phobos's blog

We keep hearing from people around the world that clicking the 3 buttons to turn yourself into a bridge is too difficult todo for most users. These people have repeatedly asked for a "bridge by default" configuration in a package. Here it is: http://archive.torproject.org/tor-package-archive/technology-preview/

When you install and run this package, you are a bridge relay helping censored users around the world access Tor and the uncensored Internet.
To understand more about bridges, read https://www.torproject.org/bridges.

This is the installable Vidalia bundle configured to be a bridge by default. This is Tor 0.2.2.13-alpha, Vidalia 0.2.9, Polipo 1.0.4.1. The only difference between this bridge-bundle and the vidalia-bundle is the bridge configuration. read more »

Recently, a few articles have been published regarding Tor, Wikileaks, and snooping data coming out of the Tor network. I write to remind our users, and people in search of privacy enhancing technology, that good software is just one part of the solution. Education is just as important. This is why there is a warning on the Tor download page about what Tor does and does not do. We also have a FAQ entry about this topic. Any plaintext communication over the Internet is open to intercept. This is true if the transport mechanism is email, http, tor, or carrier pigeons. Tor does not magically encrypt the Internet from end to end. Tor does wrap your traffic in encrypted layers as it transports it through the Tor network. read more »

On May 26, Tor Browser Bundle for Microsoft Windows is updated to include the newer Vidalia 0.2.9. This fixes some issues with character set handling, and adds Vietnamese as a new language.

On May 31, we released Tor Browser Bundle for Linux 1.0.6. It contains the following updates:

• Add arch to tarball name so there's no collision
• Add libpng for Arch Linux
• Add HTTPS Everywhere extension
• Update Qt to 4.6.2
• Update Vidalia to 0.2.9
• Update NoScript to 1.9.9.80

On June 1st, we released Tor Browser Bundle for Linux 1.0.7. It uses an older glibc for better compatibility with older linux distributions.

On May 20, we released Vidalia 0.2.9. Fixes include Qt 4.6.2 compatibility, new cert, and some new translations.

You can download it at https://www.torproject.org/vidalia/. Packages are slowly being updated to include this version of Vidalia.

The full changelog is: read more »

• Remove the GoDaddy CA certificate bundle since we changed the certificate used to authenticate connections to geoips.vidalia-project.net for downloading GeoIP information from a commercial GoDaddy certificate to a free CACert certificate.
• Define -D_WIN32_WINNT=0x0501 on Windows builds so that MiniUPnPc will build with the latest versions of MinGW.
• Modify miniupnpc.c from MiniUPnPc's source so that it will build on Mac OS X 10.4.
• Work around Qt's new behavior for the QT_WA macro so that Vidalia will
  work correctly again on Windows with Qt >= 4.6.

New releases

• On April 24, we released Tor 0.2.2.13-alpha. This version addresses the recent connection and memory overload problems we’ve been seeing on relays, especially relays with their DirPort open. If your relay has been crashing, or you turned it off because it used too many resources, give this release a try.

  o Major bugfixes:
  - Teach relays to defend themselves from connection overload. Relays
  now close idle circuits early if it looks like they were intended
  for directory fetches. Relays are also more aggressive about closing
  TLS connections that have no circuits on them. Such circuits are
  unlikely to be re-used, and tens of thousands of them were piling
  up at the fast relays, causing the relays to run out of sockets
  and memory. Bugfix on 0.2.0.22-rc (where clients started tunneling
  their directory fetches over TLS).

  o Minor features: read more »

Over the past 18 months someone has been mailing fake checks from us to individuals all over the United States. The text of the letter one receives is:

From: Merchant & Bryce, Partners in Finance.
To: victim

Congratulations! We are pleased to inform you that you are one of the 26 declared lucky winners of our 2009 Dreams Sweepstakes(tm) held on [pick a date] in the 2nd category. A ticket with serial numbers [make up some numbers] attached to your name drew the lucky winning numbers [make up some numbers]. read more »

Tor 0.2.2.12-alpha fixes a critical bug in how directory authorities
handle and vote on descriptors. It was causing relays to drop out of
the consensus.

Tor 0.2.2.11-alpha fixes yet another instance of broken OpenSSL libraries
that was causing some relays to drop out of the consensus.

(Windows bundles will be available whenever Andrew gets around to making
them; we're trying to stick to a policy of announcing alphas on time
rather than waiting for every package.)

https://www.torproject.org/download.html.en

Original announcement is at http://archives.seul.org/or/talk/Apr-2010/msg00174.html

Changes in version 0.2.2.12-alpha - 2010-04-20
o Major bugfixes:
- Many relays have been falling out of the consensus lately because
not enough authorities know about their descriptor for them to get
a majority of votes. When we deprecated the v2 directory protocol,
we got rid of the only way that v3 authorities can hear from each read more »

New Releases
On March 7th, we released the latest in the -alpha series, Tor 0.2.2.10-alpha. Tor 0.2.2.10-alpha fixes a regression introduced in 0.2.2.9-alpha that could prevent relays from guessing their IP address correctly. It also starts the groundwork for another client-side performance boost, since currently we're not making efficient use of relays that have both the Guard flag and the Exit flag.

o Major bugfixes:
- Fix a regression from our patch for bug 1244 that caused relays
to guess their IP address incorrectly if they didn't set Address
in their torrc and/or their address fails to resolve. Bugfix on
0.2.2.9-alpha; fixes bug 1269.

o Major features (performance):
- Directory authorities now compute consensus weightings that instruct
clients how to weight relays flagged as Guard, Exit, Guard+Exit,
and no flag. Clients that use these weightings will distribute read more »