wiki:TorWeeklyNews/2015/14

Version 4 (modified by nicoo, 3 years ago) (diff)

Comment on the various status reports

92nd issue of Tor Weekly News. Covering what's happening from March 31st, 2015 to April 7th, 2015. To be released on April 8th, 2015.

Editor: Harmony

Subject: Tor Weekly News — April 8th, 2015

========================================================================
Tor Weekly News                                          April 8th, 2015
========================================================================

Welcome to the fourteenth issue in 2015 of Tor Weekly News, the weekly
newsletter that covers what’s happening in the Tor community.

Tor 0.2.5.12 and 0.2.6.7 are out
--------------------------------

Roger Dingledine announced [XXX] new releases in both the stable and
alpha series of the core Tor software. Tor 0.2.5.12 and 0.2.6.7 both
contain fixes for two security bugs that could be used either to crash
onion services, or clients trying to visit onion services. They also
make it harder for attackers to overwhelm onion services by launching
lots of introductions. For full details, please see the release
announcement.

The bugs fixed in these releases are not thought to affect the anonymity
of Tor clients or onion services. However, they could be annoying if
exploited, so onion service operators should upgrade as soon as
possible, while Tor Browser users will be updated with the imminent Tor
Browser stable release.

 [XXX]: https://blog.torproject.org/blog/tor-02512-and-0267-are-released

Tor Summer of Privacy — apply now!
----------------------------------

Some of Tor’s most active contributors and projects got their start
thanks to Google’s Summer of Code [XXX], in which the Tor
Project has successfully participated for a number of years. This year,
Google have decided to focus on encouraging newer, smaller projects,
so rather than miss out on the benefits of this kind of intense coding
program, Tor is launching its own Summer of Privacy, as Kate
Krauss announced on the Tor blog [XXX].

The format is the same as before: students have the opportunity to work
on new or existing open-source privacy projects, with financial
assistance from the Tor Project and expert guidance from some of the
world’s most innovative privacy and security engineers.

If that appeals to you (or someone you know), then see Kate’s
announcement and the official TSoP page [XXX] for more information on
the program and how to apply. Applications close on the 17th of
this month, so don’t leave it too late!

 [XXX]: https://developers.google.com/open-source/soc/?csw=1
 [XXX]: https://blog.torproject.org/blog/tor-summer-privacy-apply-now-0
 [XXX]: https://trac.torproject.org/projects/tor/wiki/org/TorSoP

Should onion services disclose how popular they are?
----------------------------------------------------

Even on the non-private web, it is not possible by default to determine
how popular a certain website is. Search engines and third-party
tracking toolbars might be able to estimate the number of visitors a
website gets, but otherwise the information is only available to the
site’s operators or to groups who are able to measure DNS requests (as
well as anyone in a position to eavesdrop on those two).

On the tor-dev mailing list, George Kadianakis posted a detailed
exploration [XXX] of this issue considered from the perspective of Tor
onion services. If improvements and additions to the onion service design
would as a side effect give an observer an idea of how popular a certain
service is, should this be considered a security risk?

Some of the arguments put forward for the inclusion of popularity-leaking
features are that they enable the collection of useful statistics; that
they allow further optimization of the onion service design; and that
concealing onion service popularity might not be necessary or even possible.

On the other hand, disclosing popularity might help an
adversary decide where to aim its attacks; it may not actually offer
significant performance or research benefits; and it may surprise onion
service users and operators who assume that onionspace popularity is no
more easy to discover than on the non-private web.

“I still am not 100% decided here, but I lean heavily
towards the ‘popularity is private information and we should not
reveal it if we can help it’ camp, or maybe in the ‘there needs to be
very concrete positive outcomes before even considering leaking
popularity’”, writes George. “Hence, my arguments will be obviously
biased towards the negatives of leaking popularity. I invite someone
from the opposite camp to articulate better arguments for why
popularity-hiding is something worth sacrificing.”

Please see George’s analysis for in-depth explanations of all these
points and more, and feel free to contribute with your own thoughts.

 [XXX]: https://lists.torproject.org/pipermail/tor-dev/2015-April/008597.html

More monthly status reports for March 2015
------------------------------------------

The wave of regular monthly reports from Tor project members for the
month of March continued, with reports from Georg Koppen [XXX] with
his work on the Tor Browser Bundle, David Goulet [XXX] and George
Kadianakis [XXX] worked on hidden services, Griffin Boyce works on
Tor-related software packages (SATORI, STORMY, TAILS) [XXX], Sherief
Alaa reported his work on support and arabic translation [XXX],
Leiah Jansen [XXX] made new communication material, Sebastian Hahn
worked on testing and fixed some website issues [XXX], and Sukhbir
Singh continued work on TorBirdy and TorMessenger [XXX].

Mike Perry reported on behalf of the Tor Browser team [XXX], while
George Kadianakis did so for SponsorR work [XXX], Israel Leiva for the
GetTor project [XXX], and Colin C. for the Tor help desk [XXX].

 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2015-April/000789.html
 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2015-April/000790.html
 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2015-April/000794.html
 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2015-April/000791.html
 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2015-April/000792.html
 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2015-April/000795.html
 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2015-April/000799.html
 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2015-April/000801.html
 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2015-April/000793.html
 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2015-April/000796.html
 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2015-April/000797.html
 [XXX]: https://lists.torproject.org/pipermail/tor-reports/2015-April/000798.html

Miscellaneous news
------------------

Nathan Freitas announced [XXX] version 15 beta 1 of Orbot, which is
“functionality complete”. “The main area for testing is using the Apps
VPN mode while switching networks and/or in bad coverage, as well as
using it in combination with Meek or Obfs4, for example. Also, the
implementation is bit different between Android 4.x and 5.x, so please
report any difference you might see there.”

 [XXX]: https://lists.mayfirst.org/pipermail/guardian-dev/2015-April/004298.html

Nathan also shared [XXX] Amogh Pradeep’s analysis of the network
calls made in the latest version of the Firefox for Android source code,
“to get our Orfox effort started again”.

 [XXX]: https://lists.mayfirst.org/pipermail/guardian-dev/2015-April/004300.html

This week in Tor history
------------------------

A year ago this week, Nathan Freitas reported [XXX] that the
number of Orbot users in Turkey had quadrupled in the previous month,
after an order by the Turkish government to block access to several
popular social media websites led to a surge in Tor connections [XXX].
This week, the same thing happened (albeit more briefly) [XXX], leading
to another increase in Tor use within Turkey [XXX].

The best time to prepare for these censorship events is before they
happen — and that includes letting people around you know what they
should do to ensure their freedom of expression remains uninterrupted.
Show them the Tor animation [XXX] and Tor brochures [XXX], help them
install Tor Browser [XXX] and Orbot [XXX], and teach them how to
configure their social media applications to connect over Tor [XXX].
If you make a habit of browsing over Tor, you may not even have to take
any notice when things get blocked!

 [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-April/032574.html
 [XXX]: https://metrics.torproject.org/userstats-relay-country.html?graph=userstats-relay-country&start=2014-01-08&end=2014-04-08&country=tr&events=off
 [XXX]: https://twitter.com/guardianproject/status/585114389826502656
 [XXX]: https://metrics.torproject.org/userstats-bridge-country.html?graph=userstats-bridge-country&start=2015-03-15&end=2015-04-08&country=tr
 [XXX]: https://blog.torproject.org/blog/releasing-tor-animation
 [XXX]: https://blog.torproject.org/blog/spread-word-about-tor
 [XXX]: https://www.torproject.org/projects/torbrowser.html
 [XXX]: https://guardianproject.info/apps/orbot/
 [XXX]: https://guardianproject.info/2012/05/02/orbot-your-twitter/

Upcoming events
---------------
  Apr 09 15:00 UTC | SponsorO support and documentation meeting
                   | #tor-project, irc.oftc.net
                   |
  Apr 13 18:00 UTC | Tor Browser online meeting
                   | #tor-dev, irc.oftc.net
                   | https://lists.torproject.org/pipermail/tbb-dev/2015-March/000248.html
                   |
  Apr 13 18:00 UTC | OONI development meeting
                   | #ooni, irc.oftc.net
                   |
  Apr 14 18:00 UTC | little-t tor patch workshop
                   | #tor-dev, irc.oftc.net
                   |
  Apr 16 - 18      | Roger @ 2015 German-American Frontiers of Engineering Symposium
                   | Potsdam, Germany
                   | http://www.naefrontiers.org/Symposia/GAFOE/21649/44840.aspx
                   |
  Apr 24           | Roger @ CTIC Privacy Conference
                   | University of Pennsylvania Law School
                   | https://www.law.upenn.edu/newsevents/calendar.php#event_id/48977/view/event


This issue of Tor Weekly News has been assembled by Harmony.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [XXX], write down your
name and subscribe to the team mailing list [XXX] if you want to
get involved!

  [XXX]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
  [XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team