Changes between Version 8 and Version 9 of TorWeeklyNews/2015/1


Ignore:
Timestamp:
Jan 7, 2015, 12:51:09 PM (4 years ago)
Author:
harmony
Comment:

sent

Legend:

Unmodified
Added
Removed
Modified
  • TorWeeklyNews/2015/1

    v8 v9  
    55'''Subject:''' Tor Weekly News — January 7th, 2015
    66
    7 {{{
    8 ========================================================================
    9 Tor Weekly News                                        January 7th, 2014
    10 ========================================================================
    11 
    12 Welcome to the first issue in 2015 of Tor Weekly News, the weekly
    13 newsletter that covers what’s happening in the Tor community.
    14 
    15 Tor 0.2.6.2-alpha is out
    16 ------------------------
    17 
    18 Nick Mathewson announced [1] the second alpha release in the Tor 0.2.6.x
    19 series. As well as including the cell scheduling changes [2] and hidden
    20 service statistics collection [3] reported in recent issues of TWN, this
    21 release makes it harder to portscan hidden services by closing circuits
    22 if a client tries to connect to a non-existent port. It also contains
    23 numerous bugfixes and new unit tests; please see Nick’s announcement for
    24 the full changelog. The source code is available as usual from the
    25 distribution directory [4].
    26 
    27   [1]: https://blog.torproject.org/blog/tor-0262-alpha-released
    28   [2]: https://bugs.torproject.org/9262
    29   [3]: https://bugs.torproject.org/13192
    30   [4]: https://dist.torproject.org/
    31 
    32 Tor at 31c3
    33 -----------
    34 
    35 The 31st edition of the Chaos Communication Congress [5], an annual
    36 highlight in the free software and security calendar, took place in
    37 Hamburg, and as usual Tor featured in several key talks over the course
    38 of the long weekend.
    39 
    40 Roger Dingledine and Jacob Appelbaum’s appropriately grand-sounding
    41 “State of the Onion” address [6], a round-up of the year’s events in the
    42 Tor community, took place once again, with guest contributions from
    43 journalist and filmmaker Laura Poitras and OONI developer Arturo
    44 Filastò. Topics included the relationship between censorship and
    45 surveillance, the misinterpretation of academic research by journalists,
    46 new pluggable transports, and much more.
    47 
    48 Laura Poitras also joined Julia Angwin, Jack Gillum, and Nadia Heninger
    49 for “Crypto Tales from the Trenches” [7], in which the journalists
    50 described their experiences with security software when doing research
    51 and communicating with sources. “I don’t think any of us could do our
    52 work without Tor”, said Laura, while Julia described the Tails operating
    53 system as “her favorite success story” in this field.
    54 
    55 Tor Browser developer Mike Perry joined Seth Schoen to discuss [8] the
    56 concept of deterministic builds, the implementation of which has been
    57 one of the Tor Project’s major successes over the past year. Mike and
    58 Seth demonstrated some of the attacks that this system aims to defend
    59 against, as well as the work that Tor, F-Droid, and Debian have all been
    60 doing to make their processes compatible with the deterministic build
    61 process.
    62 
    63 Finally, Dr. Gareth Owen of Portsmouth University presented [9] the
    64 results of research into the content and usage of Tor hidden services.
    65 The research involved setting up a number of Tor relays, waiting until
    66 they gained the “HSDir” flag, then counting the number of times a
    67 particular service’s descriptor was requested, as well as manually
    68 categorizing the services whose descriptors were learned. Dr.  Owen
    69 found that while the largest category of onion services by number could
    70 be characterized as “drugs”, the majority of the descriptor requests he
    71 saw were for services in his “abuse” category. The talk itself discusses
    72 some possible limitations of the data gathered, and Tor developers have
    73 responded on the Tor blog with further analysis [10, 11].
    74 
    75   [5]: https://events.ccc.de/congress/2014/wiki/Main_Page
    76   [6]: http://media.ccc.de/browse/congress/2014/31c3_-_6251_-_en_-_saal_1_-_201412301400_-_state_of_the_onion_-_jacob_-_arma.html
    77   [7]: http://media.ccc.de/browse/congress/2014/31c3_-_6154_-_en_-_saal_1_-_201412272300_-_crypto_tales_from_the_trenches_-_nadia_heninger_-_julia_angwin_-_laura_poitras_-_jack_gillum.html
    78   [8]: http://media.ccc.de/browse/congress/2014/31c3_-_6240_-_en_-_saal_g_-_201412271400_-_reproducible_builds_-_mike_perry_-_seth_schoen_-_hans_steiner.html
    79   [9]: http://media.ccc.de/browse/congress/2014/31c3_-_6112_-_en_-_saal_2_-_201412301715_-_tor_hidden_services_and_deanonymisation_-_dr_gareth_owen.html
    80  [10]: https://blog.torproject.org/blog/tor-80-percent-percent-1-2-percent-abusive
    81  [11]: https://blog.torproject.org/blog/some-thoughts-hidden-services
    82 
    83 Monthly status reports for December 2014
    84 ----------------------------------------
    85 
    86 The wave of regular monthly reports from Tor project members for the
    87 month of December has begun. Philipp Winter released his report
    88 first [12], followed by reports from Damian Johnson [13], Pearl
    89 Crescent [14], Juha Nurmi [15], Nick Mathewson [16], Sherief Alaa [17],
    90 Sukhbir Singh [18], Leiah Jansen [19], David Goulet [20], Michael Schloh
    91 von Bennewitz [21], Colin C. [22], Georg Koppen [23], Arlo Breault [24],
    92 and George Kadianakis [25].
    93 
    94 Colin C. also sent out the help desk report [26], while Arturo Filastò
    95 reported on behalf of the OONI team [27] and Mike Perry for the Tor
    96 Browser team [28].
    97 
    98  [12]: https://lists.torproject.org/pipermail/tor-reports/2014-December/000727.html
    99  [13]: https://lists.torproject.org/pipermail/tor-reports/2014-December/000728.html
    100  [14]: https://lists.torproject.org/pipermail/tor-reports/2014-December/000729.html
    101  [15]: https://lists.torproject.org/pipermail/tor-reports/2014-December/000730.html
    102  [16]: https://lists.torproject.org/pipermail/tor-reports/2014-December/000731.html
    103  [17]: https://lists.torproject.org/pipermail/tor-reports/2014-December/000732.html
    104  [18]: https://lists.torproject.org/pipermail/tor-reports/2015-January/000733.html
    105  [19]: https://lists.torproject.org/pipermail/tor-reports/2015-January/000734.html
    106  [20]: https://lists.torproject.org/pipermail/tor-reports/2015-January/000735.html
    107  [21]: https://lists.torproject.org/pipermail/tor-reports/2015-January/000736.html
    108  [22]: https://lists.torproject.org/pipermail/tor-reports/2015-January/000738.html
    109  [23]: https://lists.torproject.org/pipermail/tor-reports/2015-January/000740.html
    110  [24]: https://lists.torproject.org/pipermail/tor-reports/2015-January/000742.html
    111  [25]: https://lists.torproject.org/pipermail/tor-reports/2015-January/000743.html
    112  [26]: https://lists.torproject.org/pipermail/tor-reports/2015-January/000737.html
    113  [27]: https://lists.torproject.org/pipermail/tor-reports/2015-January/000739.html
    114  [28]: https://lists.torproject.org/pipermail/tor-reports/2015-January/000741.html
    115 
    116 Miscellaneous news
    117 ------------------
    118 
    119 Nick Mathewson and Andrea Shepard drafted a proposal [29] for including
    120 a hash chain in the consensus [30] produced by Tor directory
    121 authorities [31], in order to prevent certain kinds of attack on the
    122 directory authorities and their keys.
    123 
    124  [29]: https://lists.torproject.org/pipermail/tor-dev/2015-January/008087.html
    125  [30]: https://metrics.torproject.org/about.html#consensus
    126  [31]: https://metrics.torproject.org/about.html#directory-authority
    127 
    128 Nick also clarified [32] that a recently-discovered Libevent
    129 vulnerability has no effect on Tor.
    130 
    131  [32]: https://lists.torproject.org/pipermail/tor-talk/2015-January/036379.html
    132 
    133 In connection with the current push to collect statistics relating to
    134 Tor hidden services in a privacy-preserving manner, Aaron Johnson
    135 noted [33] that there are two further desirable sets of statistics which
    136 might pose a risk to anonymity if gathered incorrectly, and discussed
    137 possible solutions to the problem.
    138 
    139  [33]: https://lists.torproject.org/pipermail/tor-dev/2015-January/008086.html
    140 
    141 David Fifield published a summary [34] of costs incurred by the meek
    142 pluggable transport for the month of December 2014.
    143 
    144  [34]: https://lists.torproject.org/pipermail/tor-dev/2015-January/008082.html
    145 
    146 David also continued his experiments on historical Tor metrics data with
    147 visualizations of a recent Sybil attack [35], and wondered [36] what
    148 might have been responsible for a sudden change in the way that users in
    149 Kazakhstan were choosing to connect to the Tor network in October 2014.
    150 
    151  [35]: https://lists.torproject.org/pipermail/tor-dev/2015-January/008095.html
    152  [36]: https://lists.torproject.org/pipermail/tor-talk/2015-January/036346.html
    153 
    154 Sebastian Urbach noted [37] a sudden drop in the number of Tor relays
    155 acting as hidden service directories, and wondered about the cause. As
    156 SiNA Rabbani clarified [38], the amount of time a relay needs to have
    157 been running before it earns the “HSDir” flag was increased by directory
    158 authorities, in response to a recent Sybil attack.
    159 
    160  [37]: https://lists.torproject.org/pipermail/tor-relays/2015-January/006051.html
    161  [38]: https://lists.torproject.org/pipermail/tor-relays/2015-January/006063.html
    162 
    163 The developers of ChatSecure for iOS announced [39] that their recent
    164 3.0 release includes experimental support for connections to XMPP chat
    165 servers over Tor, and briefly described how they added the new feature.
    166 
    167  [39]: https://chatsecure.org/blog/chatsecure-ios-v3-released/
    168 
    169 Upcoming events
    170 ---------------
    171 
    172   Jan 07 13:30 UTC | little-t tor development meeting
    173                    | #tor-dev, irc.oftc.net
    174                    |
    175   Jan 12 18:00 UTC | Tor Browser online meeting
    176                    | #tor-dev, irc.oftc.net
    177                    |
    178   Jan 12 18:00 UTC | OONI development meeting
    179                    | #ooni, irc.oftc.net
    180                    |
    181   Jan 13 18:00 UTC | little-t tor patch workshop
    182                    | #tor-dev, irc.oftc.net
    183                    |
    184   Jan 16 19:30 UTC | Tails/Jessie progress meeting
    185                    | #tails-dev, irc.oftc.net
    186                    | https://mailman.boum.org/pipermail/tails-dev/2014-December/007696.html
    187 
    188 
    189 This issue of Tor Weekly News has been assembled by Harmony, David
    190 Fifield, and Catfish.
    191 
    192 Want to continue reading TWN? Please help us create this newsletter.
    193 We still need more volunteers to watch the Tor community and report
    194 important news. Please see the project page [40], write down your
    195 name and subscribe to the team mailing list [41] if you want to
    196 get involved!
    197 
    198  [40]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
    199  [41]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
    200 }}}
     7'''Status:''' [https://lists.torproject.org/pipermail/tor-news/2015-January/000079.html Sent].