Version 7 (modified by harmony, 5 years ago) (diff)


106th issue of Tor Weekly News. Covering what's happening from July 7th, 2015 to July 14th, 2015. To be released on July 15th, 2015.

Editor: Harmony

Subject: Tor Weekly News — July 15th, 2015

Tor Weekly News                                          July 15th, 2015

Welcome to the twenty-eighth issue in 2015 of Tor Weekly News, the weekly
newsletter that covers what’s happening in the Tor community.


 1. XXX
 2. XXX

Tor is out

Nick Mathewson put out a new release [XXX] in the current Tor stable
series. Version contains a fix for a regression [XXX] introduced
in that made it difficult for clients to access onion
services under certain circumstances — for example, if a hidden service
restarts after a client connects, the same client would have been unable
to connect again until the next hour. This version also “bulletproofs the
cryptography init process, and fixes a bug when using the sandbox code
with some older versions of Linux”.

“Everyone running an older version, especially an older version of 0.2.6,
should upgrade”, writes Nick. Source code is downloadable from the
distribution directory [XXX]; packages will become available as their
packagers package them.


New onion service-related proposals

A gathering of experts in Tor onion service research and development
resulted (among other things) in two new Tor proposals for improving
the anonymity and efficiency of services hosted inside the Tor network.

John Brooks and George Kadianakis expanded [XXX] John’s earlier suggestion
that the roles of “hidden service directory” and “introduction point”
could be merged [XXX] in the next generation of onion services, into what
is now proposal 246 [XXX]. This innovation would simplify the relevant
code, reduce load on the network, and limit the number of relays that
can observe the service’s activity or serve as a fingerprint for an

George also wrote up draft proposal 247 [XXX], which tries to prevent
“guard discovery attacks” (where an adversary is able to work out which
Tor relay is being contacted directly by the target client, thereby
allowing them to attack that relay itself and deanonymize the client) by
making the attack significantly more costly to perform, using “vanguards”.
By enabling a Tor configuration option, the service operator could pin
the second and third hops (the “vanguards” in question) of their
circuits for a longer period. A would-be attacker is then forced to
carry out “a Sybil attack and two coercion attacks” before succeeding,
as opposed to the current situation “where the Sybil attack is trivial
to pull off, and only a single coercion attack is required”. “I consider
this issue very important and any feedback is greatly appreciated”, wrote

This is privacy development at the most advanced level, and the waters
are very much uncharted: there may be major design flaws, improvements,
and counter-arguments lurking up ahead. If this is an area in which you
feel you have a contribution to make, by all means take a look at the
proposals, and then pitch in on the tor-dev mailing list [XXX]!


ExoneraTor gets an update

The ExoneraTor service [XXX] lets you use historical Tor network data to
quickly determine whether or not a particular IP address was being used
by a public Tor relay on a given date. This is useful if, for example,
you’re the administrator of a web service that received malicious traffic
on that date, and you want to find out if the IP address will be useful
to your investigation of the problem.

After much discussion and feedback on the tor-relays list [XXX], Karsten
Loesing and Julius Mittenzwei have updated [XXX] ExoneraTor to offer a simpler,
more intuitive service without unnecessary details that might confuse a
non-specialist. Searches are now restricted to full days, rather than
precise timestamps, to avoid most issues relating to timezone differences
(ExoneraTor’s results are given in UTC, and searchers might forget to make
adjustments for their local timezone); the form allowing searchers to check
whether a relay permitted exit traffic to a target address and port has been
replaced by an “Exit” column indicating whether or not any exit traffic was
allowed by that relay, again for the sake of simplicity; and the overall
look of the service has been streamlined, with clearer, non-technical
explanations of Tor and Exonerator, and a translation into German (with
more languages planned).

“Please give it a try, including the tricky edge cases where you expect
it to break”, wrote Karsten. “And if you have any further feedback,” please
send it to the tor-relays mailing list.


Miscellaneous news

The upcoming IETF Meeting in Prague [XXX] will have a DNS Operations
meeting on 20th July [XXX] that will discuss both the draft
proposal [XXX] to reserve .onion as a special-use domain suffix (about
which Tor Weekly news has written before [XXX]), and other
proposals for related projects like I2P and Gnunet. If you're going to
Prague, consider attending this meeting and humming in support of
reserving .onion and these other domains!


After a hiatus in activity on the tor-mirrors list, Sebastian Hahn
updated [XXX] the file used to build the directory of mirrors on the Tor
Project website [XXX] with changes made in the last few months. “If you
notice any unexpected entries or think you should be on the list but aren’t,
I’ll check what the problem is.”


Upcoming events

  Jul 15 14:00 UTC | Measurement team meeting
                   | #tor-project,
  Jul 20 17:00 UTC | OONI development meeting
                   | #ooni,
  Jul 20 18:00 UTC | Tor Browser meeting
                   | #tor-dev,
  Jul 21 18:00 UTC | little-t tor patch workshop
                   | #tor-dev,
  Jul 22 02:00 UTC | Pluggable transports/bridges meeting
                   | #tor-dev,
  Jul 22 13:30 UTC | little-t tor development meeting
                   | #tor-dev,
  Aug 03 19:00 UTC | Tails contributors meeting
                   | #tails-dev,

This issue of Tor Weekly News has been assembled by XXX, XXX, and

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [XXX], write down your
name and subscribe to the team mailing list [XXX] if you want to
get involved!