Archive

New releases

On June 20th we released Tor 0.2.1.16-rc.
On June 21st, we released Tor Browser Bundle 1.2.1.
On June 23rd, we released Tor Browser Bundle 1.2.2.
On June 24th, we released Tor 0.2.0.35-stable. We expect that this release is the last of the 0.2.0.x -stable series, soon to be replaced with the 0.2.1.x series.
On June 30th, we released Vidalia 0.1.14.

Censorship circumvention

Packaged rpms for Red Flag Linux version 6. Red Flag Linux is reported to be the new operating system for all Internet cafe's in China. So far, no one has seen this conversion actually happen, but now we're ready if it does.

Our email autoresponder, gettor , received a number of patches to deal with dkim issues, including finding a dkim bug that prevented yahoo email users from fetching Tor. This bug has been fixed. Additionally, we've whitelisted some domains where we read more »

I'm researching where to host one or two Directory Authorities outside
the US and EU.

It's been suggested to me that Argentina, South Africa, Panama,
Singapore, Malaysia, and Japan are fine locales for a well-connected,
dedicated server. I'm looking for a relatively low end dedicated server
that can transit 2-4 TB a month at relatively cheap prices (say
US$200/mo or less).

If you have experience and contacts at various providers, I'm all ears.

Thanks!

Two weeks ago we posted early measurements about the growth of Tor usage in Iran. Since then we have improved our math, and used more data sources. This work is part of our metrics project, where we're learning about the Tor network to improve its availability and performance while keeping our users safe. read more »

Tor 0.2.0.35 fixes a big bug that was causing Tor relays with dynamic
IP addresses to disappear from the network. It also fixes a rare crash
bug on fast exit relays.

https://www.torproject.org/easy-download

Changes in version 0.2.0.35 - 2009-06-24
Security fix:

• Avoid crashing in the presence of certain malformed descriptors.
  Found by lark, and by automated fuzzing.
• Fix an edge case where a malicious exit relay could convince a
  controller that the client's DNS question resolves to an internal IP
  address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.

Major bugfixes:

• Finally fix the bug where dynamic-IP relays disappear when their
  IP address changes: directory mirrors were mistakenly telling
  them their old address if they asked via begin_dir, so they
  never got an accurate answer about their new address, so they read more »

Tor 0.2.1.16-rc speeds up performance for fast exit relays, and fixes
a bunch of minor bugs.

https://www.torproject.org/download

Changes in version 0.2.1.16-rc - 2009-06-20
Security fixes:

• Fix an edge case where a malicious exit relay could convince a
  controller that the client's DNS question resolves to an internal IP
  address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.

Major performance improvements (on 0.2.0.x):

• Disable and refactor some debugging checks that forced a linear scan
  over the whole server-side DNS cache. These accounted for over 50%
  of CPU time on a relatively busy exit node's gprof profile. Found
  by Jacob.
• Disable some debugging checks that appeared in exit node profile
  data.

Minor features: read more »

• Update to the "June 3 2009" ip-to-country file.

Tor Browser Bundle 1.2.2 is now available. The only change is an update to Pidgin to version 2.5.7. The Pidgin changelog has more information.

In the past few days the Tor network is seeing a lot of new users coming from Iran. At the same time we have heard from many people who want to support the Tor network by setting up more relays and bridges. Now we wanted to know, are these just promises, or did the network really grow? Here are the results: read more »

Tor Browser Bundle 1.2.1 is released. The major changes are:

• changes to Firefox to stop scanning for plugins such as Java, Windows Media, etc. These were disabled by torbutton, but still showed up in Firefox. More work will continue on this task
• Include OpenSSL dll (ssleay32.dll) so we're not relying upon the system ssl dll. This should fix Vidalia errors relating to ssl differences.

The official changelog is:

• Better updates to Firefox to stop scanning for plugins on start
• Update Pidgin to 2.5.6r2
• Update Firefox to 3.0.11
• Include OpenSSL 0.9.8k DLL and stop using the system ssl dll
• Update Tor to 0.2.1.16-rc