phobos's blog

Recently, the proposal to create a Registry of Banned Websites and Services was approved. More details can be found at

http://globalvoicesonline.org/2010/01/21/poland-government-approves-prop...

and a letter to the President at: http://polishlinux.org/poland/polish-internet-users-against-the-censorsh...

You should upgrade to Tor 0.2.1.22 or 0.2.2.7-alpha:
https://www.torproject.org/easy-download.html.en

In early January we discovered that two of the seven servers that run directory
authorities were compromised (moria1 and gabelmoo), along with
metrics.torproject.org, a new server we'd recently set up to serve
metrics data and graphs. The three servers have since been reinstalled
with service migrated to other servers.

We made fresh identity keys for the two directory authorities, which is
why you need to upgrade.

Moria also hosted our git repository and svn repository. We took the
services offline as soon as we learned of the breach. It appears the
attackers didn't realize what they broke into -- just that they had
found some servers with lots of bandwidth. The attackers set up some ssh
keys and proceeded to use the three servers for launching other attacks.
We've done some preliminary comparisons, and it looks like git and svn
were not touched in any way. read more »

Over the past few months, a number of exit relay operators have contacted us asking for help with some legal issues encountered while running their relay. While we can't provide legal advice in all jurisdictions, we can frequently find you a next hop in the legal chain to get you the advice or representation you need. Sometimes this advice is free/pro-bono, other times it is not. It's up to the legal organization to decide if they can take your case or refer you to someone else.

Rather than keep a secret list of people willing to help, we're building a public list for operators to contact directly, in their own country. A big thanks to Fred and Gwen at the EFF for helping to start this list and for making introductions. And, of course, a big thanks to the organizations for agreeing to be listed and for offering support to Tor relay operators.

If you'd like to add your name to this list, please let me know.

The current list of legal support organizations by country is: read more »

Over the past month I've been working with a few people from Poland. We are discussing how we can improve the impression of Tor in country. It seems a few people want to make all anonymity and privacy tools illegal; and tor is a well-known scapegoat. Thanks to the efforts of Paweł Wilk for writing a few sane articles about online privacy and Tor in particular.

Sywlia Presley of Global Voices writes up a great overview of the situation at http://globalvoicesonline.org/2010/01/10/poland-discussions-of-tor-and-i.... read more »

Roger recently gave a talk at 26C3 about our experiences with various censorship technologies.

In the aftermath of the Iranian elections in June, and then the late September blockings in China, we've learned a lot about how circumvention tools work in reality for activists in tough situations. I'll give an overview of the Tor architecture, and summarize the variety of people who use it and what security it provides. Then we'll focus on the use of tools like Tor in countries like Iran and China: why anonymity is important for circumvention, why transparency in design and operation is critical for trust, the role of popular media in helping – and harming – the effectiveness of the tools, and tradeoffs between usability and security. After describing Tor's strategy for secure circumvention (what we thought would work), I'll talk about how the arms race actually seems to be going in practice.

The slides of the presentation can be found at the bottom of this post.

We've mirrored the full 700MB video of the presentation at http://media.torproject.org/video/26c3-3554-de-tor_and_censorship_lesson...

On December 31, 2009, I released the latest in the Tor Browser Bundle series, 1.3.0. The version bump from 1.2.10 to 1.3.0 is due to the change to Firefox 3.5.6 (from Firefox 3.0.15).

You can get the latest TBB in 12 languages at https://www.torproject.org/torbrowser/

Torbutton 1.2.4 fixes a number of privacy and anonymity issues with the Firefox 3.5.x code base.

The official changelog is:

- upgrade Firefox to 3.5.6
- update Pidgin to 2.6.4
- update Torbutton to 1.2.4

Feel free to file bugs at
https://bugs.torproject.org/flyspray/index.php?tasks=all&project=4.

The original announcement is at http://archives.seul.org/or/talk/Jan-2010/msg00037.html

Tor 0.2.1.21 fixes an incompatibility with the most recent OpenSSL
library. If you use Tor on Linux / Unix and you're getting SSL
renegotiation errors, upgrading should help. We also recommend an
upgrade if you're an exit relay.

https://www.torproject.org/easy-download

Changes in version 0.2.1.21 - 2009-12-21
Major bugfixes:

• Work around a security feature in OpenSSL 0.9.8l that prevents our
  handshake from working unless we explicitly tell OpenSSL that we
  are using SSL renegotiation safely. We are, of course, but OpenSSL
  0.9.8l won't work unless we say we are.
• Avoid crashing if the client is trying to upload many bytes and the
  circuit gets torn down at the same time, or if the flip side
  happens on the exit relay. Bugfix on 0.2.0.1-alpha; fixes bug 1150.

Minor bugfixes: read more »

• Do not refuse to learn about authority certs and v2 networkstatus
  

New releases, new hires, new funding

Bruce Leidl joins to work on developing Tor in Java. Bruce will write a fully functional Tor in Java in order to provide a solid foundation for other java-based projects; such as Tor on mobile platforms like Maemo and Android.

On November 2nd we released Vidalia 0.2.6. https://blog.torproject.org/blog/vidalia-026-released

On November 20th, we released Tor Browser Bundle 1.2.10. https://blog.torproject.org/blog/tor-browser-bundle-1210-released

On November 19th, we released Tor 0.2.2.6-alpha. https://blog.torproject.org/blog/tor-0226-alpha-released

Design, develop, and implement enhancements that make
Tor a better tool for users in censored countries.

Roger met with his class at KAIST working on bridge deployment strategies. A few teams developed some creative strategies. Roger is continuing to work with the leading teams to further refine their ideas before publishing. read more »