Archive

A New Era at the Tor Project

Andrew Lewman, our current Executive Director, is leaving The Tor Project to take a position at an Internet services company. While at Tor, Andrew was passionate about using our tools to help people from diverse backgrounds and points of view benefit from online privacy. We thank Andrew for his contributions and wish him well.

The Board has asked Tor’s Executive Committee to plan the transition. As a member of this committee, I can say that I expect that Tor Project co-founder Roger Dingledine will serve as interim Executive Director while we conduct the search for a permanent replacement.

Although we are sad to see Andrew leave, Tor is entering an exciting period of growth. We are exploring the establishment of Tor Labs and launching new programs like our Tor Summer of Privacy.

Our developers are building the next generation of Internet anonymity tools — and we continue to lead the international discussion on Internet freedom and liberty through our public talks and research.

Thanks to the entire Tor community for your help as we move forward!

--Wendy Seltzer
Member of the Board of Directors of the Tor Project

Tor Browser 4.0.8 is released

A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.

This release contains a fix for the update loop issue present in 4.0.7. It is otherwise identical to that release.

Both 4.0.7 and 4.0.8 contain an update to the included Tor software, to fix two crash bugs in the version of the Tor software included prior to 4.0.7. One crash bug affects only people using the bundled tor binary to run hidden services, and the other crash bug allows a malicious website or Tor exit node to crash the underlying tor client by inducing it to load a resource from a hidden service with a malformed descriptor. These bugs do not allow remote code execution, but because they can be used by arbitrary actors to perform a denial of service, we are issuing a security update to address them.

There will be no corresponding 4.5-alpha release for this fix, to allow us to focus on stabilizing that series for release in ~2 weeks.

Note to MacOS users: This is the last planned release that will run on 32 bit MacOS versions. Users of Mac OS 10.8 (Mountain Lion) and newer versions will be automatically updated to the 64 bit Tor Browser 4.5 when it is stabilized in April, and we expect this transition to be smooth for those users. However, the update process for 10.6 and 10.7 users will unfortunately not be automatic. For more details, see the original end-of-life blog post.

Here is the complete changelog since 4.0.6 (covering 4.0.7 and 4.0.8):

  • All Platforms
    • Bug 15637: Fix update loop due to improper versioning
    • Update Tor to 0.2.5.12
    • Update NoScript to 2.6.9.21

Tor Weekly News — April 8th, 2015

Welcome to the fourteenth issue in 2015 of Tor Weekly News, the weekly newsletter that covers what’s happening in the Tor community.

Tor 0.2.5.12 and 0.2.6.7 are out

Roger Dingledine announced new releases in both the stable and alpha series of the core Tor software. Tor 0.2.5.12 and 0.2.6.7 both contain fixes for two security bugs that could be used either to crash onion services, or clients trying to visit onion services. The releases also make it harder for attackers to overwhelm onion services by launching lots of introductions. For full details, please see the release announcement.

The bugs fixed in these releases are not thought to affect the anonymity of Tor clients or onion services. However, they could be annoying if exploited, so onion service operators should upgrade as soon as possible, while Tor Browser users will be updated with the upcoming Tor Browser stable release.

Tor Summer of Privacy — apply now!

Some of Tor’s most active contributors and projects got their start thanks to Google’s Summer of Code, in which the Tor Project has successfully participated for a number of years. This year, Google have decided to focus on encouraging newer, smaller projects, so rather than miss out on the benefits of this kind of intense coding program, Tor is launching its own Summer of Privacy, as Kate Krauss announced on the Tor blog.

The format is the same as before: students have the opportunity to work on new or existing open-source privacy projects, with financial assistance from the Tor Project and expert guidance from some of the world’s most innovative privacy and security engineers.

If that appeals to you (or someone you know), then see Kate’s announcement and the official TSoP page for more information on the program and how to apply. Applications close on the 17th of this month, so don’t leave it too late!

Should onion services disclose how popular they are?

Even on the non-private web, it is not possible by default to determine how popular a certain website is. Search engines and third-party tracking toolbars might be able to estimate the number of visitors a website gets, but otherwise the information is only available to the site’s operators or to groups who are able to measure DNS requests (as well as anyone in a position to eavesdrop on those two).

On the tor-dev mailing list, George Kadianakis posted a detailed exploration of this issue considered from the perspective of Tor onion services. If improvements and additions to the onion service design would as a side effect give an observer an idea of how popular a certain service is, should this be considered a security risk?

Some of the arguments put forward for the inclusion of popularity-leaking features are that they enable the collection of useful statistics; that they allow further optimization of the onion service design; and that concealing onion service popularity might not be necessary or even possible.

On the other hand, disclosing popularity might help an adversary decide where to aim its attacks; it may not actually offer significant performance or research benefits; and it may surprise onion service users and operators who assume that onionspace popularity is no easier to discover than on the non-private web.

“I still am not 100% decided here, but I lean heavily towards the ‘popularity is private information and we should not reveal it if we can help it’ camp, or maybe in the ‘there needs to be very concrete positive outcomes before even considering leaking popularity’”, writes George. “Hence, my arguments will be obviously biased towards the negatives of leaking popularity. I invite someone from the opposite camp to articulate better arguments for why popularity-hiding is something worth sacrificing.”

Please see George’s analysis for in-depth explanations of all these points and more, and feel free to contribute with your own thoughts.

More monthly status reports for March 2015

The wave of regular monthly reports from Tor project members for the month of March continued, with reports from Georg Koppen (for work on Tor Browser), David Goulet and George Kadianakis (working on onion services), Griffin Boyce (with news on secure software distribution, onion service setup, and Tails), Sherief Alaa (with updates about support and Arabic localization), Leiah Jansen (working on communication and graphic design), Sebastian Hahn (improving testability and fixing website issues), and Sukhbir Singh (for work on TorBirdy and Tor Messenger).

Mike Perry reported on behalf of the Tor Browser team, while George Kadianakis did so for SponsorR work, Israel Leiva for the GetTor project, and Colin C. for the Tor help desk.

Miscellaneous news

Nathan Freitas announced version 15 beta 1 of Orbot, which is “functionality complete”. “The main area for testing is using the Apps VPN mode while switching networks and/or in bad coverage, as well as using it in combination with Meek or Obfs4, for example. Also, the implementation is bit different between Android 4.x and 5.x, so please report any difference you might see there.”

Nathan also shared Amogh Pradeep’s analysis of the network calls made in the latest version of the Firefox for Android source code, “to get our Orfox effort started again”.

This week in Tor history

A year ago this week, Nathan Freitas reported that the number of Orbot users in Turkey had quadrupled in the previous month, after an order by the Turkish government to block access to several popular social media websites led to a surge in Tor connections. This week, the same thing happened (albeit more briefly), leading to another increase in Tor use within Turkey.

The best time to prepare for these censorship events is before they happen — and that includes letting people around you know what they should do to ensure their freedom of expression remains uninterrupted. Show them the Tor animation and Tor brochures, help them install Tor Browser and Orbot, and teach them how to configure their social media applications to connect over Tor. If you make a habit of browsing over Tor, you may not even have to take any notice when things get blocked!


This issue of Tor Weekly News has been assembled by Harmony, nicoo, and Roger Dingledine.

Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing list if you want to get involved!

Tor Browser 4.0.7 is released

Unfortunately, the 4.0.7 release has a bug that makes it think of itself as 4.0.6, causing an update loop. This version mismatch will also cause the incremental update to 4.0.8 to fail to properly apply. The browser will then download the full update at that point, which should succeed, but at the expense of both user delay and wasted Tor network bandwidth.

For this reason, we have decided to pull 4.0.7 from the website at the moment, and instead prepare 4.0.8 as soon as possible.

Thank you for your patience.

Tor 0.2.5.12 and 0.2.6.7 are released

Tor 0.2.5.12 and 0.2.6.7 fix two security issues that could be used by an attacker to crash hidden services, or crash clients visiting hidden services. Hidden services should upgrade as soon as possible; clients should upgrade whenever packages become available.

These releases also contain two simple improvements to make hidden services a bit less vulnerable to denial-of-service attacks.

We also made a Tor 0.2.4.27 release so that Debian stable can easily integrate these fixes.

The Tor Browser team is currently evaluating whether to put out a new Tor Browser stable release with these fixes, or wait until next week for their scheduled next stable release. (The bugs can introduce hassles for users, but we don't currently view them as introducing any threats to anonymity.)

Changes in version 0.2.5.12 - 2015-04-06

  • Major bugfixes (security, hidden service):
    • Fix an issue that would allow a malicious client to trigger an assertion failure and halt a hidden service. Fixes bug 15600; bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
    • Fix a bug that could cause a client to crash with an assertion failure when parsing a malformed hidden service descriptor. Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
  • Minor features (DoS-resistance, hidden service):
    • Introduction points no longer allow multiple INTRODUCE1 cells to arrive on the same circuit. This should make it more expensive for attackers to overwhelm hidden services with introductions. Resolves ticket 15515.

Changes in version 0.2.6.7 - 2015-04-06

  • Major bugfixes (security, hidden service):
    • Fix an issue that would allow a malicious client to trigger an assertion failure and halt a hidden service. Fixes bug 15600; bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
    • Fix a bug that could cause a client to crash with an assertion failure when parsing a malformed hidden service descriptor. Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
  • Minor features (DoS-resistance, hidden service):
    • Introduction points no longer allow multiple INTRODUCE1 cells to arrive on the same circuit. This should make it more expensive for attackers to overwhelm hidden services with introductions. Resolves ticket 15515.
    • Decrease the amount of reattempts that a hidden service performs when its rendezvous circuits fail. This reduces the computational cost for running a hidden service under heavy load. Resolves ticket 11447.

Tor Summer of Privacy--Apply Now!

The Tor Project is launching our first Tor Summer of Privacy! This is a pilot program for students who want to collaborate to develop privacy tools. We participated in Google's groundbreaking Summer of Code from 2007-2014, but we weren't renewed this year (Google is rightly offering new groups this opportunity) so we've decided to start our own program. Many thanks to Tor's individual donors who decided to sponsor the Summer of Privacy. Students only have 10 days to apply--so spread the word!

We feel that working on Tor is rewarding because:

• You will work with a world-class team of developers on an anonymity network that is already protecting millions of people daily--or work on your own, new project.

• We only write free (open source) software. The tools you make won't be locked down or rot on a shelf.

• The work you do could contribute to academic publications — Tor development raises many open questions and interesting problems in the field of anonymity systems http://freehaven.net/anonbib/.

• You can work your own hours wherever you like.

• We are friendly and collaborative.

We are looking for people with great code samples who are self-motivated and able to work independently. We have a thriving and diverse community of interested developers on the IRC channel and mailing lists, and we're eager to work with you, brainstorm about design, and so on, but you need to be able to manage your own time, and you need to already be somewhat familiar with how free software development on the Internet works.

We invite and welcome applications from many different kinds of students who come from many different backgrounds. Don't be shy--apply!

Tor will provide a total stipend of USD $5,500 per accepted student developer.

DEADLINE FOR APPLICATION: We are accepting applications now through April 17th, 2015. Apply soon!

We're always happy to have new contributors, so if you are still planning your summer, please consider spending some time working with us to make Tor better!

Tor Weekly News — April 1st, 2015

Welcome to the thirteenth issue in 2015 of Tor Weekly News, the weekly newsletter that covers what’s happening in the Tor community.

Tor Browser 4.0.6 and 4.5a5 are out

Mike Perry announced two new releases by the Tor Browser team. Tor Browser 4.0.6 contains updates to Firefox, meek, and OpenSSL; it is also the last release planned to run on 32-bit Apple hardware. If you have a 64-bit Mac and are running Mac OS X 10.8, you can expect to be automatically upgraded to Tor Browser 4.5, optimized for your hardware, later this month. If you are running OS X 10.6 or 10.7, however, you will need to update manually once that version of Tor Browser is released, as described in the end-of-life announcement last year.

Tor Browser 4.5a5, meanwhile, includes several exciting security and usability updates. Tor Browser’s windows, when resized, will now “snap” to one of a limited range of sizes, to prevent an adversary from fingerprinting a user based on their unique browser size; the Security Slider now offers information about the features that are disabled at each security level; and Tor circuits remain in use for a longer period, avoiding the errors that can result when websites detect a change in your connection. You can read about all these features and more in Mike’s announcement.

These new releases contain important security updates, and all users should upgrade as soon as possible. As usual, you can get your copy of the new software using the in-browser updater, or from the project page.

Tails 1.3.2 is out

Tails version 1.3.2 was put out on March 31. This release includes updates to key software, fixing numerous security issues. All Tails users must upgrade as soon as possible; see the announcement for download instructions.

Crowdsourcing the future (of onion services)

Onion (or hidden) services are web (or other) services hosted in the Tor network that have anonymity, authentication, and confidentiality built in. As George Kadianakis writes, “anything you can build on the Internet, you can build on hidden services — but they’re better”. A major task for the Tor community in the near future is making these important tools more widely available, and usable by groups who urgently need them, so George took to the Tor blog to solicit ideas for future onion service-related projects that could form the basis for a crowdfunding campaign. “Long story short, we are looking for feedback! What hidden services projects would you like to see us crowdfund? How do you use hidden services; what makes them important to you? How you want to see them evolve?…Also, we are curious about which crowdfunding platforms you prefer and why.”

See the full post for an introduction to onion services, why they matter, why a crowdfunding campaign makes sense, and how to join in with your own ideas.

Spreading the word about Tor with free brochures

Tor advocates play an important role in talking to groups and audiences around the world about the ways Tor and online anonymity can benefit them. Until now, printed materials offering a simple introduction to the basic concepts behind Tor have been hard to come by, so Karsten Loesing announced a set of brochures, aimed at various audiences, that can be freely printed and distributed at Tor talks, tech conferences, public demonstrations, or just for fun. These will continue to receive updates and translations, so stay tuned.

If you don’t have access to printing facilities, you can contact the Tor Project with details of your event and requirements and receive a stack of brochures, possibly in return for a report or other feedback. Spread the word, and feel free to screen the Tor animation in your language while you’re at it!

Monthly status reports for March 2015

The wave of regular monthly reports from Tor project members for the month of March has begun. Damian Johnson released his report first, followed by reports from Tom Ritter, Philipp Winter, Pearl Crescent, Nick Mathewson, Juha Nurmi, and Isabela Bagueros.

Miscellaneous news

Anthony G. Basile announced version 20150322 of tor-ramdisk, the micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. This release includes updates to Tor, busybox, OpenSSL, and the Linux kernel.

George Kadianakis used some newly-discovered bridge statistics to generate visual bandwidth histories, in order “to better understand how much bridges are used”. “Questions and feedback on my methodology are welcome”, writes George. On the other hand, “we should think about the privacy implications of these statistics since they are quite fine-grained (multiple measurements per day) and some bridges don’t have many clients (hence small anonymity set for them)”, so if you have comments on this topic feel free to send them to the thread.

News from Tor StackExchange

Tor’s StackExchange site is currently running a self-evaluation. On the evaluation page you’ll see some questions and answers. Please go through this list and rate those questions. It helps the Q&A site to improve those answers and see where weaknesses are.

User 2313265939 lives in a heavily censored region and wants an OnionPi to connect to the meek-amazon pluggable transport. If you have an answer, please share it with this user.

This week in Tor history

A year ago this week, Tor developers were discussing the possibility of distributing bridge relay addresses via QR code, to avoid tricky copy-pastes and input errors that might cause a failed connection. Today, you can request some bridge lines from BridgeDB and select “Show QR code” to be shown…exactly that. Bridge address QR code recognition will soon make its way into the Orbot stable release, as well, so your simple censorship circumvention is no longer dependent on finicky touchscreen keyboards!


This issue of Tor Weekly News has been assembled by Harmony, Karsten Loesing, qbi, and the Tails team.

Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing list if you want to get involved!

Tor Browser 4.5a5 is released

The Tor Browser team is proud to announce the release of the fifth alpha of the 4.5 series of Tor Browser. The release is available from the extended downloads page and also from our distribution directory.

Tor Browser 4.5a5 is based on Firefox ESR 31.6.0, which features important security updates to Firefox.

We're very excited about the usability and security improvements in this release. On the usability front, we've created a FreeDesktop-compatible launcher wrapper for Linux that can be invoked from either the GUI or the shell, and we also provide Windows users with the ability to add optional Start Menu and Desktop shortcuts. The circuit usage of Tor Browser has also been improved to avoid transitioning to a new circuit for a website while it is in active use.

On the security front, the Security Slider now has full descriptions of the browser behaviors that are changed at each security level. We've also made improvements to our display resolution fingerprinting defenses to automatically resize the browser window to a 200x100 pixel multiple after resize or maximization, and to perform similar resizing for full screen HTML5 video. Finally, the Windows releases are also now signed using the hardware signing token graciously provided to us by DigiCert, so Windows users should no longer be warned about Tor Browser being downloaded from an "unknown publisher".

And those are just the highlights. The complete list of changes since the 4.5a4 release is as follows:

  • All Platforms
    • Update Firefox to 31.6.0esr
    • Update OpenSSL to 1.0.1m
    • Update Tor to 0.2.6.6
    • Update NoScript to 2.6.9.19
    • Update HTTPS-Everywhere to 5.0
    • Update meek to 0.16
    • Update Tor Launcher to 0.2.7.3
      • Bug 13983: Directory search path fix for Tor Messanger+TorBirdy
    • Update Torbutton to 1.9.1.0
      • Bug 9387: "Security Slider 1.0"
        • Include descriptions and tooltip hints for security levels
        • Notify users that the security slider exists
        • Flip slider so that "low" is on the bottom
        • Make use of new SVG and MathML prefs
      • Bug 13766: Set a 10 minute circuit lifespan for non-content requests
      • Bug 15460: Ensure FTP urls use content-window circuit isolation
      • Bug 13650: Clip initial window height to 1000px
      • Bug 14429: Ensure windows can only be resized to 200x100px multiples
      • Bug 15334: Display Cookie Protections menu if disk records are enabled
      • Bug 14324: Show HS circuit in Tor circuit display
      • Bug 15086: Handle RTL text in Tor circuit display
      • Bug 15085: Fix about:tor RTL text alignment problems
      • Bug 10216: Add a pref to disable the local tor control port test
      • Bug 14937: Show meek and flashproxy bridges in tor circuit display
      • Bugs 13891+15207: Fix exceptions/errors in circuit display with bridges
      • Bug 13019: Change locale hiding pref to boolean
      • Bug 7255: Warn users about maximizing windows
      • Bug 14631: Improve profile access error msgs (strings).
    • Pluggable Transport Dependency Updates:
      • Bug 15448: Use golang 1.4.2 for meek and obs4proxy
      • Bug 15265: Switch go.net repo to golang.org/x/net
    • Bug 14937: Hard-code meek and flashproxy node fingerprints
    • Bug 13019: Prevent Javascript from leaking system locale
    • Bug 10280: Improved fix to prevent loading plugins into address space
    • Bug 15406: Only include addons in incremental updates if they actually update
    • Bug 15029: Don't prompt to include missing plugins
    • Bug 12827: Create preference to disable SVG images (for security slider)
    • Bug 13548: Create preference to disable MathML (for security slider)
    • Bug 14631: Improve startup error messages for filesystem permissions issues
    • Bug 15482: Don't allow circuits to change while a site is in use
  • Linux
    • Bug 13375: Create a hybrid GUI/desktop/shell launcher wrapper
    • Bug 12468: Only print/write log messages if launched with --debug
  • Windows
    • Bug 3861: Begin signing Tor Browser for Windows the Windows way
    • Bug 15201: Disable 'runas Administrator' codepaths in updater
    • Bug 14688: Create shortcuts to desktop and start menu by default (optional)
Syndicate content