Changes between Version 5 and Version 6 of TorWeeklyNews/2015/30


Ignore:
Timestamp:
Aug 8, 2015, 9:10:45 AM (4 years ago)
Author:
harmony
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TorWeeklyNews/2015/30

    v5 v6  
    55Subject: Tor Weekly News — August 8th, 2015
    66
    7 {{{
    8 ========================================================================
    9 Tor Weekly News                                         August 8th, 2015
    10 ========================================================================
    11 
    12 Welcome to the thirtieth issue in 2015 of Tor Weekly News, the weekly
    13 newsletter that covers what’s happening in the Tor community.
    14 
    15 Contents
    16 --------
    17 
    18  1. Tor 0.2.7.2-alpha is out
    19  2. Tor Browser 5.0a4 is out
    20  3. Random number generation during Tor voting
    21  4. CameraV (aka InformaCam) is out
    22  5. Monthly status reports for July month 2015
    23  6. Miscellaneous news
    24  7. Upcoming events
    25 
    26 Tor 0.2.7.2-alpha is out
    27 ------------------------
    28 
    29 Nick Mathewson announced [1] the second alpha release in the Tor 0.2.7.x
    30 series. This version includes improvements to the handling of Tor’s
    31 identity keys, which now use the Ed25519 elliptic curve signature
    32 format. It also allows onion service operators to specify a higher
    33 number of introduction points with a special configuration option, if
    34 the service is coming under heavy load, “at the cost of making it more
    35 visible that the hidden service is facing extra load”.
    36 
    37 For full details of the many other developments in this release, please
    38 see Nick’s announcement. The source code is available as usual from
    39 Tor’s distribution directory [2].
    40 
    41   [1]: https://blog.torproject.org/blog/tor-0272-alpha-released
    42   [2]: https://dist.torproject.org
    43 
    44 Tor Browser 5.0a4 is out
    45 ------------------------
    46 
    47 The Tor Browser team put out their fourth alpha release [3] in the 5.0
    48 series of the privacy-preserving anonymous browser. “Most notably, this
    49 release contains an experimental defense against font fingerprinting by
    50 using an identical set of shipped fonts on all supported platforms”,
    51 wrote Georg Koppen. This version also fixes some of the issues created
    52 by the update to Firefox 38ESR, which “brings us very close to a stable
    53 Tor Browser 5.0, which we aim to release next week”.
    54 
    55 Get your copy of the new alpha from the project page [4], or via the
    56 incremental updater if you are already using the alpha Tor Browser
    57 series.
    58 
    59   [3]: https://blog.torproject.org/blog/tor-browser-50a4-released
    60   [4]: https://www.torproject.org/projects/torbrowser.html.en#downloads-alpha
    61 
    62 Random number generation during Tor voting
    63 ------------------------------------------
    64 
    65 One of the weaknesses of the current onion service design is that parts
    66 of it (such as the relays chosen by a service to upload its descriptor)
    67 rely on a list of Tor relays which is generated in a predictable way.
    68 This makes it possible for people with malicious intentions to insert
    69 their bad relays into the list at points of their choosing, in order to
    70 carry out attacks such as denials-of-service (as some researchers proved
    71 earlier this year [5]). A good way of preventing this is to make Tor’s
    72 directory authorities jointly come up with a random number as part of
    73 their regular voting procedure, which is then used by onion services to
    74 choose the directories to which they will upload their descriptor
    75 information, and by clients to find those same directories. It could
    76 also be used by other systems as a shared source of randomness.
    77 
    78 George Kadianakis published a draft proposal [6] describing how this
    79 procedure could work. For a period of twelve hours, the directory
    80 authorities send each other a “commitment”, consisting of the hash of a
    81 256-bit value. Once all authorities are aware of the others’
    82 commitments, they then reveal to one another the values they committed
    83 to, for another twelve-hour period. At the end of that time, the
    84 revealed values are checked to see if they correspond to the
    85 commitments, and then they are all used to compute that day’s random
    86 value. This works because although you can use the commitment hash to
    87 verify that the value revealed is the same as the one decided upon
    88 twelve hours ago, you cannot derive the value itself from the
    89 commitment.
    90 
    91 Please see the draft proposal in full for discussion of the finer points
    92 of the proposed system, or if you are a fan of ingenious solutions.
    93 
    94   [5]: https://conference.hitb.org/hitbsecconf2015ams/wp-content/uploads/2015/02/D2T2-Filippo-Valsorda-and-George-Tankersly-Non-Hidden-Hidden-Services-Considered-Harmful.pdf
    95   [6]: https://lists.torproject.org/pipermail/tor-dev/2015-August/009189.html
    96 
    97 CameraV (aka InformaCam) is out
    98 -------------------------------
    99 
    100 The Guardian Project put out a full release [7] of CameraV (or
    101 InformaCam), a nifty smartphone application that lets you “capture and
    102 share verifiable photos and video proof on a smartphone or tablet, all
    103 the while keeping it entirely secure and private”. It allows you to
    104 prove the authenticity of your photos by using “the built-in sensors in
    105 modern smartphones for tracking movement, light and other environmental
    106 inputs, along with Wi-Fi, Bluetooth, and cellular network information to
    107 capture a snapshot of the environment around you” and bundling this
    108 information into the picture file.
    109 
    110 As you would expect, InformaCam is fully compatible with the Guardian
    111 Project’s Tor software offerings for Android, so whether you’re a
    112 citizen journalist or a keen phone photographer who values privacy, take
    113 a look at the CameraV page and try it out for yourself!
    114 
    115   [7]: https://lists.mayfirst.org/pipermail/guardian-dev/2015-July/004466.html
    116 
    117 Monthly status reports for July month 2015
    118 ------------------------------------------
    119 
    120 The wave of regular monthly reports from Tor project members for the
    121 month of July has begun. Pearl Crescent released their report first [8]
    122 (for work on Tor Browser development), followed by reports from David
    123 Goulet [9] (on onion service research and development), Georg
    124 Koppen [10] (working on Tor Browser), Isabela Bagueros [11] (for overall
    125 project management), Karsten Loesing [12] (working on Tor network tools
    126 and organizational tasks), Damian Johnson [13] (on Nyx and stem
    127 development), and Juha Nurmi [14] (on ahmia.fi development).
    128 
    129 The students in this year’s Tor Summer of Privacy also sent updates
    130 about their progress. Donncha O’Cearbhaill gave news of the OnionBalance
    131 load-balancing project [15], while Jesse Victors did the same for the
    132 OnioNS DNS-like system [16], Cristobal Leiva for the relay web status
    133 dashboard [17], and Israel Leiva for continuing development of the
    134 GetTor alternative software distributor [18].
    135 
    136 Finally, the Tails team published their June report [19], bringing
    137 updates about outreach, infrastructure, funding, and ongoing discussions
    138 relating to the anonymous live operating system.
    139 
    140   [8]: https://lists.torproject.org/pipermail/tor-reports/2015-July/000882.html
    141   [9]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000883.html
    142  [10]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000885.html
    143  [11]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000888.html
    144  [12]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000890.html
    145  [13]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000892.html
    146  [14]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000893.html
    147  [15]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000884.html
    148  [16]: https://lists.torproject.org/pipermail/tor-dev/2015-August/009197.html
    149  [17]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000886.html
    150  [18]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000887.html
    151  [19]: https://tails.boum.org/news/report_2015_06
    152 
    153 Miscellaneous news
    154 ------------------
    155 
    156 The participants in the recent onion service hackfest in Washington, DC
    157 published a summary [20] of the exciting progress they made during the
    158 meeting.
    159 
    160  [20]: https://blog.torproject.org/blog/hidden-service-hackfest-arlington-accords
    161 
    162 Arturo Filastò announced [21] that an OONI-related hackathon entitled
    163 “ADINA15: A Dive Into Network Anomalies” will be held on October 1-2 in
    164 the Chamber of Deputies at the Italian Parliament in Rome. “This means
    165 that you are all invited…to put your design and data analysis skills to
    166 the test!”
    167 
    168  [21]: https://lists.torproject.org/pipermail/ooni-dev/2015-July/000307.html
    169 
    170 David Fifield published the regular summary of costs [22] incurred by
    171 the infrastructure for meek.
    172 
    173  [22]: https://lists.torproject.org/pipermail/tor-dev/2015-August/009213.html
    174 
    175 Nathan Freitas explored [23] possible routes to an Android-compatible
    176 version of Ricochet [24], the exciting new privacy-preserving instant
    177 messaging application based on Tor onion services.
    178 
    179  [23]: https://lists.mayfirst.org/pipermail/guardian-dev/2015-August/004470.html
    180  [24]: https://ricochet.im
    181 
    182 Upcoming events
    183 ---------------
    184 
    185   Aug 10 09:30 EDT | Roger & others @ 5th USENIX FOCI Workshop / 24th USENIX Security Symposium
    186                    | Washington, DC, USA
    187                    | https://blog.torproject.org/events/roger-and-others-foci-usenix-security-dc
    188                    |
    189   Aug 10 17:00 UTC | OONI development meeting
    190                    | #ooni, irc.oftc.net
    191                    |
    192   Aug 10 18:00 UTC | Tor Browser meeting
    193                    | #tor-dev, irc.oftc.net
    194                    |
    195   Aug 11 18:00 UTC | little-t tor patch workshop
    196                    | #tor-dev, irc.oftc.net
    197                    |
    198   Aug 12 13:30 UTC | little-t tor development meeting
    199                    | #tor-dev, irc.oftc.net
    200                    |
    201   Aug 12 14:00 UTC | Measurement team meeting
    202                    | #tor-project, irc.oftc.net
    203                    |
    204   Aug 12 19:00 UTC | Tails low-hanging fruit session
    205                    | #tails-dev, irc.oftc.net
    206                    | https://mailman.boum.org/pipermail/tails-project/2015-August/000273.html
    207                    |
    208   Aug 19 02:00 UTC | Pluggable transports/bridges meeting
    209                    | #tor-dev, irc.oftc.net
    210 
    211 
    212 This issue of Tor Weekly News has been assembled by BitingBird and
    213 Harmony.
    214 
    215 Want to continue reading TWN? Please help us create this newsletter.
    216 We still need more volunteers to watch the Tor community and report
    217 important news. Please see the project page [25], write down your
    218 name and subscribe to the team mailing list [26] if you want to
    219 get involved!
    220 
    221  [25]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
    222  [26]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
    223 }}}
     7Status: [https://lists.torproject.org/pipermail/tor-news/2015-August/000108.html Sent].