hidden services

Tor 0.2.2.15-alpha fixes a big bug in hidden service availability, fixes a variety of other bugs that were preventing performance experiments from moving forward, fixes several bothersome memory leaks, and generally closes a lot of smaller bugs that have been filling up trac lately.

https://www.torproject.org/download

Changes in version 0.2.2.15-alpha - 2010-08-18
o Major bugfixes:
- Stop assigning the HSDir flag to relays that disable their
DirPort (and thus will refuse to answer directory requests). This
fix should dramatically improve the reachability of hidden services:
hidden services and hidden service clients pick six HSDir relays
to store and retrieve the hidden service descriptor, and currently
about half of the HSDir relays will refuse to work. Bugfix on
0.2.0.10-alpha; fixes part of bug 1693. read more »

During the past eight months we have been trying pretty hard to improve hidden service performance. This work was part of the project to Speed Up Tor Hidden Services, generously funded by the NLnet Foundation. As of today, we know that we have succeeded in our attempts -- well, or not? read more »

Bug Fixes

Tor 0.2.1.7-alpha (released November 8) fixes a major security problem in Debian and Ubuntu packages (and maybe other packages) noticed by Theo de Raadt, fixes a smaller security flaw that might allow an attacker to access local services, adds better defense against DNS poisoning attacks on exit relays, further improves hidden service performance, and fixes a variety of other issues.
http://archives.seul.org/or/talk/Nov-2008/msg00229.html

Tor 0.2.0.32 (released November 20) fixes a major security problem in Debian and Ubuntu packages (and maybe other packages) noticed by Theo de Raadt, fixes a smaller security flaw that might allow an attacker to access local services, further improves hidden service performance, and fixes a variety of other issues.
http://archives.seul.org/or/announce/Dec-2008/msg00000.html

Vidalia 0.1.10 (released November 2) fixes some presentation bugs and some bugs in the Windows installer. read more »

Aaron and Virgil's tor2web site has been picked up by Wired's 27bstroke6 blog and Ars Technica.

First off, I think it's a neat implementation of allowing non-Tor users access to the realm of .onion, aka hidden services. While I think using the Tor Browser Bundle is incredibly easy, not everyone agrees with me. Neither Tor nor tor2web host any of the hidden service content. We don't know who does, nor who runs the hidden service. This brings me to my next thought. read more »

Tor 0.2.0.32 fixes a major security problem in Debian and Ubuntu packages
(and maybe other packages) noticed by Theo de Raadt, fixes a smaller
security flaw that might allow an attacker to access local services,
further improves hidden service performance, and fixes a variety of
other issues.

https://www.torproject.org/download.html

Or use our new https://www.torproject.org/easy-download page. read more »

Changes in version 0.2.0.32 - 2008-11-20
Security fixes:

• The "User" and "Group" config options did not clear the
  supplementary group entries for the Tor process. The "User" option
  is now more robust, and we now set the groups to the specified
  user's primary group. The "Group" option is now ignored. For more
  detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL
  in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum
  and Steven Murdoch. Bugfix on 0.0.2pre14. Fixes bug 848 and 857.
• The "ClientDNSRejectInternalAddresses" config option wasn't being
  consistently obeyed: if an exit relay refuses a stream because its
  exit policy doesn't allow it, we would remember what IP address
  the relay said the destination address resolves to, even if it's
  an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv.

Major bugfixes:

• Fix a DOS opportunity during the voting signature collection process
  at directory authorities. Spotted by rovv. Bugfix on 0.2.0.x.

Major bugfixes (hidden services):

• When fetching v0 and v2 rendezvous service descriptors in parallel,
  we were failing the whole hidden service request when the v0
  descriptor fetch fails, even if the v2 fetch is still pending and
  might succeed. Similarly, if the last v2 fetch fails, we were
  failing the whole hidden service request even if a v0 fetch is
  still pending. Fixes bug 814. Bugfix on 0.2.0.10-alpha.

We're happy to announce the NLnet Foundation is funding two enhancements for the Tor software and network.

The two projects are summarized below:

• Tor for low-bandwidth clients.

  The Tor anonymity system is currently only usable by internet users who have high-bandwith connections. Upon the start of the Tor client, a large file with all Tor server descriptions is being downloaded. An evolution of the Tor protocol is aimed to reduce the initial download size. The new Tor protocol version shall change the way a client receives the information for its Tor circuit setup in a way, that the initial download can be performed over a slow modem line in less then three minutes.

• Speeding up Hidden Services.

  The Tor anonymity system contains an important function that is called Tor Hidden Services, which allows users to set up anonymous information services, like websites, that can only be accessed through the Tor network and are protected against identification of the host that runs the services. Using these function, critical political and human rights information can be published in a way that protects the publisher and users of the service from repression and identification. The most critical limitation of this function is the time it takes until a Hidden Service is registered in the network and the latency of contact establishment when accessed by a user. The aim of this project is to develop the new protocol which will change the way Tor circuits are set up between the user and the Hidden Service as well as the way a Hidden Service is registered in the Tor network.