Changes between Version 3 and Version 4 of TorWeeklyNews/2015/3


Ignore:
Timestamp:
Jan 21, 2015, 12:11:08 PM (4 years ago)
Author:
harmony
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TorWeeklyNews/2015/3

    v3 v4  
    55'''Subject:''' Tor Weekly News — January 21st, 2015
    66
    7 {{{
    8 ========================================================================
    9 Tor Weekly News                                       January 21st, 2015
    10 ========================================================================
    11 
    12 Welcome to the third issue in 2015 of Tor Weekly News, the weekly
    13 newsletter that covers what’s happening in the boring [1] Tor community.
    14 
    15   [1]: https://guardianproject.info/2015/01/02/2015-is-the-year-of-bore-sec/
    16 
    17 Tor Browser 4.0.3 and 4.5a3 are out
    18 -----------------------------------
    19 
    20 Georg Koppen announced two new releases by the Tor Browser team. Version
    21 4.0.3 [2] of the privacy-preserving browser is based on Firefox
    22 31.4.0esr, and also contains updates to NoScript, meek, and Tor
    23 Launcher.
    24 
    25 The third release in the 4.5-alpha series [3] allows the secure
    26 in-browser update mechanism to handle signed update files, and will
    27 reject unsigned ones from now on. It also restores functionality for
    28 meek, which was broken in previous 4.5-alpha releases, and offers other
    29 improvements and bugfixes — please see Georg’s announcement for the full
    30 changelog.
    31 
    32 These releases contain important security updates, so users of both the
    33 stable and alpha series should upgrade as soon as possible. Furthermore,
    34 Tor Browser 4.5a3 is signed by a new Tor Browser Developers signing key
    35 rather than the personal key of an individual developer. If you want to
    36 verify your download of the new alpha (and you should!), you will need
    37 to retrieve the new key (fingerprint EF6E 286D DA85 EA2A 4BA7 DE68 4E2C
    38 6E87 9329 8290) from a keyserver before doing so.
    39 
    40   [2]: https://blog.torproject.org/blog/tor-browser-403-released
    41   [3]: https://blog.torproject.org/blog/tor-browser-45a3-released
    42 
    43 Miscellaneous news
    44 ------------------
    45 
    46 Anthony G. Basile announced [4] version 20150114 of Tor-ramdisk, the
    47 uClibc-based micro Linux distribution whose only purpose is to host a
    48 Tor relay in an environment that maximizes security and privacy. This
    49 release includes updates to Tor, Libevent, and other key software.
    50 
    51   [4]: https://lists.torproject.org/pipermail/tor-talk/2015-January/036526.html
    52 
    53 Nik announced [5] oppy, an onion proxy implemented in Python: “oppy
    54 works like a regular Tor client”, though “there are a number of
    55 simplifications made, with the major ones primarily centering around
    56 circuit management/build logic and how and when network status documents
    57 are collected”. Nik also asked for suggestions on how to take the
    58 project forward: “Whether or not I continue hacking on oppy to make it a
    59 solid piece of software (rather than just a prototype) or just leave it
    60 as is as a reference depends on whether or not the Tor development
    61 community sees any real uses or future potential for the project”.
    62 
    63   [5]: https://lists.torproject.org/pipermail/tor-dev/2015-January/008174.html
    64 
    65 meejah announced [6] a new one-to-one encrypted and anonymous voice chat
    66 feature for “carml” [7], the command-line Tor control utility: “ [It]
    67 essentially cross-connects the mic + speakers of each side via an Opus +
    68 OGG stream over a single Tor TCP connection.” As meejah warns, it is
    69 “NOT FOR REAL USE at all yet”, but if you have experience with gstreamer
    70 and/or OGG then please see meejah’s message for some unresolved
    71 questions.
    72 
    73   [6]: https://lists.torproject.org/pipermail/tor-dev/2015-January/008166.html
    74   [7]: https://github.com/meejah/carml.git
    75 
    76 Following suggestions from Sebastian Urbach [8] and grarpamp [9],
    77 Karsten Loesing altered [10] the main unit of data rate measurement for
    78 the Tor Metrics portal [11] from MiB/s (mebibytes per second) to the
    79 more common Gbit/s (gigabits per second).
    80 
    81   [8]: https://lists.torproject.org/pipermail/tor-relays/2015-January/006240.html
    82   [9]: https://lists.torproject.org/pipermail/tor-relays/2015-January/006248.html
    83  [10]: https://bugs.torproject.org/14257
    84  [11]: https://metrics.torproject.org/
    85 
    86 Philipp Winter published [12] preliminary statistics and analysis
    87 obtained by running a Go implementation of Doctor’s [13] sybil-hunting
    88 script over archived consensuses: “I’ll have a more detailed analysis at
    89 some point in the future.”
    90 
    91  [12]: https://lists.torproject.org/pipermail/tor-dev/2015-January/008156.html
    92  [13]: https://gitweb.torproject.org/doctor.git/
    93 
    94 The Tails team published [14] instructions for running an nginx
    95 webserver as a hidden service using a copy of Tails: “Feedback is
    96 welcome!”
    97 
    98  [14]: https://mailman.boum.org/pipermail/tails-dev/2015-January/007919.html
    99 
    100 Thanks to Frédéric Cornu [15] for running a mirror of the Tor Project’s
    101 website and software!
    102 
    103  [15]: https://lists.torproject.org/pipermail/tor-mirrors/2015-January/000850.html
    104 
    105 This week in Tor history
    106 ------------------------
    107 
    108 A year ago this week [16], the “Spoiled Onions” project [17] published
    109 its preliminary technical report. The goal of the project was to monitor
    110 Tor exit relays in order to “expose, document, and thwart malicious or
    111 misconfigured relays”; the researchers turned up 65 such relays over the
    112 course of their investigation, with the culprits engaging in attacks
    113 such as “SSH and HTTPS MitM, HTML injection, SSL stripping, and traffic
    114 sniffing”, or unintentionally interfering with traffic as a result of
    115 upstream censorship.
    116 
    117 Events such as the RELAY_EARLY traffic confirmation attack [18] and the
    118 sybil attacks late last year [19] have only highlighted the importance
    119 of monitoring for malicious relays in the Tor network. The bad-relays
    120 mailing list [20] serves as a reporting channel for Tor community
    121 members who believe particular relays are up to no good (messages sent
    122 to the list are not publicly visible, for various reasons [21]); David
    123 Fifield has been experimenting with data visualizations of significant
    124 network events [22]; and Philipp Winter, a “Spoiled Onions” co-author,
    125 has been working on additional tools (such as the above-mentioned Go
    126 sybil hunter and “zoossh”, a speedy Tor network document parser [23]) to
    127 make these checks more efficient — to give only a few examples of recent
    128 work by the community on this issue.
    129 
    130  [16]: https://lists.torproject.org/pipermail/tor-news/2014-January/000029.html
    131  [17]: http://www.cs.kau.se/philwint/spoiled_onions/
    132  [18]: https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
    133  [19]: https://lists.torproject.org/pipermail/tor-consensus-health/2014-December/005381.html
    134  [20]: https://lists.torproject.org/cgi-bin/mailman/listinfo/bad-relays
    135  [21]: https://lists.torproject.org/pipermail/tor-news/2014-August/000057.html
    136  [22]: https://lists.torproject.org/pipermail/tor-dev/2015-January/008095.html
    137  [23]: https://gitweb.torproject.org/user/phw/zoossh.git/
    138 
    139 Upcoming events
    140 ---------------
    141 
    142   Jan 21 13:30 UTC | little-t tor development meeting
    143                    | #tor-dev, irc.oftc.net
    144                    |
    145   Jan 22 17:30 JST | Jacob @ Free Software Initiative of Japan
    146                    | Tokyo, Japan
    147                    | http://www.fsij.org/monthly-meetings/2015/Jan.html
    148                    |
    149   Jan 26 18:00 UTC | Tor Browser online meeting
    150                    | #tor-dev, irc.oftc.net
    151                    |
    152   Jan 26 18:00 UTC | OONI development meeting
    153                    | #ooni, irc.oftc.net
    154                    |
    155   Jan 27 18:00 UTC | little-t tor patch workshop
    156                    | #tor-dev, irc.oftc.net
    157                    |
    158   Feb 03 20:00 UTC | Tails contributors meeting
    159                    | #tails-dev, irc.oftc.net
    160                    | https://mailman.boum.org/pipermail/tails-dev/2015-January/007860.html
    161 
    162 
    163 This issue of Tor Weekly News has been assembled by Harmony.
    164 
    165 Want to continue reading TWN? Please help us create this newsletter.
    166 We still need more volunteers to watch the Tor community and report
    167 important news. Please see the project page [24], write down your
    168 name and subscribe to the team mailing list [25] if you want to
    169 get involved!
    170 
    171  [24]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
    172  [25]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
    173 }}}
     7'''Status:''' [https://lists.torproject.org/pipermail/tor-news/2015-January/000081.html Sent].