hidden services

Improvements on Hidden Service Performance -- or not?

Posted January 15th, 2009 by karsten
in

During the past eight months we have been trying pretty hard to improve hidden service performance. This work was part of the project to Speed Up Tor Hidden Services, generously funded by the NLnet Foundation. As of today, we know that we have succeeded in our attempts -- well, or not? read more »

November 2008 Progress Report

Posted December 24th, 2008 by phobos
in

Bug Fixes

Tor 0.2.1.7-alpha (released November 8) fixes a major security problem in Debian and Ubuntu packages (and maybe other packages) noticed by Theo de Raadt, fixes a smaller security flaw that might allow an attacker to access local services, adds better defense against DNS poisoning attacks on exit relays, further improves hidden service performance, and fixes a variety of other issues.
http://archives.seul.org/or/talk/Nov-2008/msg00229.html

Tor 0.2.0.32 (released November 20) fixes a major security problem in Debian and Ubuntu packages (and maybe other packages) noticed by Theo de Raadt, fixes a smaller security flaw that might allow an attacker to access local services, further improves hidden service performance, and fixes a variety of other issues.
http://archives.seul.org/or/announce/Dec-2008/msg00000.html

Vidalia 0.1.10 (released November 2) fixes some presentation bugs and some bugs in the Windows installer. read more »

Quick thoughts on tor2web

Posted December 15th, 2008 by phobos
in

Aaron and Virgil's tor2web site has been picked up by Wired's 27bstroke6 blog and Ars Technica.

First off, I think it's a neat implementation of allowing non-Tor users access to the realm of .onion, aka hidden services. While I think using the Tor Browser Bundle is incredibly easy, not everyone agrees with me. Neither Tor nor tor2web host any of the hidden service content. We don't know who does, nor who runs the hidden service. This brings me to my next thought. read more »

Tor 0.2.0.32 Released

Posted December 4th, 2008 by phobos
in

Tor 0.2.0.32 fixes a major security problem in Debian and Ubuntu packages
(and maybe other packages) noticed by Theo de Raadt, fixes a smaller
security flaw that might allow an attacker to access local services,
further improves hidden service performance, and fixes a variety of
other issues.

https://www.torproject.org/download.html

Or use our new https://www.torproject.org/easy-download page. read more »

Changes in version 0.2.0.32 - 2008-11-20
Security fixes:

  • The "User" and "Group" config options did not clear the
    supplementary group entries for the Tor process. The "User" option
    is now more robust, and we now set the groups to the specified
    user's primary group. The "Group" option is now ignored. For more
    detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL
    in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum
    and Steven Murdoch. Bugfix on 0.0.2pre14. Fixes bug 848 and 857.
  • The "ClientDNSRejectInternalAddresses" config option wasn't being
    consistently obeyed: if an exit relay refuses a stream because its
    exit policy doesn't allow it, we would remember what IP address
    the relay said the destination address resolves to, even if it's
    an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv.

Major bugfixes:

  • Fix a DOS opportunity during the voting signature collection process
    at directory authorities. Spotted by rovv. Bugfix on 0.2.0.x.

Major bugfixes (hidden services):

  • When fetching v0 and v2 rendezvous service descriptors in parallel,
    we were failing the whole hidden service request when the v0
    descriptor fetch fails, even if the v2 fetch is still pending and
    might succeed. Similarly, if the last v2 fetch fails, we were
    failing the whole hidden service request even if a v0 fetch is
    still pending. Fixes bug 814. Bugfix on 0.2.0.10-alpha.

The NLnet Foundation funds two projects

Posted June 6th, 2008 by phobos
in

We're happy to announce the NLnet Foundation is funding two enhancements for the Tor software and network.

The two projects are summarized below:

  • Tor for low-bandwidth clients.

    The Tor anonymity system is currently only usable by internet users who have high-bandwith connections. Upon the start of the Tor client, a large file with all Tor server descriptions is being downloaded. An evolution of the Tor protocol is aimed to reduce the initial download size. The new Tor protocol version shall change the way a client receives the information for its Tor circuit setup in a way, that the initial download can be performed over a slow modem line in less then three minutes.

  • Speeding up Hidden Services.

    The Tor anonymity system contains an important function that is called Tor Hidden Services, which allows users to set up anonymous information services, like websites, that can only be accessed through the Tor network and are protected against identification of the host that runs the services. Using these function, critical political and human rights information can be published in a way that protects the publisher and users of the service from repression and identification. The most critical limitation of this function is the time it takes until a Hidden Service is registered in the network and the latency of contact establishment when accessed by a user. The aim of this project is to develop the new protocol which will change the way Tor circuits are set up between the user and the Hidden Service as well as the way a Hidden Service is registered in the Tor network.

Syndicate content