Changes between Version 6 and Version 7 of TorWeeklyNews/2015/27


Ignore:
Timestamp:
Jul 10, 2015, 12:01:42 PM (4 years ago)
Author:
harmony
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TorWeeklyNews/2015/27

    v6 v7  
    33'''Editor:''' Harmony
    44
    5 '''Subject:''' Tor Weekly News — July 9th, 2015
     5'''Subject:''' Tor Weekly News — July 10th, 2015
    66
    7 {{{
    8 ========================================================================
    9 Tor Weekly News                                          July 10th, 2015
    10 ========================================================================
    11 
    12 Welcome to the twenty-seventh issue in 2015 of Tor Weekly News,
    13 the weekly newsletter that covers what’s happening in the Tor community.
    14 
    15 Contents
    16 --------
    17 
    18  1. Tails 1.4.1 is out
    19  2. Tor Browser 4.5.3 and 5.0a3 are out
    20  3. Tor unaffected by new OpenSSL security issue
    21  4. OVH is the largest and fastest-growing AS on the Tor network
    22  5. More monthly status reports for June 2015
    23  6. Miscellaneous news
    24  7. Upcoming events
    25 
    26 Tails 1.4.1 is out
    27 ------------------
    28 
    29 The Tails team announced [1] version 1.4.1 of the anonymous live
    30 operating system. Most notable in this release is the fix of automatic
    31 upgrades in Windows Camouflage mode, and plugging a hole in Tor
    32 Browser’s AppArmor sandbox that previously allowed it to access the list
    33 of recently-used files.
    34 
    35 For a full list of changes, see the team’s announcement. This release
    36 contains important security updates, so head to the download page [2]
    37 (or the automatic upgrader) as soon as possible.
    38 
    39   [1]: https://tails.boum.org/news/version_1.4.1/
    40   [2]: https://tails.boum.org/download/
    41 
    42 Tor Browser 4.5.3 and 5.0a3 are out
    43 -----------------------------------
    44 
    45 The Tor Browser team put out new releases in both the stable and alpha
    46 series of the secure, private web browser. Tor Browser 4.5.3 [3]
    47 contains updates to Firefox, OpenSSL, NoScript, and Torbutton; it also
    48 fixes a crash triggered by .svg files when the security slider was set
    49 to “High”, and backports a Tor patch that allows domain names containing
    50 underscores (a practice generally discouraged) to resolve properly.  For
    51 example, users should now be able to view the website of the New York
    52 Times without problems.
    53 
    54 Tor Browser 5.0a3 [4], meanwhile, is the first release to be based on
    55 Firefox 38 ESR. “For this release, we performed a thorough network and
    56 feature review of Firefox 38, and fixed the most pressing privacy
    57 issues, as well as all Tor proxy safety issues that we discovered during
    58 the audit”, wrote Georg Koppen. Changes to the toolchain used to build
    59 the browser mean “we are […] especially interested in feedback if there
    60 are stability issues or broken Tor Browser bundles due to these
    61 toolchain upgrades.
    62 
    63 These are important security releases, and you should upgrade to the new
    64 version in whichever series you prefer. Head to the download page [5] to
    65 get your first copy of Tor Browser, or use the in-browser updater.
    66 
    67   [3]: https://blog.torproject.org/blog/tor-browser-453-released
    68   [4]: https://blog.torproject.org/blog/tor-browser-50a3-released
    69   [5]: https://www.torproject.org/download/download-easy.html
    70 
    71 Tor unaffected by new OpenSSL security issue
    72 --------------------------------------------
    73 
    74 A few days ago, the team behind the essential Internet encryption
    75 toolkit OpenSSL announced [6] that a security issue classified as “high”
    76 would shortly be disclosed and fixed, leading to concern that another
    77 Heartbleed [7] was on the cards. In the event, the now-disclosed
    78 CVE-2015-1793 vulnerability does not appear to affect either the Tor
    79 daemon or Tor Browser, as Nick Mathewson explained [8].  However, you
    80 should still upgrade your OpenSSL as soon as possible, in order to
    81 protect the other software you use which may be vulnerable.
    82 
    83   [6]: https://mta.openssl.org/pipermail/openssl-announce/2015-July/000037.html
    84   [7]: https://lists.torproject.org/pipermail/tor-news/2014-April/000040.html
    85   [8]: https://lists.torproject.org/pipermail/tor-dev/2015-July/009050.html
    86 
    87 OVH is the largest and fastest-growing AS on the Tor network
    88 ------------------------------------------------------------
    89 
    90 nusenu observed [9] that the hosting company OVH is both the largest
    91 autonomous system [10] on the Tor network by number of relays, and the
    92 fastest-growing. While it’s no bad thing to have multiple relays located
    93 on the same network, it becomes a problem if any one entity (or someone
    94 who watches them closely enough) is able to observe too large a fraction
    95 of Tor traffic — they would then be in a position to harm the anonymity
    96 of Tor users.
    97 
    98 This is what is meant by “diversity” on the Tor network. If you’re
    99 considering running a Tor relay, then as nusenu says, “choose non-top 10
    100 ASes when adding relays (10 is an arbitrary number)”. See nusenu’s post
    101 for more information on how to select a hosting location for a stronger
    102 and more diverse Tor network.
    103 
    104   [9]: https://lists.torproject.org/pipermail/tor-relays/2015-July/007310.html
    105  [10]: https://en.wikipedia.org/wiki/Autonomous_system_(Internet)
    106 
    107 More monthly status reports for June 2015
    108 -----------------------------------------
    109 
    110 The wave of regular monthly reports from Tor project members for the
    111 month of June continued, with reports from Leiah Jansen [11] (working on
    112 graphic design and branding), Georg Koppen [12] (developing Tor
    113 Browser), Isabela Bagueros [13] (overall project management), Sukhbir
    114 Singh [14] (developing Tor Messenger), Arlo Breault (also working on Tor
    115 Messenger, as well as Tor Check) [15], Colin Childs [16] (carrying out
    116 support, localization, and outreach), and Juha Nurmi [17] (working on
    117 onion service indexing).
    118 
    119 Donncha O’Cearbhaill sent his third Tor Summer of Privacy status
    120 report [18] with updates about the OnionBalance onion service
    121 load-balancing tool, while Jesse Victors did the same [19] for the
    122 DNS-like Onion Naming System, and Israel Leiva submitted a status
    123 update [20] for the GetTor alternative software distributor, which is
    124 also being expanded as part of TSoP, as explained in Israel’s
    125 re-introduction of the project [21]. Cristobal Leiva also introduced his
    126 TSoP project, a web-based status dashboard for Tor relay operators [22]
    127 
    128  [11]: https://lists.torproject.org/pipermail/tor-reports/2015-July/000865.html
    129  [12]: https://lists.torproject.org/pipermail/tor-reports/2015-July/000866.html
    130  [13]: https://lists.torproject.org/pipermail/tor-reports/2015-July/000867.html
    131  [14]: https://lists.torproject.org/pipermail/tor-reports/2015-July/000868.html
    132  [15]: https://lists.torproject.org/pipermail/tor-reports/2015-July/000870.html
    133  [16]: https://lists.torproject.org/pipermail/tor-reports/2015-July/000871.html
    134  [17]: https://lists.torproject.org/pipermail/tor-reports/2015-July/000873.html
    135  [18]: https://lists.torproject.org/pipermail/tor-reports/2015-July/000869.html
    136  [19]: https://lists.torproject.org/pipermail/tor-dev/2015-July/009049.html
    137  [20]: https://lists.torproject.org/pipermail/tor-reports/2015-July/000872.html
    138  [21]: https://lists.torproject.org/pipermail/tor-dev/2015-July/009034.html
    139  [22]: https://lists.torproject.org/pipermail/tor-dev/2015-July/009036.html
    140 
    141 Miscellaneous news
    142 ------------------
    143 
    144 David Fifield published the regular summary of costs [23] incurred by
    145 the infrastructure for the meek pluggable transport over the past month.
    146 “The rate limiting of meek-google and meek-amazon has been partially
    147 effective in bringing costs down. […] meek-azure bandwidth use continues
    148 to increase, up 17% compared to the previous month. Keep in mind that
    149 our grant expires in October, so you should not count on it continuing
    150 to work after that.”
    151 
    152  [23]: https://lists.torproject.org/pipermail/tor-dev/2015-July/009030.html
    153 
    154 Following Donncha O’Cearbhaill’s 0.0.1 alpha release of
    155 OnionBalance [24], s7r called for help [25] putting it to the test on a
    156 running onion service. One week on [26], there have been four million
    157 hits on the service, with hardly a murmur of complaint from OnionBalance
    158 or the service it is handling: “the same instances are running since
    159 service first started, no reboot or application restart”. See s7r’s post
    160 for more numbers.
    161 
    162  [24]: https://lists.torproject.org/pipermail/tor-talk/2015-July/038312.html
    163  [25]: https://lists.torproject.org/pipermail/tor-talk/2015-July/038314.html
    164  [26]: https://lists.torproject.org/pipermail/tor-talk/2015-July/038373.html
    165 
    166 Upcoming events
    167 ---------------
    168 
    169   Jul 12 19:00 UTC | Tails low hanging fruit session
    170                    | #tails-dev, irc.oftc.net
    171                    | https://mailman.boum.org/pipermail/tails-project/2015-July/000244.html
    172                    |
    173   Jul 13 17:00 UTC | OONI development meeting
    174                    | #ooni, irc.oftc.net
    175                    |
    176   Jul 13 18:00 UTC | Tor Browser meeting
    177                    | #tor-dev, irc.oftc.net
    178                    |
    179   Jul 14 18:00 UTC | little-t tor patch workshop
    180                    | #tor-dev, irc.oftc.net
    181                    | https://lists.torproject.org/pipermail/tor-dev/2015-June/008979.html
    182                    |
    183   Jul 15 13:30 UTC | little-t tor development meeting
    184                    | #tor-dev, irc.oftc.net
    185                    | https://lists.torproject.org/pipermail/tor-dev/2015-June/008979.html
    186                    |
    187   Jul 22 02:00 UTC | Pluggable transports/bridges meeting
    188                    | #tor-dev, irc.oftc.net
    189 
    190 
    191 This issue of Tor Weekly News has been assembled by the Tails team,
    192 Karsten Loesing, teor, and Harmony.
    193 
    194 Want to continue reading TWN? Please help us create this newsletter.
    195 We still need more volunteers to watch the Tor community and report
    196 important news. Please see the project page [27], write down your
    197 name and subscribe to the team mailing list [28] if you want to
    198 get involved!
    199 
    200  [27]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
    201  [28]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
    202 }}}
     7'''Status:''' [https://lists.torproject.org/pipermail/tor-news/2015-July/000105.html Sent].