Changes between Version 18 and Version 19 of TorWeeklyNews/2015/6


Ignore:
Timestamp:
Feb 11, 2015, 12:02:56 PM (4 years ago)
Author:
harmony
Comment:

sent

Legend:

Unmodified
Added
Removed
Modified
  • TorWeeklyNews/2015/6

    v18 v19  
    55'''Subject:''' Tor Weekly News — February 11th, 2015
    66
    7 {{{
    8 ========================================================================
    9 Tor Weekly News                                      February 11th, 2015
    10 ========================================================================
    11 
    12 Welcome to the sixth issue in 2015 of Tor Weekly News, the weekly
    13 newsletter that covers what’s happening in the community around Tor,
    14 “your online an-onionising software” [1].
    15 
    16   [1]: https://theconversation.com/tor-the-last-bastion-of-online-anonymity-but-is-it-still-secure-after-silk-road-35395
    17 
    18 The 2015 Tor UX Sprint
    19 ----------------------
    20 
    21 Many open-source privacy tools struggle with questions of usability: so
    22 much effort goes into ensuring they are secure that few resources are
    23 left over to work on the user experience. But as Linda Lee and David
    24 Fifield write [2], “usability is critical to security”: user interface
    25 issues “can degrade user experience, cause confusion, or even cause
    26 people to accidentally deanonymize themselves”.
    27 
    28 To explore, and hopefully solve, some of these problems, a group of Tor
    29 developers, designers, users, and researchers met [3] at UC Berkeley at
    30 the start of the month. As part of the weekend, users were asked to walk
    31 through the process of installing and running Tor Browser, noting aloud
    32 their assumptions and reactions as they went.
    33 
    34 Issues and “stopping points” (where users find the process too difficult
    35 to continue) discovered during these sessions were noted, and have been
    36 assigned tickets on Tor’s bug tracker [4]. For more details of the event
    37 and its outcomes, please see Linda and David’s post; “if you are
    38 interested in helping to improve the usability of Tor Browser, get in
    39 touch by email or IRC”.
    40 
    41   [2]: https://blog.torproject.org/blog/ux-sprint-2015-wrapup
    42   [3]: https://trac.torproject.org/projects/tor/wiki/org/meetings/2015UXsprint
    43   [4]: https://trac.torproject.org/projects/tor/query?keywords=~uxsprint2015
    44 
    45 Tor and the Library Freedom Project
    46 -----------------------------------
    47 
    48 As Tor Weekly News reported last September [5], Massachusetts librarian
    49 and activist Alison Macrina has been leading a campaign to educate
    50 colleagues and library patrons on the state of digital surveillance and
    51 the use of privacy-preserving software such as Tor and Tails. As Alison
    52 and April Glaser wrote at the time, “libraries provide access to
    53 information and protect patrons’ right to explore new ideas, no matter
    54 how controversial or subversive” [6].
    55 
    56 These initial workshops formed the basis for the Library Freedom
    57 Project [7], which has just received [8] a grant from the Knight
    58 Foundation to expand its activities beyond the New England region. In a
    59 guest post on the Tor blog [9], Alison introduced the project, the
    60 motivations behind it, and its plans for the next few years, as well as
    61 suggesting some possible areas for collaboration with the Tor community
    62 in the future: “One specific way that librarians can help the Tor
    63 Project is with usability issues – we have lots of experience helping
    64 ordinary users with common usability problems […] Librarians can also
    65 run dev sprints, help update documentation, and generally advocate for
    66 tools that help safeguard privacy and anonymity.”
    67 
    68 For more information on the Library Freedom Project, or to propose your
    69 own ideas, please see the project’s website. Thanks to Alison and
    70 colleagues for this important work!
    71 
    72   [5]: https://lists.torproject.org/pipermail/tor-news/2014-September/000063.html
    73   [6]: http://boingboing.net/2014/09/13/radical-librarianship-how-nin.html
    74   [7]: https://libraryfreedomproject.org/
    75   [8]: http://www.knightfoundation.org/grants/201450256/
    76   [9]: https://blog.torproject.org/blog/guest-post-library-freedom-project-bringing-privacy-and-anonymity-libraries
    77 
    78 Vidalia laid to rest
    79 --------------------
    80 
    81 Now that Vidalia, the graphical user interface for Tor, has been
    82 completely unmaintained ”for too long to be a recommended solution”,
    83 Sebastian Hahn has removed [10] the last links to Vidalia-related
    84 content from the Tor Project website. If you are still using a version
    85 of Tor Browser (outside of Tails) that contains Vidalia, it is almost
    86 certainly too old to be safe, so please upgrade as soon as possible.
    87 
    88 Vidalia is still shipped in the latest version of Tails, however, so the
    89 Tails team has been working [11] on a simple interface [12] to replace
    90 one of the most-missed features of the defunct program, the circuit
    91 visualization window. The Tor Browser team have already implemented a
    92 similar per-site circuit diagram [13] in the current 4.5-alpha series,
    93 so there should soon be no reason at all for users to continue
    94 controlling their Tor through Vidalia.
    95 
    96  [10]: https://lists.torproject.org/pipermail/tor-talk/2015-February/036833.html
    97  [11]: https://mailman.boum.org/pipermail/tails-dev/2015-February/008066.html
    98  [12]: http://git.tails.boum.org/alan/tor-monitor/
    99  [13]: https://bugs.torproject.org/8641
    100 
    101 More monthly status reports for January 2015
    102 --------------------------------------------
    103 
    104 The wave of regular monthly reports from Tor project members for the
    105 month of January continued, with reports from George Kadianakis [14],
    106 Pearl Crescent [15], Michael Schloh von Bennewitz [16], Nick
    107 Mathewson [17], Karsten Loesing [18], and Arlo Breault [19].
    108 
    109 Mike Perry reported on behalf of the Tor Browser team [20], and George
    110 Kadianakis sent out the report for SponsorR [21].
    111 
    112  [14]: https://lists.torproject.org/pipermail/tor-reports/2015-February/000754.html
    113  [15]: https://lists.torproject.org/pipermail/tor-reports/2015-February/000755.html
    114  [16]: https://lists.torproject.org/pipermail/tor-reports/2015-February/000756.html
    115  [17]: https://lists.torproject.org/pipermail/tor-reports/2015-February/000757.html
    116  [18]: https://lists.torproject.org/pipermail/tor-reports/2015-February/000758.html
    117  [19]: https://lists.torproject.org/pipermail/tor-reports/2015-February/000761.html
    118  [20]: https://lists.torproject.org/pipermail/tor-reports/2015-February/000759.html
    119  [21]: https://lists.torproject.org/pipermail/tor-reports/2015-February/000760.html
    120 
    121 Miscellaneous news
    122 ------------------
    123 
    124 George Kadianakis linked [22] to the technical report produced by the
    125 team working on statistics related to the amount of hidden service usage
    126 on the Tor network; Karsten Loesing added [23] some more information
    127 regarding the fraction of network activity this represents. These are
    128 advanced calculations, so if you’re not experienced in data science but
    129 want to know more about this topic, the team will be back shortly with a
    130 more “casual-reader-friendly” analysis of the results.
    131 
    132  [22]: https://lists.torproject.org/pipermail/tor-dev/2015-February/008228.html
    133  [23]: https://lists.torproject.org/pipermail/tor-dev/2015-February/008249.html
    134 
    135 “Fresh off a round of real-world intensive testing and debugging using
    136 spotty 2.5G coverage in the foothills of the Himalayas”, Nathan Freitas
    137 of the ever-intrepid Guardian Project announced [24] the first release
    138 candidate for version 14.1 of ChatSecure, the “most private” messaging
    139 client for Android and iOS, featuring numerous improvements to
    140 usability, stability, and network handling. Please see Nathan’s
    141 announcement for the full changelog.
    142 
    143  [24]: https://lists.mayfirst.org/pipermail/guardian-dev/2015-February/004192.html
    144 
    145 Nathan also shared [25] a “very early” incarnation of PLUTO, “a
    146 simplified means for developers to include traffic obfuscation
    147 capabilities into their applications” with initial support for obfs4 and
    148 meek. “We think many apps could utilize this approach to defeat DPI
    149 filtering, and that this would be useful to offer decoupled from the way
    150 Tor integrates it”.
    151 
    152  [25]: https://lists.mayfirst.org/pipermail/guardian-dev/2015-February/004183.html
    153  
    154 David Fifield posted a tutorial [26] for configuring the meek pluggable
    155 transport to work with hard-to-block HTTPS websites interested in
    156 helping censored Tor users, rather than the large content delivery
    157 networks it currently uses, along with the regular summary [27] of the
    158 costs incurred by meek’s infrastructure last month: “meek has so far
    159 been a smashing success. It’s the #2 pluggable transport behind obfs3
    160 and it moved over 5 TB of traffic last month. But the costs are starting
    161 to get serious.” If you have ideas for supporting this vitally important
    162 anti-censorship tool, please see David’s message for more details.
    163 
    164  [26]: https://lists.torproject.org/pipermail/tor-dev/2015-February/008239.html
    165  [27]: https://lists.torproject.org/pipermail/tor-dev/2015-February/008235.html
    166 
    167 Also in meek news, Across The Great FireWall published [28] a
    168 Chinese-language introduction to the concepts underpinning this
    169 pluggable transport. Other resources (in Chinese and other languages)
    170 are listed on the wiki [29].
    171 
    172  [28]: http://www.atgfw.org/2015/02/torgfwpk1-meektor.html
    173  [29]: https://trac.torproject.org/projects/tor/wiki/doc/meek#Quickstart
    174 
    175 Nick Mathewson took to the Tor blog [30] to explain exactly what Tor
    176 design proposals are for and how they are written, and offered status
    177 updates (and review recommendations) [31] for some new and still-open
    178 proposals.
    179 
    180  [30]: https://blog.torproject.org/blog/tor-design-proposals-how-we-make-changes-our-protocol
    181  [31]: https://gitweb.torproject.org/torspec.git/tree/proposals/proposal-status.txt
    182 
    183 Nick also asked [32] relay operators to contribute their advice to a
    184 relay hardening guide [33] that could be shipped with Tor.
    185 
    186  [32]: https://lists.torproject.org/pipermail/tor-relays/2015-February/006358.html
    187  [33]: https://bugs.torproject.org/13703
    188 
    189 Arturo Filastò asked for help [34] in coming up with a roadmap for the
    190 future of the Open Observatory of Network Interference, asking for
    191 opinions on a range of possible development, deployment, and research
    192 projects. Feel free to let the ooni-dev list know which of the ideas
    193 catches your attention.
    194 
    195  [34]: https://lists.torproject.org/pipermail/ooni-dev/2015-February/000246.html
    196 
    197 After soliciting feedback [35] on including newer pluggable transports
    198 in Tails, the Tails team decided [36] to focus on obfs4 and then
    199 (“tentatively”) meek for upcoming versions of the anonymous live
    200 operating system.
    201 
    202  [35]: https://lists.torproject.org/pipermail/tor-talk/2015-January/036549.html
    203  [36]: https://mailman.boum.org/pipermail/tails-dev/2015-February/008069.html
    204 
    205 Tom “TvdW” van der Woerdt wrote a detailed report [37] on his experience
    206 implementing a Tor client from scratch in the Go programming language,
    207 following Tor’s specification document. One instance of “GoTor” briefly
    208 broke the Tor relay speed record with 250 megabytes/second, but Tom
    209 ultimately decided that Go isn’t the right language for such a thing, as
    210 its library support doesn’t make it easy enough to do. Thanks to Tom for
    211 running the experiment, and catching some specification errors in the
    212 process!
    213 
    214  [37]: http://www.tvdw.eu/blog/2015/01/24/implementing-a-tor-relay-from-scratch/
    215 
    216 Even though Tor Browser is not vulnerable to the recent WebRTC IP attack
    217 proof-of-concept [38], Mike Perry nevertheless invited [39] “interested
    218 parties to try harder to bypass Tor in a stock Firefox using WebRTC and
    219 associated protocols (RTSP, SCTP) with media.peerconnection.enabled set
    220 to false”, before a plan to enable WebRTC-based QRCode bridge address
    221 resolution and sharing in Tor Launcher [40] is implemented.
    222 
    223  [38]: https://github.com/diafygi/webrtc-ips
    224  [39]: https://lists.torproject.org/pipermail/tor-talk/2015-February/036845.html
    225  [40]: https://bugs.torproject.org/14837
    226 
    227 Shadow, the tool by Rob Jansen that allows full Tor network simulation,
    228 now has a new website [41]. As Rob wrote [42]: “The new website still
    229 uses the Jekyll engine, and is a stripped down customized version of the
    230 open source SOLID theme. Please send me feedback if you have it.”
    231 
    232  [41]: https://shadow.github.io
    233  [42]: http://mailman.cs.umn.edu/archives/shadow-dev/2015-February/000081.html
    234 
    235 Jillian York of the EFF discussed [43] the problems of over-reliance on
    236 US government funding — and the dearth of other funding streams — for
    237 anti-surveillance tools, including Tor.
    238 
    239  [43]: http://jilliancyork.com/2015/02/06/there-are-other-funding-options-than-the-usg/
    240 
    241 Seven of the eleven activists arrested last year in Spain for, amongst
    242 other things, having had email accounts with the technical collective
    243 Riseup — longtime Tor allies and operators of one of the directory
    244 authorities [44] — have been released from prison [45]. As Riseup
    245 wrote [46] following the arrests, “security is not a crime”: “Giving up
    246 your basic right to privacy for fear of being flagged as a terrorist is
    247 unacceptable.”
    248 
    249  [44]: https://lists.torproject.org/pipermail/tor-news/2014-November/000073.html
    250  [45]: https://www.accessnow.org/blog/2015/01/20/spain-targets-vulnerable-users-on-eve-of-review-at-un-human-rights-council
    251  [46]: https://help.riseup.net/en/about-us/press/security-not-a-crime
    252 
    253 Easy development tasks to get involved with
    254 -------------------------------------------
    255 
    256 Two problems confronting Mac users who want to download Tor Browser are
    257 the “disk image” format and Apple’s Gatekeeper security system. If these
    258 users try to run Tor Browser directly from the disk image window that
    259 opens after downloading, they will receive an error telling them
    260 “Firefox is already running”, and if they correctly move the program to
    261 the Applications folder, Gatekeeper will prevent them from running it
    262 directly anyway.
    263 
    264 If you have access to a machine running the latest version of Mac OS X,
    265 and want to spend ten minutes making life easier for Tor users, the Tor
    266 Browser download page [47] would benefit from screenshots showing users
    267 how to drag the program to the Applications folder, and how to disable
    268 Gatekeeper by control-clicking on the Tor Browser icon when running for
    269 the first time. Please see the relevant bug ticket [48] for a nice set
    270 of example screenshots; your contribution will be gratefully received!
    271 
    272  [47]: https://www.torproject.org/download/download-easy
    273  [48]: https://bugs.torproject.org/14838
    274 
    275 Upcoming events
    276 ---------------
    277 
    278   Feb 11 13:30 UTC | little-t tor development meeting
    279                    | #tor-dev, irc.oftc.net
    280                    |
    281   Feb 11 16:00 UTC | Pluggable transports meeting
    282                    | #tor-dev, irc.oftc.net
    283                    |
    284   Feb 16 18:00 UTC | Tor Browser online meeting
    285                    | #tor-dev, irc.oftc.net
    286                    |
    287   Feb 16 18:00 UTC | OONI development meeting
    288                    | #ooni, irc.oftc.net
    289                    |
    290   Feb 17 18:00 UTC | little-t tor patch workshop
    291                    | #tor-dev, irc.oftc.net
    292                    |
    293   Mar 01 - 06      | Tor Winter Dev Meeting 2015
    294                    | Valencia, Spain
    295                    | https://trac.torproject.org/projects/tor/wiki/org/meetings/2015WinterDevMeeting
    296                    |
    297   Mar 24 - 25      | Roger and Jake @ RightsCon 2015
    298                    | Manila, Philippines
    299                    | https://www.rightscon.org/manila/
    300 
    301 
    302 This issue of Tor Weekly News has been assembled by Harmony, Roger
    303 Dingledine, Kate Krauss, and David Fifield.
    304 
    305 Want to continue reading TWN? Please help us create this newsletter.
    306 We still need more volunteers to watch the Tor community and report
    307 important news. Please see the project page [49], write down your
    308 name and subscribe to the team mailing list [50] if you want to
    309 get involved!
    310 
    311  [49]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
    312  [50]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
    313 }}}
     7'''Status:''' [https://lists.torproject.org/pipermail/tor-news/2015-February/000084.html Sent].