Archive

New Tor Cloud images

The Tor Cloud images for all the seven regions have been updated to include the latest cloud image for stable Ubuntu release 12.04.1 LTS (Precise Pangolin). These new images are available on the Tor Cloud website.

The new images include Tor's new GPG key, uses apt-get instead of aptitude, and also includes the deb.torproject.org-keyring package (#6776).

If you are already running a Tor Cloud bridge, you will need to either manually update your image, or set up a new Tor Cloud bridge and terminate the old one. If you decide not to take action, your image will fail to upgrade Tor correctly and will not be running as a bridge. To manually update your image; log on with SSH, and follow the instructions to add the new GPG key, upgrade Tor, and install the deb.torproject.org-keyring package.

Tails 0.13 is out!

Tails 0.13 brings its lot of small but useful improvements and fixes a few security issues.

Download it now.

Changes

Notable user-visible changes include:

  • Use white-list/principle of least privilege approach for local services.
    Only users that need a certain local (i.e. hosted on loopback) service
    (according to our use cases) are granted access to it by our firewall;
    all other users are denied access.
  • Allow to modify language and layout in the "Advanced options" screen
    of the greeter.
  • Enable four workspaces in the Windows XP camouflage. This allows
    users to quickly switch to a more innocent looking workspace in case
    they are working on sensitive data and attract unwanted attention.
    The workspace switcher applet isn't there, though, since there's no
    such thing in Windows XP, so switching is only possible via keyboard
    shortcuts.
  • Claws Mail now saves local/POP emails in its dot-directory by default
    instead of the non-persistent ~/Mail directory. Users who are already
    using persistence for Claws will have to perform this change manually.
  • Add support for wireless regulation.
  • Hide the TailsData partition in desktop applications.
  • Tor
    • Upgrade to 0.2.2.39.
  • Iceweasel
    • Upgrade iceweasel to 10.0.7esr-2 (Extended Support Release).
  • Hardware support
    • Upgrade Linux to 3.2.23-1.
  • Software
    • Upgrade I2P to version 0.9.1.
    • Install GNOME System Monitor.
    • Upgrade WhisperBack to 1.6, with many UI improvements and new translations.
  • Ship a first version of the incremental update system. Updates are not
    currently triggered automatically, but this will allow tests to be done
    on larger scales.

Plus the usual bunch of minor bug reports and improvements.

See the online Changelog for technical details.

Don't hesitate to get in touch with us.

Some thoughts on the CRIME attack

By this point, some people have started to ask me about the Rizzo and Duong's new CRIME attack on TLS.

The short version is the same as with BEAST last year: Tor is not affected. TorBrowser is not affected. Other applications may be affected; please consult your app vendor.

Here's the longer version, in case you're more curious. This is going to assume a little technical background, but not too much. read more »

New bundles (security release)

New Bundles (security release)

All of the available bundles of Tor have been updated for the latest stable Tor 0.2.2.39 release and the 0.2.3.22-rc release. These releases fix a remote crash bug found in Tor and all users and relays are STRONGLY encouraged to update immediately.

https://www.torproject.org/download

Further notes about Tor Browser Bundle updates:

The random port selection has been temporarily disabled in the Linux and Mac OS X alpha bundles. Most of you probably didn't notice any random port selection happpening at all, but if you encounter a problem running a system Tor and your Tor Browser Bundle at the same time, you can switch to the stable bundles for now. The next update should have a fix that allows us to re-enable automatic port selection.

Tor Browser Bundle (2.2.39-1)

  • Update Tor to 0.2.2.39
  • Update NoScript to 2.5.4

Tor Browser Bundle (2.3.22-alpha-1)

  • Update Tor to 0.2.3.22-rc
  • Temporarily use fixed Control and SOCKS ports as a workaround for #6803

www, archive, ns, and rsync +1

Thanks to Debian for providing a fine server capable of providing redundancy for a number of services. This new server is in live rotation for https://archive.torproject.org, https://www.torproject.org, acts as one of our primary DNS servers, and provides rsync for the archive data store. It mirrors 165GB of data hourly. The server is located in Darmstadt, Germany and provides a copy of the services on the European continent.

The addition of a second server allows us to implement some changes to the way we allow others to mirror our data sets. The primary server behind archive.torproject.org is also known as rsync.torproject.org. It now solely serves up rsync.torproject.org. If you have scripts that periodically mirror archive.torproject.org, you probably want to update them for rsync.torproject.org.

Thanks to the Debian Sysadmin Team for the server and hosting!

New Tor Browser Bundles

The stable Tor Browser Bundles have all been updated to the latest Firefox 10.0.07esr release.

https://www.torproject.org/download

Tor Browser Bundle (2.2.38-2)

  • Update Firefox to 10.0.7esr
  • Update Libevent to 2.0.20-stable
  • Update NoScript to 2.5.2
  • Update HTTPS Everywhere to 2.2.1

Wading into social waters

Recently, we've been introduced to two "Tor Project" Facebook Org pages. Neither of which are run by us at Tor, yet. There was also a Google+ page for a while, too. We currently use a few social media methods, such as mailing lists, pgp web of trust, internet relay chat, Identi.ca, and Twitter. Some people are very upset Tor is seemingly supporting Facebook, Google+ and others.

We're expanding into Facebook, Google+, Reddit, and others because our users are asking for it. There are existing Tor communities in many places, and we don't need to formally be at them all. It's great when individuals step up to the challenge and represent Tor in positive ways. However, as people join these communities, they are looking for a real discussion with us. For many people, these platforms are the primary means of communication.

We do have some concerns about social media sites. Let's enumerate these concerns.

  1. Current social media solutions don't respect user privacy, however it's all we have today. With buttons like "+1", "Like", and "Tweet this" strewn about websites, tracking your normal web activity, Tor is at least one solution to help you stop this global tracking. We believe you should be fully in control of your own data and metadata.

  2. The users are currently using these systems in very unsafe ways. We can join the system and set up a presence with details about how to use these systems more safely--or if they cannot be used safely at all. The goal is to educate people.The EFF has an explanation of these risks as well.

  3. We can get our message out to people and have a discussion with them, where they are, even though we don't control the medium and risk getting kicked off the system.

  4. Some are impersonating us now, and not at the quality level we want to see. A bad answer or impression from a fake Tor is worse than no answer at all.

Why don't we write our own?

Writing and deploying our own social media system is beyond the scope of our mission. However, tor can provide an anonymous base for such a system. We have hope for systems like Diaspora, tent, and FreedomBox.

New Stable Tor Browser Bundles

The stable Tor Browser Bundles have all been updated to the latest Tor 0.2.2.38 stable release.

https://www.torproject.org/download

Tor Browser Bundle (2.2.38-1)

  • Update Tor to 0.2.2.38
  • Update NoScript to 2.5
  • Update HTTPS Everywhere to 2.1
Syndicate content