    12 ========================================================================
    13 
    14 Welcome to the thirty-fifth issue of Tor Weekly News in 2014, the weekly
    15 newsletter that covers what is happening in the Tor community.
    16 
    17 Tor Browser 3.6.5 and 4.0-alpha-2 are out
    18 -----------------------------------------
    19 
    20 The Tor Browser team put out two new releases of the privacy-preserving
    21 web browser. Among the major changes, version 3.6.5 upgrades Firefox to
    22 24.8.0esr, and includes an improved prompt to help users defend against
    23 HTML5 canvas image fingerprinting [1], following a patch by Isis
    24 Lovecruft [2]. Version 4.0-alpha-2 additionally includes the code for
    25 the forthcoming Tor Browser auto-updater (switched off by default) and
    26 “better hardening for Windows and Linux builds” [3].
    27 
    28 As ever, you can download the new releases along with their signature
    29 files from the Tor Project’s distribution directory [4]. Please upgrade
    30 as soon as you can.
    31 
    32   [1]: https://lists.torproject.org/pipermail/tor-talk/2014-July/033969.html
    33   [2]: https://bugs.torproject.org/12684
    34   [3]: https://lists.torproject.org/pipermail/tor-qa/2014-September/000458.html
    35   [4]: https://www.torproject.org/dist/torbrowser/
    36 
    37 Tails 1.1.1 is out
    38 ------------------
    39 
    40 The Tails team released [5] version 1.1.1 of the Debian- and Tor-based
    41 live operating system. As well as upgrading key components like Tor,
    42 Iceweasel, and Linux, this release disables I2P by default when Tails is
    43 booted, in response to the vulnerability recently disclosed by Exodus
    44 Intelligence [6]. Like Truecrypt, “i2p” must now be specified as a
    45 parameter on booting by users who wish to use it.
    46 
    47 A number of other security fixes and routine improvements make this an
    48 important update for all Tails users. See the full changelog in the
    49 team’s announcement, then update from a running copy of Tails 1.1 if you
    50 have one, or head to the download page [7] if you don’t.
    51 
    52   [5]: https://tails.boum.org/news/version_1.1.1/
    53   [6]: https://tails.boum.org/security/Security_hole_in_I2P_0.9.13/
    54   [7]: https://tails.boum.org/download/
    55 
    56 Helping Internet services accept anonymous users
    57 ------------------------------------------------
    58 
    59 Without a large and diverse network, run by thousands of dedicated
    60 volunteers, Tor would be nowhere near as useful or popular as it
    61 currently is. Although the current situation might at times seem
    62 fragile, there are still many places where it is feasible to host Tor
    63 exit nodes.
    64 
    65 However, Tor would become much less attractive to users if they found
    66 themselves unable to reach or interact with their favorite websites
    67 while using it, a situation that is unfortunately growing more common as
    68 site administrators and engineers react negatively to instances of
    69 abusive Tor traffic by banning anonymous connections outright. Tor users
    70 and developers, as well as members of other online communities (such as
    71 Wikimedia [8]), have tried to address the issue before, but real
    72 progress has yet to be made.
    73 
    74 Roger Dingledine wrote a “call to arms” [9] explaining the problem in
    75 detail and exploring possible paths to a solution: “Step one is to
    76 enumerate the set of websites and other Internet services that handle
    77 Tor connections differently from normal connections […]. Step two is to
    78 sort the problem websites based on how amenable they would be to our
    79 help”.
    80 
    81 Since the problem involves humans as much as it does machines, anyone
    82 working on it will have to be both “technical” but also ”good at
    83 activism”. If you fit that description, OTF has expressed interest in
    84 funding work on this issue through their Information Controls Fellowship
    85 Program [10]. Please read Roger’s blog post in full for more details.
    86 
    87   [8]: https://meta.wikimedia.org/wiki/Grants:IdeaLab/Partnership_between_Wikimedia_community_and_Tor_community
    88   [9]: https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
    89  [10]: https://www.opentechfund.org/labs/fellowships
    90 
    91 Monthly status reports for August 2014
    92 --------------------------------------
    93 
    94 The wave of regular monthly reports from Tor project members for the
    95 month of August has begun. Damian Johnson released his report
    96 first [11], followed by reports from Georg Koppen [12], Sherief
    97 Alaa [13], Noel Torres [14], Kevin P Dyer [15], Nick Mathewson [16],
    98 Lunar [17], Arthur D. Edelstein [18], Karsten Loesing [19], Andrew
    99 Lewman [20], Arlo Breault [21], Pearl Crescent [22], and Michael Schloh
    100 von Bennewitz [23].
    101 
    102 Lunar also reported on behalf of the help desk [24], and Mike Perry did
    103 the same for the Tor Browser team [25].
    104 
    105  [11]: https://lists.torproject.org/pipermail/tor-reports/2014-August/000626.html
    106  [12]: https://lists.torproject.org/pipermail/tor-reports/2014-August/000627.html
    107  [13]: https://lists.torproject.org/pipermail/tor-reports/2014-September/000628.html
    108  [14]: https://lists.torproject.org/pipermail/tor-reports/2014-September/000629.html
    109  [15]: https://lists.torproject.org/pipermail/tor-reports/2014-September/000630.html
    110  [16]: https://lists.torproject.org/pipermail/tor-reports/2014-September/000633.html
    111  [17]: https://lists.torproject.org/pipermail/tor-reports/2014-September/000635.html
    112  [18]: https://lists.torproject.org/pipermail/tor-reports/2014-September/000636.html
    113  [19]: https://lists.torproject.org/pipermail/tor-reports/2014-September/000637.html
    114  [20]: https://lists.torproject.org/pipermail/tor-reports/2014-September/000638.html
    115  [21]: https://lists.torproject.org/pipermail/tor-reports/2014-September/000639.html
    116  [22]: https://lists.torproject.org/pipermail/tor-reports/2014-September/000640.html
    117  [23]: https://lists.torproject.org/pipermail/tor-reports/2014-September/000641.html
    118  [24]: https://lists.torproject.org/pipermail/tor-reports/2014-September/000634.html
    119  [25]: https://lists.torproject.org/pipermail/tor-reports/2014-September/000642.html
    120 
    121 Miscellaneous news
    122 ------------------
    123 
    124 Yawning Angel released [26] a new set of experimental Tor Browser builds
    125 containing the proposed obfs4 pluggable transport, along with a
    126 changelog; “questions, comments, feedback” are welcome on the email
    127 thread or the bug ticket tracking the deployment of obfs4 [27].
    128 
    129  [26]: https://lists.torproject.org/pipermail/tor-dev/2014-August/007420.html
    130  [27]: https://bugs.torproject.org/12130
    131 
    132 Arturo Filastò announced [28] the release of version 1.1.0 of
    133 oonibackend, the tool “used by ooniprobe to discover the addresses of
    134 test helpers (via the bouncer) to submit reports to (via the collector)
    135 and to perform some measurements that require a backend system to talk
    136 to (via test helpers)” [29].
    137 
    138  [28]: https://lists.torproject.org/pipermail/tor-dev/2014-September/007450.html
    139  [29]: https://pypi.python.org/pypi/oonibackend
    140 
    141 meejah posted [30] a list of tasks to be completed in order to bring Tor
    142 Weather to a deployable state, following the recent rewrite effort and
    143 the Google Summer of Code project by Sreenatha Bhatlapenumarthi.
    144 
    145  [30]: https://lists.torproject.org/pipermail/tor-dev/2014-August/007426.html
    146 
    147 Israel Leiva submitted a summary [31] of work completed as part of the
    148 “Revamp GetTor” Google Summer of Code project: “The plan for now is to
    149 keep doing tests and deploy it asap (hopefully during September).”
    150 
    151  [31]: https://lists.torproject.org/pipermail/tor-dev/2014-August/007427.html
    152 
    153 Mike Perry posted [32] an updated version [33] of the proposal for
    154 website fingerprinting countermeasures which he co-authored with Marc
    155 Juarez as part of the latter’s Google Summer of Code project.
    156 
    157  [32]: https://lists.torproject.org/pipermail/tor-dev/2014-August/007417.html
    158  [33]: https://gitweb.torproject.org/user/mikeperry/torspec.git/blob/refs/heads/multihop-padding-primitives:/proposals/ideas/xxx-multihop-padding-primitives.txt
    159 
    160 Lunar gave a talk [34] at this year’s DebConf on the effort to build
    161 Debian packages deterministically, which is inspired in large part by
    162 Tor Browser’s use of the same technology [35]. Major progress was
    163 achieved during the conference [36].
    164 
    165  [34]: http://meetings-archive.debian.net/pub/debian-meetings/2014/debconf14/webm/Reproducible_Builds_for_Debian_a_year_later.webm
    166  [35]: https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise
    167  [36]: http://lists.alioth.debian.org/pipermail/reproducible-builds/Week-of-Mon-20140901/000198.html
    168 
    169 David Fifield submitted a breakdown [37] of the costs incurred by the
    170 infrastructure that supports the meek pluggable transport [38] since its
    171 introduction. The total to date from both the Google App Engine and
    172 Amazon AWS front domains? $6.56.
    173 
    174  [37]: https://lists.torproject.org/pipermail/tor-dev/2014-August/007429.html
    175  [38]: https://trac.torproject.org/projects/tor/wiki/doc/meek
    176 
    177 Thanks to P D [39] and Daniel Pajonzeck [40] for running mirrors of the
    178 Tor Project website and software!
    179 
    180  [39]: https://lists.torproject.org/pipermail/tor-mirrors/2014-August/000653.html
    181  [40]: https://lists.torproject.org/pipermail/tor-mirrors/2014-August/000673.html
    182 
    183 Also on the subject of mirrors, Roger Dingledine alerted [41] the
    184 tor-mirrors mailing list to the fact that the Tor Project website
    185 (specifically the distribution directory) will shortly be increasing in
    186 size to eight or nine gigabytes, as a result of the
    187 soon-to-be-implemented Tor Browser updater [42]. Mirror operators will
    188 need to ensure that they can provide enough disk space to accommodate
    189 the change.
    190 
    191  [41]: https://lists.torproject.org/pipermail/tor-mirrors/2014-September/000675.html
    192  [42]: https://bugs.torproject.org/4234
    193 
    194 whonixqubes announced [43] the release of an integrated version of the
    195 Whonix and Qubes operating systems: “I look forward to helping make
    196 Qubes + Whonix integration even tighter and more seamless throughout the
    197 future.”
    198 
    199  [43]: https://lists.torproject.org/pipermail/tor-talk/2014-August/034562.html
    200 
    201 Tor help desk roundup
    202 ---------------------
    203 
    204 The help desk has been asked if Tor can make a website visit appear to
    205 come from China. Tor connections appear to originate from the country
    206 where the exit relay in use is located; since Tor is blocked in China,
    207 there are zero exit relays in China. A visualization of the different
    208 country-locations of exit relays can be found on Tor’s metrics
    209 page [44].
    210 
    211  [44]: https://metrics.torproject.org/bubbles.html#country-exits-only
    212 
    213 News from Tor StackExchange
    214 ---------------------------
    215 
    216 Anony Mouse wanted to know why Facebook shows the location of the user’s
    217 last login over Tor as Baghdad or Dhaka [45], instead of the real
    218 location of the exit relay. qbi posted a screenshot showing this
    219 issue [46]. According to Facebook, this information is based on an
    220 approximation, but this approximation locates all Tor exit relays
    221 either in Baghdad or in Dhaka.
    222 
    223  [45]: https://tor.stackexchange.com/q/3364/88
    224  [46]: https://twitter.com/qbi/status/506550322308055040
    225 
    226 user3500 wants to contribute to Tor and asks how this can be done as an
    227 inexperienced developer [47]. Jens Kubieziel replied with several
    228 possibilities, including reading the volunteer page and Tor Weekly News:
    229 in particular, the section containing easy development tasks might be a
    230 good start. Roya pointed out that any contribution is better than no
    231 contribution, and encouraged user3500 to just get started. Umut Seven
    232 recommended writing unit tests.
    233 
    234  [47]: https://tor.stackexchange.com/q/3961/88
    235 
    236 Kras wants to use FoxyProxy in connection with Tor Browser Bundle and
    237 asks if it is safe to do so [48]. At the moment, there is only an answer
    238 saying “yes”, without any explanation. What is your experience? Is it
    239 safe for a user to install and use FoxyProxy?
    240 
    241  [48]: https://tor.stackexchange.com/q/3239/88
    242 
    243 Upcoming events
    244 ---------------
    245 
    246   Sep 03 13:30 UTC | little-t tor development meeting
    247                    | #tor-dev, irc.oftc.net
    248                    |
    249   Sep 03 19:00 UTC | Tails contributors meeting
    250                    | #tails-dev, irc.indymedia.org / h7gf2ha3hefoj5ls.onion
    251                    | https://mailman.boum.org/pipermail/tails-project/2014-August/000016.html
    252                    |
    253   Sep 05 15:00 UTC | OONI development meeting
    254                    | #ooni, irc.oftc.net
    255                    | https://lists.torproject.org/pipermail/ooni-dev/2014-August/000151.html
    256                    |
    257   Sep 08 18:00 UTC | Tor Browser online meeting
    258                    | #tor-dev, irc.oftc.net
    259                    |
    260   Sep 12 19:00 UTC | Tails low hanging fruit session
    261                    | #tails-dev, irc.indymedia.org / h7gf2ha3hefoj5ls.onion
    262                    | https://mailman.boum.org/pipermail/tails-project/2014-August/000024.html
    263 
    264 
    265 This issue of Tor Weekly News has been assembled by harmony, Matt Pagan,
    266 Lunar, qbi, and Arlo Breault.
    267 
    268 Want to continue reading TWN? Please help us create this newsletter.
    269 We still need more volunteers to watch the Tor community and report
    270 important news. Please see the project page [49], write down your
    271 name and subscribe to the team mailing list [50] if you want to
    272 get involved!
    273 
    274  [49]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
    275  [50]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
    276 }}}
     7'''Status:''' [https://lists.torproject.org/pipermail/tor-news/2014-September/000061.html Sent].