Tor Weekly News                                      February 15th, 2016

After a few-months-long hiatus, we're back with Tor Weekly News, the
weekly newsletter that covers what's happening in the Tor community.


 1. Tails 2.0 released
 2. Tor Browser 5.5.1, 6.0a1, and 6.0a1-hardened released
 3. Monthly status reports for January 2016
 4. Miscellaneous news
 5. Upcoming events

Tails 2.0 released

This is a major version bump (from 1.8.2) covered previously on the Tor
Blog [1] and on the Tails site [2]. Here's a quick recap of the new
features: it's now based on Debian 8 (from Debian 7), it uses GNOME 3 in
"Classic Mode" (previously GNOME 2) [3], it's got the just-released
Tor Browser 5.5, they've replaced Claws Mail with Icedove, and there's a
fancy new set of installation instructions [4].

Several security issues [5] were found and fixed, so it's important
for existing users to upgrade [6] as soon as possible.

(As of Feb. 15th, the latest patch version is 2.0.1.)


Tor Browser 5.5.1, 6.0a1, and 6.0a1-hardened released

Most users should be following the stable series of Tor Browser, which
recently changed from 5.0.x to 5.5.x. 5.5 replaced 5.0.7 on January
27th [7], and the latest patch version as of Feb 15th is 5.5.2 [8].

The biggest new feature is a set of bundled fonts that prevent an
adversary from fingerprinting you based on your system fonts.

Developers and bug-tolerant users might want to try one of the alpha
versions: 6.0a1 [9] or 6.0a1-hardened [10]. (In case you missed it,
the Tor Browser Team started releasing the hardened series in November
[11].  Firefox is compiled with AddressSanitizer (ASan) [12], and Tor
is compiled with both ASan and Undefined Behaviour Sanitizer (UBSan)
[13].  These insert a lot of run-time safety checks to make memory
corruption bugs harder to exploit, at the cost of increased memory
usage, larger binary distributions, and slower performance.)

All of these new releases are based on Firefox 38.6.0esr, which includes
a few important security fixes [14] to the previous version, so users
should update as soon as possible.


Monthly status reports for December 2015

Tor Project members submitted their monthly reports for December.
Karsten [15] worked on metrics-lib; Leiah [16] worked on the fundraising
campaign graphics; the Tor Browser team [17] worked on six releases;
Isabela [18] worked on organizing the Network team, on contracts, and on
the fundraising campaign; Georg [19] worked on Tor Browser and wrote a
blog post on the reproducible builds workshop in Athens, which he
attended; Damian [20] worked on Nyx; Isis [21] gave a cryptography
lecture in the Netherlands and worked on BridgeDB; George's SponsorR
report [22] and his own report [23] included work on hidden services and
a 32c3 talk about them; David [24] also did hidden services work and
gave the same 32c3 talk; Arturo [25] reports that the OONI team worked
on the Lantern tests and the new API/web-frontend for the collected
reports; and Isabela's SponsorU report [26] includes work on ed25519
keys, DoS resilience, and developer documentation.


Miscellaneous news

Mike Perry added [27] a new proposal to the torspec repository [28].
"In order to properly load balance in the presence of padding and
non-negligible amounts of directory and hidden service traffic, the load
balancing equations in Section 3.8.3 of dir-spec.txt are in need of some


George asked [29] for code review on proposal 250's shared randomness
[30] implementation [31], which will be used in the next-generation
hidden services.


There was a mailing list discussion [32] about the hidden service
changes in proposal 246.


Nick started a discussion [33] about the proposal review system.  There
followed a few meetings about proposals 241, 247, 250, 251 and 259, and
George and Mike posted their notes to the mailing list


Yawning released [38] obfs4proxy-0.0.6. "There aren't many significant
changes, and the internal changes primarily affect the client side
initialization, so those of you that are perfectly content with
obfs4proxy-0.0.5 can continue to use the existing version without


Serence, Arlo, and David released [39] Snowflake [40], a webrtc
pluggable transport inspired by flashproxy.


Nathan announced [41] v15.1.0-RC-4 of Orbot and posted a roadmap [42]
for 2016.


ProPublica set up a hidden service version [43] of their website, and
Mike Tigas has an article [44] on their motivation and technical

 [43]: http://www.propub3r6espa33w.onion/nerds/item/a-more-secure-and-anonymous-propublica-using-tor-hidden-services

George announced [45] the mailing list
[46], for technical discussion about running Tor onion (hidden)


Upcoming events

  Feb 17 13:30 UTC | Network Team Meeting
                   | #tor-dev,
  Feb 18 14:00 UTC | Metrics Team Meeting
                   | #tor-dev,
  Feb 26 - Mar 01  | Tor winter dev meeting 2016
                   | Valencia, Spain
  Mar 01 - Mar 07  | Internet Freedom Festival
                   | Valencia, Spain

This issue of Tor Weekly News has been assembled by jl and teor.

Want to continue reading TWN? Please help us create this newsletter. We
still need more volunteers to watch the Tor community and report
important news. Please see the project page [47], write down your name
and subscribe to the team mailing list [48] if you want to get

Last modified 2 years ago Last modified on Feb 16, 2016, 3:06:43 PM