Archive - 2010

Boston Tor Hackers: Join us Sunday September 19th

We're holding a Tor hackfest this Sunday, the 19th. Tor's Chief Architect, Nick Mathewson, will be explaining Tor's goals and what the project has been up to lately, and then we'll pick a few day-sized projects to work on together with his help.

We'll be meeting at 2pm in the new Media Lab building (E14), room 240, thanks to the Center for Future Civic Media at MIT. Since the building is closed on Sundays, please e-mail chris-torfest@printf.net before Sunday to get a phone number to use to be let in. We're hoping to provide pizza and drinks, and we'll finish up and move to Grendel's Den around 9pm.

Map: http://whereis.mit.edu/?go=E14

Please attend if you have some programming experience and are interested in Tor, or are willing to be persuaded to entertain an interest. :) Tor's a small project (in terms of number of developers) that could really use your help.

Please RSVP if you can make it. Hope to see you on Sunday!

Tor Browser Bundle for Mac OS X

Tor Browser Bundle for Mac OS X is now available for the i386 architecture in 11 languages. Snow Leopard users: please read about the known bugs at the bottom of the post.

The Tor Browser Bundle lets you use Tor without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser and is self-contained.

You can download it from the Tor Browser page which also has instructions about how to extract and use it.

The bundle comes with the following software: read more »

Google Chrome Incognito Mode, Tor, and Fingerprinting

A few months back, I posted that we have been in discussion with Mozilla about improving their Private Browsing mode to resist fingerprinting and the network adversary. As I mentioned there, we have also been doing the same thing with Google for Google Chrome. Google has taken the same approach as Firefox for their Incognito mode, which means that it provides little to no protections against a network adversary.

This means that Chrome Incognito mode is not safe to use with Tor. read more »

August 2010 Progress Report

Releases

  • On August 21st we released Tor Browser Bundle 1.0.10 for GNU/Linux. See https://blog.torproject.org/blog/tor-browser-bundle-1010-gnulinux-releas...
  • On August 18, we released Tor 0.2.2.15-alpha. It fixes a big bug in hidden service availability, fixes a variety of other bugs that were preventing performance experiments from moving forward, fixes several bothersome memory leaks, and generally closes a lot of smaller bugs that have been filling up trac lately. See https://blog.torproject.org/blog/tor-02215-alpha-released
  • Released two new versions of Orbot, Tor for Android.

    Version 1.0.2
    - added "check" yes/no dialog prompt
    - debugged iptables/transprox settings on Android 1.6 and 2.2
    - added proxy settings help screen and fixed processSettings() NPE

    Version 1.0.1 read more »

Trip report, NSF data workshop

On Friday (Aug 27), I attended the "Workshop on Cyber Security Data for Experimentation" organized by the National Science Foundation (NSF). The premise of the workshop was that many academics need real-world data sets to solve problems, whereas industry is the place with the real-world data sets and they don't have any real reason to share. By getting the academics and the industry people talking, with government funders nearby, they hoped to better understand the problems and maybe move things forward.

I was there (and on the first panel) because of Tor's work on gathering Tor network snapshots, performance data, and user statistics. Tor's approach represents one way out of the trap where researchers never quite get the data they want, or if they do it isn't open enough (which hinders whether anybody else can reproduce their results). read more »

Trip report, UCSD

On Sunday (8/22) through Wednesday (8/25), I visited the Tor research group at UCSD as part of my ongoing plans to help academic research groups better understand Tor and its research problems. Damon McCoy has a fellowship (postdoc) there for last year and this coming year, and he's brought Kevin Bauer in from UColorado from now until December. They have two systems profs with congestion control background (Stefan Savage and Geoff Voelker) interested in helping them work on Tor and performance.

Kevin is planning to spend the next year on Tor performance work, as the last chapter of his thesis. He's also applied to Ian Goldberg's postdoc position at Waterloo. He seems like a smart and dedicated guy; I'd be excited if Ian picks him.

I spent most of my time walking Damon and Kevin through Tor's current congestion control levels -- explaining what Tor does, as well as what I think is actually resulting from each of these components. Kevin has lots of notes, and if all goes well that will seed the core of a "Why else is Tor slow" whitepaper over the coming months, as a sequel to the original. read more »

Tor 0.2.2.15-alpha released

Tor 0.2.2.15-alpha fixes a big bug in hidden service availability, fixes a variety of other bugs that were preventing performance experiments from moving forward, fixes several bothersome memory leaks, and generally closes a lot of smaller bugs that have been filling up trac lately.

https://www.torproject.org/download

Changes in version 0.2.2.15-alpha - 2010-08-18
o Major bugfixes:
- Stop assigning the HSDir flag to relays that disable their
DirPort (and thus will refuse to answer directory requests). This
fix should dramatically improve the reachability of hidden services:
hidden services and hidden service clients pick six HSDir relays
to store and retrieve the hidden service descriptor, and currently
about half of the HSDir relays will refuse to work. Bugfix on
0.2.0.10-alpha; fixes part of bug 1693. read more »

Tor Browser Bundle 1.0.10 for GNU/Linux released

On August 21st we released Tor Browser Bundle1.0.10 for GNU/Linux. It includes a number of updates, the largest one being a switch to Firefox 3.6.8. The rest are:

  • Update Tor to 0.2.2.15-alpha
  • Update Firefox to 3.6.8 (Mozilla is not doing security and stability updates for 3.5.x after August 2010)
  • Update NoScript to 2.0.2.3
  • Update BetterPrivacy to 1.48.3
  • Update HTTPS Everywhere to 0.2.2
Syndicate content