[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tor-talk] Tor Weekly News — July 15th, 2015



========================================================================
Tor Weekly News                                          July 15th, 2015
========================================================================

Welcome to the twenty-eighth issue in 2015 of Tor Weekly News, the
weekly newsletter that covers what’s happening in the Tor community.

Contents
--------

 1. Caspar Bowden
 2. The Tor Project launches its search for a new Executive Director
 3. Tor 0.2.6.10 is out
 4. New onion service-related proposals
 5. ExoneraTor gets an update
 6. The Vegas plan continues to roll out
 7. Miscellaneous news
 8. Upcoming events

Caspar Bowden
-------------

Caspar Bowden, a leading advocate for many years in the field of civil
liberties, and a member of the Tor Project, Inc.’s board of directors,
has died after a short illness. As the Tor Project wrote in a
statement [1], Caspar “was a passionate supporter of universal human
rights, including the right to privacy”: “The world has lost a voice of
tremendous moral courage.”

A Caspar Bowden Legacy Fund [2] has been established “to promote
advocacy for privacy as a universal human right and privacy enhancing
technologies as one means to protect it”, in accordance with Caspar’s
request “that we work to ensure equal protection regardless of
nationality” [3]. If you would like to make a contribution to this fund
in Caspar’s memory, please see the web page for further details.

  [1]: https://twitter.com/torproject/status/619159503397875716
  [2]: http://www0.cs.ucl.ac.uk/staff/G.Danezis/CasparsLegacy_foundation.html
  [3]: https://twitter.com/ioerror/status/619107498197434368

The Tor Project launches its search for a new Executive Director
----------------------------------------------------------------

Following the departure of long-time Executive Director Andrew Lewman
earlier this year, the Tor Project, Inc. has opened [4] a world-wide
search for its new Executive Director. As Wendy Seltzer, a member of the
board of directors, writes: “We have engaged The Wentworth Company to
help us with the search process, and invite the broader Tor community
and friends to share the job posting among your networks. If you are or
know a great leader with a passion for anonymous communication and free
software, please contact Judy Tabak at Wentworth (judytabak@wentco.com,
other contact details in the posting [5]) for more information or to be
considered for the job.”

  [4]: https://blog.torproject.org/blog/tor-project-launches-world-wide-search-new-executive-director
  [5]: http://data01.wentco.com/openreq/Requisition.aspx?ReqID=67528129

Tor 0.2.6.10 is out
-------------------

Nick Mathewson put out a new release [6] in the current Tor stable
series. Version 0.2.6.10 contains a fix for a regression [7] introduced
in 0.2.6.3-alpha that made it difficult for clients to access onion
services under certain circumstances — for example, if a hidden service
restarts after a client connects, the same client would have been unable
to connect again until the next hour. This version also “bulletproofs
the cryptography init process, and fixes a bug when using the sandbox
code with some older versions of Linux”.

“Everyone running an older version, especially an older version of
0.2.6, should upgrade”, writes Nick. Source code is downloadable from
the distribution directory [8]; packages will become available as their
packagers package them.

  [6]: https://blog.torproject.org/blog/tor-02610-released
  [7]: https://bugs.torproject.org/16381
  [8]: https://dist.torproject.org/

New onion service-related proposals
-----------------------------------

A gathering of experts in Tor onion service research and development
resulted (among other things) in two new Tor proposals for improving the
anonymity and efficiency of services hosted inside the Tor network.

John Brooks and George Kadianakis expanded [9] John’s earlier suggestion
that the roles of “hidden service directory” and “introduction point”
could be merged [10] in the next generation of onion services, into what
is now proposal 246 [11]. This innovation would simplify the relevant
code, reduce load on the network, and limit the number of relays that
can observe the service’s activity or serve as a fingerprint for an
observer.

George also wrote up draft proposal 247 [12], which tries to prevent
“guard discovery attacks” (where an adversary is able to work out which
Tor relay is being contacted directly by the target client, thereby
allowing them to attack that relay itself and deanonymize the client) by
making the attack significantly more costly to perform, using
“vanguards”.  By enabling a Tor configuration option, the service
operator could pin the second and third hops (the “vanguards” in
question) of their circuits for a longer period. A would-be attacker is
then forced to carry out “a Sybil attack and two coercion attacks”
before succeeding, as opposed to the current situation “where the Sybil
attack is trivial to pull off, and only a single coercion attack is
required”. “I consider this issue very important and any feedback is
greatly appreciated”, wrote George.

This is privacy development at the most advanced level, and the waters
are very much uncharted: there may be major design flaws, improvements,
and counter-arguments lurking up ahead. If this is an area in which you
feel you have a contribution to make, by all means take a look at the
proposals, and then pitch in on the tor-dev mailing list [13]!

  [9]: https://lists.torproject.org/pipermail/tor-dev/2015-July/009079.html
 [10]: https://lists.torproject.org/pipermail/tor-dev/2015-April/008743.html
 [11]: https://gitweb.torproject.org/torspec.git/tree/proposals/246-merge-hsdir-and-intro.txt
 [12]: https://gitweb.torproject.org/torspec.git/tree/proposals/247-hs-guard-discovery.txt
 [13]: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

ExoneraTor gets an update
-------------------------

The ExoneraTor service [14] lets you use historical Tor network data to
quickly determine whether or not a particular IP address was being used
by a public Tor relay on a given date. This is useful if, for example,
you’re the administrator of a web service that received malicious
traffic on that date, and you want to find out if the IP address will be
useful to your investigation of the problem.

After much discussion and feedback on the tor-relays list [15], Karsten
Loesing and Julius Mittenzwei have updated [16] ExoneraTor to offer a
simpler, more intuitive service without unnecessary details that might
confuse a non-specialist. Searches are now restricted to full days,
rather than precise timestamps, to avoid most issues relating to
timezone differences (ExoneraTor’s results are given in UTC, and
searchers might forget to make adjustments for their local timezone);
the form allowing searchers to check whether a relay permitted exit
traffic to a target address and port has been replaced by an “Exit”
column indicating whether or not any exit traffic was allowed by that
relay, again for the sake of simplicity; and the overall look of the
service has been streamlined, with clearer, non-technical explanations
of Tor and Exonerator, and a translation into German (with more
languages planned).

“Please give it a try, including the tricky edge cases where you expect
it to break”, wrote Karsten. “And if you have any further feedback,”
please send it to the tor-relays mailing list.

 [14]: https://exonerator.torproject.org/
 [15]: https://lists.torproject.org/pipermail/tor-relays/2015-July/007287.html
 [16]: https://lists.torproject.org/pipermail/tor-relays/2015-July/007374.html

The Vegas plan continues to roll out
------------------------------------

The “Vegas plan” — a reorganization of Tor’s active contributors into a
more focused team-based structure, named after the fair city in which it
was developed — continues to roll out, with the Measurement, Community,
Networks, and Applications teams holding their first or second IRC
meetings this week. Isabela Bagueros, Tor’s project manager, writes:
“Keep an eye out for teams’ updates, and for things that can be done
better; feedback will be key for making this successful, and that is why
we will have a check-in during our next dev meeting. So follow up,
participate, bring feedback!”

If you aren’t already working with one of the new teams, and feel you
should be, please check in on IRC or the mailing lists, and someone will
help direct you to the right place.

Miscellaneous news
------------------

The upcoming IETF Meeting in Prague [17] will have a DNS Operations
meeting on 20th July [18] that will discuss both the draft proposal [19]
to reserve .onion as a special-use domain suffix (about which Tor Weekly
News has written before [20]), and other proposals for related projects
like I2P and Gnunet. If you're going to Prague, consider attending this
meeting and humming in support of reserving .onion and these other
domains!

 [17]: https://www.ietf.org/meeting/93/index.html
 [18]: https://datatracker.ietf.org/meeting/93/agenda/dnsop/
 [19]: https://datatracker.ietf.org/doc/draft-ietf-dnsop-onion-tld/
 [20]: https://lists.torproject.org/pipermail/tor-news/2015-May/000098.html

After a hiatus in activity on the tor-mirrors list, Sebastian Hahn
updated [21] the file used to build the directory of mirrors on the Tor
Project website [22] with changes made in the last few months. “If you
notice any unexpected entries or think you should be on the list but
aren’t, I’ll check what the problem is.”

 [21]: https://lists.torproject.org/pipermail/tor-mirrors/2015-July/000911.html
 [22]: https://www.torproject.org/getinvolved/mirrors

Upcoming events
---------------

  Jul 15 14:00 UTC | Measurement team meeting
                   | #tor-project, irc.oftc.net
                   |
  Jul 20 17:00 UTC | OONI development meeting
                   | #ooni, irc.oftc.net
                   |
  Jul 20 18:00 UTC | Tor Browser meeting
                   | #tor-dev, irc.oftc.net
                   |
  Jul 21 18:00 UTC | little-t tor patch workshop
                   | #tor-dev, irc.oftc.net
                   |
  Jul 22 02:00 UTC | Pluggable transports/bridges meeting
                   | #tor-dev, irc.oftc.net
                   |
  Jul 22 13:30 UTC | little-t tor development meeting
                   | #tor-dev, irc.oftc.net
                   |
  Aug 03 19:00 UTC | Tails contributors meeting
                   | #tails-dev, irc.oftc.net
                   | https://mailman.boum.org/pipermail/tails-project/2015-July/000264.html


This issue of Tor Weekly News has been assembled by Karsten Loesing, Tom
Ritter, Wendy Seltzer, Isabela Bagueros, nicoo, and Harmony.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [23], write down your
name and subscribe to the team mailing list [24] if you want to
get involved!

 [23]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
 [24]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk