[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tor-talk] Tor Weekly News — August 8th, 2015



========================================================================
Tor Weekly News                                         August 8th, 2015
========================================================================

Welcome to the thirtieth issue in 2015 of Tor Weekly News, the weekly
newsletter that covers what’s happening in the Tor community.

Contents
--------

 1. Tor 0.2.7.2-alpha is out
 2. Tor Browser 5.0a4 is out
 3. Random number generation during Tor voting
 4. CameraV (aka InformaCam) is out
 5. Monthly status reports for July month 2015
 6. Miscellaneous news
 7. Upcoming events

Tor 0.2.7.2-alpha is out
------------------------

Nick Mathewson announced [1] the second alpha release in the Tor 0.2.7.x
series. This version includes improvements to the handling of Tor’s
identity keys, which now use the Ed25519 elliptic curve signature
format. It also allows onion service operators to specify a higher
number of introduction points with a special configuration option, if
the service is coming under heavy load, “at the cost of making it more
visible that the hidden service is facing extra load”.

For full details of the many other developments in this release, please
see Nick’s announcement. The source code is available as usual from
Tor’s distribution directory [2].

  [1]: https://blog.torproject.org/blog/tor-0272-alpha-released
  [2]: https://dist.torproject.org

Tor Browser 5.0a4 is out
------------------------

The Tor Browser team put out their fourth alpha release [3] in the 5.0
series of the privacy-preserving anonymous browser. “Most notably, this
release contains an experimental defense against font fingerprinting by
using an identical set of shipped fonts on all supported platforms”,
wrote Georg Koppen. This version also fixes some of the issues created
by the update to Firefox 38ESR, which “brings us very close to a stable
Tor Browser 5.0, which we aim to release next week”.

Get your copy of the new alpha from the project page [4], or via the
incremental updater if you are already using the alpha Tor Browser
series.

  [3]: https://blog.torproject.org/blog/tor-browser-50a4-released
  [4]: https://www.torproject.org/projects/torbrowser.html.en#downloads-alpha

Random number generation during Tor voting
------------------------------------------

One of the weaknesses of the current onion service design is that parts
of it (such as the relays chosen by a service to upload its descriptor)
rely on a list of Tor relays which is generated in a predictable way.
This makes it possible for people with malicious intentions to insert
their bad relays into the list at points of their choosing, in order to
carry out attacks such as denials-of-service (as some researchers proved
earlier this year [5]). A good way of preventing this is to make Tor’s
directory authorities jointly come up with a random number as part of
their regular voting procedure, which is then used by onion services to
choose the directories to which they will upload their descriptor
information, and by clients to find those same directories. It could
also be used by other systems as a shared source of randomness.

George Kadianakis published a draft proposal [6] describing how this
procedure could work. For a period of twelve hours, the directory
authorities send each other a “commitment”, consisting of the hash of a
256-bit value. Once all authorities are aware of the others’
commitments, they then reveal to one another the values they committed
to, for another twelve-hour period. At the end of that time, the
revealed values are checked to see if they correspond to the
commitments, and then they are all used to compute that day’s random
value. This works because although you can use the commitment hash to
verify that the value revealed is the same as the one decided upon
twelve hours ago, you cannot derive the value itself from the
commitment.

Please see the draft proposal in full for discussion of the finer points
of the proposed system, or if you are a fan of ingenious solutions.

  [5]: https://conference.hitb.org/hitbsecconf2015ams/wp-content/uploads/2015/02/D2T2-Filippo-Valsorda-and-George-Tankersly-Non-Hidden-Hidden-Services-Considered-Harmful.pdf
  [6]: https://lists.torproject.org/pipermail/tor-dev/2015-August/009189.html

CameraV (aka InformaCam) is out
-------------------------------

The Guardian Project put out a full release [7] of CameraV (or
InformaCam), a nifty smartphone application that lets you “capture and
share verifiable photos and video proof on a smartphone or tablet, all
the while keeping it entirely secure and private”. It allows you to
prove the authenticity of your photos by using “the built-in sensors in
modern smartphones for tracking movement, light and other environmental
inputs, along with Wi-Fi, Bluetooth, and cellular network information to
capture a snapshot of the environment around you” and bundling this
information into the picture file.

As you would expect, InformaCam is fully compatible with the Guardian
Project’s Tor software offerings for Android, so whether you’re a
citizen journalist or a keen phone photographer who values privacy, take
a look at the CameraV page and try it out for yourself!

  [7]: https://lists.mayfirst.org/pipermail/guardian-dev/2015-July/004466.html

Monthly status reports for July month 2015
------------------------------------------

The wave of regular monthly reports from Tor project members for the
month of July has begun. Pearl Crescent released their report first [8]
(for work on Tor Browser development), followed by reports from David
Goulet [9] (on onion service research and development), Georg
Koppen [10] (working on Tor Browser), Isabela Bagueros [11] (for overall
project management), Karsten Loesing [12] (working on Tor network tools
and organizational tasks), Damian Johnson [13] (on Nyx and stem
development), and Juha Nurmi [14] (on ahmia.fi development).

The students in this year’s Tor Summer of Privacy also sent updates
about their progress. Donncha O’Cearbhaill gave news of the OnionBalance
load-balancing project [15], while Jesse Victors did the same for the
OnioNS DNS-like system [16], Cristobal Leiva for the relay web status
dashboard [17], and Israel Leiva for continuing development of the
GetTor alternative software distributor [18].

Finally, the Tails team published their June report [19], bringing
updates about outreach, infrastructure, funding, and ongoing discussions
relating to the anonymous live operating system.

  [8]: https://lists.torproject.org/pipermail/tor-reports/2015-July/000882.html
  [9]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000883.html
 [10]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000885.html
 [11]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000888.html
 [12]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000890.html
 [13]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000892.html
 [14]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000893.html
 [15]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000884.html
 [16]: https://lists.torproject.org/pipermail/tor-dev/2015-August/009197.html
 [17]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000886.html
 [18]: https://lists.torproject.org/pipermail/tor-reports/2015-August/000887.html
 [19]: https://tails.boum.org/news/report_2015_06

Miscellaneous news
------------------

The participants in the recent onion service hackfest in Washington, DC
published a summary [20] of the exciting progress they made during the
meeting.

 [20]: https://blog.torproject.org/blog/hidden-service-hackfest-arlington-accords

Arturo Filastò announced [21] that an OONI-related hackathon entitled
“ADINA15: A Dive Into Network Anomalies” will be held on October 1-2 in
the Chamber of Deputies at the Italian Parliament in Rome. “This means
that you are all invited…to put your design and data analysis skills to
the test!”

 [21]: https://lists.torproject.org/pipermail/ooni-dev/2015-July/000307.html

David Fifield published the regular summary of costs [22] incurred by
the infrastructure for meek.

 [22]: https://lists.torproject.org/pipermail/tor-dev/2015-August/009213.html

Nathan Freitas explored [23] possible routes to an Android-compatible
version of Ricochet [24], the exciting new privacy-preserving instant
messaging application based on Tor onion services.

 [23]: https://lists.mayfirst.org/pipermail/guardian-dev/2015-August/004470.html
 [24]: https://ricochet.im

Upcoming events
---------------

  Aug 10 09:30 EDT | Roger & others @ 5th USENIX FOCI Workshop / 24th USENIX Security Symposium
                   | Washington, DC, USA
                   | https://blog.torproject.org/events/roger-and-others-foci-usenix-security-dc
                   |
  Aug 10 17:00 UTC | OONI development meeting
                   | #ooni, irc.oftc.net
                   |
  Aug 10 18:00 UTC | Tor Browser meeting
                   | #tor-dev, irc.oftc.net
                   |
  Aug 11 18:00 UTC | little-t tor patch workshop
                   | #tor-dev, irc.oftc.net
                   |
  Aug 12 13:30 UTC | little-t tor development meeting
                   | #tor-dev, irc.oftc.net
                   |
  Aug 12 14:00 UTC | Measurement team meeting
                   | #tor-project, irc.oftc.net
                   |
  Aug 12 19:00 UTC | Tails low-hanging fruit session
                   | #tails-dev, irc.oftc.net
                   | https://mailman.boum.org/pipermail/tails-project/2015-August/000273.html
                   | 
  Aug 19 02:00 UTC | Pluggable transports/bridges meeting
                   | #tor-dev, irc.oftc.net


This issue of Tor Weekly News has been assembled by BitingBird and
Harmony.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [25], write down your
name and subscribe to the team mailing list [26] if you want to
get involved!

 [25]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
 [26]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk