wiki:TorWeeklyNews/2015/28

Version 14 (modified by harmony, 5 years ago) (diff)

--

106th issue of Tor Weekly News. Covering what's happening from July 7th, 2015 to July 14th, 2015. To be released on July 15th, 2015.

Editor: Harmony

Subject: Tor Weekly News — July 15th, 2015

========================================================================
Tor Weekly News                                          July 15th, 2015
========================================================================

Welcome to the twenty-eighth issue in 2015 of Tor Weekly News, the
weekly newsletter that covers what’s happening in the Tor community.

Contents
--------

 1. Caspar Bowden
 2. Tor 0.2.6.10 is out
 3. New onion service-related proposals
 4. ExoneraTor gets an update
 5. Miscellaneous news
 6. Upcoming events

Caspar Bowden
-------------

Caspar Bowden, a leading advocate for many years in the field of civil
liberties, and a member of the Tor Project, Inc.’s board of directors, has
died after a short illness. As the Tor Project wrote in a statement [XXX],
Caspar “was a passionate supporter of universal human rights, including the
right to privacy”: “The world has lost a voice of tremendous moral courage.”

A Caspar Bowden Legacy Fund [XXX] has been established “to promote advocacy
for privacy as a universal human right and privacy enhancing technologies as
one means to protect it”, in accordance with Caspar’s request “that we work
to ensure equal protection regardless of nationality” [XXX]. If you would like to
make a contribution to this fund in Caspar’s memory, please see the web page
for further details.

 [XXX]: https://twitter.com/torproject/status/619159503397875716
 [XXX]: http://www0.cs.ucl.ac.uk/staff/G.Danezis/CasparsLegacy_foundation.html
 [XXX]: https://twitter.com/ioerror/status/619107498197434368

Tor Project launches world-wide search for new Executive Director
-----------------------------------------------------------------

Following the departure of long-time Executive Director Andrew Lewman
earlier this year, the Tor Project, Inc. has opened [XXX] a world-wide search
for its new Executive Director. As Wendy Seltzer, a member of the board of
directors, writes: “We have engaged The Wentworth Company to help us
with the search process, and invite the broader Tor community and
friends to share the job posting among your networks. If you are or know
a great leader with a passion for anonymous communication and free
software, please contact Judy Tabak at Wentworth (judytabak@wentco.com,
other contact details in the posting [XXX]) for more information or to be
considered for the job.”

 [XXX]: https://blog.torproject.org/blog/tor-project-launches-world-wide-search-new-executive-director
 [XXX]: http://data01.wentco.com/openreq/Requisition.aspx?ReqID=67528129

Tor 0.2.6.10 is out
-------------------

Nick Mathewson put out a new release [XXX] in the current Tor stable
series. Version 0.2.6.10 contains a fix for a regression [XXX] introduced
in 0.2.6.3-alpha that made it difficult for clients to access onion
services under certain circumstances — for example, if a hidden service
restarts after a client connects, the same client would have been unable
to connect again until the next hour. This version also “bulletproofs the
cryptography init process, and fixes a bug when using the sandbox code
with some older versions of Linux”.

“Everyone running an older version, especially an older version of 0.2.6,
should upgrade”, writes Nick. Source code is downloadable from the
distribution directory [XXX]; packages will become available as their
packagers package them.

 [XXX]: https://blog.torproject.org/blog/tor-02610-released
 [XXX]: https://bugs.torproject.org/16381
 [XXX]: https://dist.torproject.org/

New onion service-related proposals
-----------------------------------

A gathering of experts in Tor onion service research and development
resulted (among other things) in two new Tor proposals for improving
the anonymity and efficiency of services hosted inside the Tor network.

John Brooks and George Kadianakis expanded [XXX] John’s earlier suggestion
that the roles of “hidden service directory” and “introduction point”
could be merged [XXX] in the next generation of onion services, into what
is now proposal 246 [XXX]. This innovation would simplify the relevant
code, reduce load on the network, and limit the number of relays that
can observe the service’s activity or serve as a fingerprint for an
observer.

George also wrote up draft proposal 247 [XXX], which tries to prevent
“guard discovery attacks” (where an adversary is able to work out which
Tor relay is being contacted directly by the target client, thereby
allowing them to attack that relay itself and deanonymize the client) by
making the attack significantly more costly to perform, using “vanguards”.
By enabling a Tor configuration option, the service operator could pin
the second and third hops (the “vanguards” in question) of their
circuits for a longer period. A would-be attacker is then forced to
carry out “a Sybil attack and two coercion attacks” before succeeding,
as opposed to the current situation “where the Sybil attack is trivial
to pull off, and only a single coercion attack is required”. “I consider
this issue very important and any feedback is greatly appreciated”, wrote
George.

This is privacy development at the most advanced level, and the waters
are very much uncharted: there may be major design flaws, improvements,
and counter-arguments lurking up ahead. If this is an area in which you
feel you have a contribution to make, by all means take a look at the
proposals, and then pitch in on the tor-dev mailing list [XXX]!

 [XXX]: https://lists.torproject.org/pipermail/tor-dev/2015-July/009079.html
 [XXX]: https://lists.torproject.org/pipermail/tor-dev/2015-April/008743.html
 [XXX]: https://gitweb.torproject.org/torspec.git/tree/proposals/246-merge-hsdir-and-intro.txt
 [XXX]: https://gitweb.torproject.org/torspec.git/tree/proposals/247-hs-guard-discovery.txt
 [XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

ExoneraTor gets an update
-------------------------

The ExoneraTor service [XXX] lets you use historical Tor network data to
quickly determine whether or not a particular IP address was being used
by a public Tor relay on a given date. This is useful if, for example,
you’re the administrator of a web service that received malicious traffic
on that date, and you want to find out if the IP address will be useful
to your investigation of the problem.

After much discussion and feedback on the tor-relays list [XXX], Karsten
Loesing and Julius Mittenzwei have updated [XXX] ExoneraTor to offer a simpler,
more intuitive service without unnecessary details that might confuse a
non-specialist. Searches are now restricted to full days, rather than
precise timestamps, to avoid most issues relating to timezone differences
(ExoneraTor’s results are given in UTC, and searchers might forget to make
adjustments for their local timezone); the form allowing searchers to check
whether a relay permitted exit traffic to a target address and port has been
replaced by an “Exit” column indicating whether or not any exit traffic was
allowed by that relay, again for the sake of simplicity; and the overall
look of the service has been streamlined, with clearer, non-technical
explanations of Tor and Exonerator, and a translation into German (with
more languages planned).

“Please give it a try, including the tricky edge cases where you expect
it to break”, wrote Karsten. “And if you have any further feedback,” please
send it to the tor-relays mailing list.

 [XXX]: https://exonerator.torproject.org/
 [XXX]: https://lists.torproject.org/pipermail/tor-relays/2015-July/007287.html
 [XXX]: https://lists.torproject.org/pipermail/tor-relays/2015-July/007374.html

The Vegas plan continues to roll out
------------------------------------

The “Vegas plan” — a reorganization of Tor’s active contributors into
a more focused team-based structure, named after the fair city in which
it was developed — continues to roll out, with the Measurement, Community,
Networks, and Applications teams holding their first or second IRC meetings
this week. Isabela Bagueros, Tor’s project manager, writes: “Keep an eye out for
teams’ updates, and for things that can be done better; feedback will be key
for making this successful, and that is why we will have a check-in during our
next dev meeting. So follow up, participate, bring feedback!”

If you aren’t already working with one of the new teams, and feel you should
be, please check in on IRC or the mailing lists, and someone will help direct
you to the right place.

Miscellaneous news
------------------

The upcoming IETF Meeting in Prague [XXX] will have a DNS Operations
meeting on 20th July [XXX] that will discuss both the draft
proposal [XXX] to reserve .onion as a special-use domain suffix (about
which Tor Weekly News has written before [XXX]), and other
proposals for related projects like I2P and Gnunet. If you're going to
Prague, consider attending this meeting and humming in support of
reserving .onion and these other domains!

 [XXX]: https://www.ietf.org/meeting/93/index.html
 [XXX]: https://datatracker.ietf.org/meeting/93/agenda/dnsop/
 [XXX]: https://datatracker.ietf.org/doc/draft-ietf-dnsop-onion-tld/
 [XXX]: https://lists.torproject.org/pipermail/tor-news/2015-May/000098.html

After a hiatus in activity on the tor-mirrors list, Sebastian Hahn
updated [XXX] the file used to build the directory of mirrors on the Tor
Project website [XXX] with changes made in the last few months. “If you
notice any unexpected entries or think you should be on the list but aren’t,
I’ll check what the problem is.”

 [XXX]: https://lists.torproject.org/pipermail/tor-mirrors/2015-July/000911.html
 [XXX]: https://www.torproject.org/getinvolved/mirrors

Upcoming events
---------------

  Jul 15 14:00 UTC | Measurement team meeting
                   | #tor-project, irc.oftc.net
                   |
  Jul 20 17:00 UTC | OONI development meeting
                   | #ooni, irc.oftc.net
                   |
  Jul 20 18:00 UTC | Tor Browser meeting
                   | #tor-dev, irc.oftc.net
                   |
  Jul 21 18:00 UTC | little-t tor patch workshop
                   | #tor-dev, irc.oftc.net
                   |
  Jul 22 02:00 UTC | Pluggable transports/bridges meeting
                   | #tor-dev, irc.oftc.net
                   |
  Jul 22 13:30 UTC | little-t tor development meeting
                   | #tor-dev, irc.oftc.net
                   |
  Aug 03 19:00 UTC | Tails contributors meeting
                   | #tails-dev, irc.oftc.net
                   | https://mailman.boum.org/pipermail/tails-project/2015-July/000264.html


This issue of Tor Weekly News has been assembled by Karsten Loesing,
Tom Ritter, Wendy Seltzer, Isabela Bagueros, and Harmony.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [XXX], write down your
name and subscribe to the team mailing list [XXX] if you want to
get involved!

  [XXX]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
  [XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team