August 2009 Progress Report

New releases

On August 4, we released Tor Browser Bundle 1.2.7. It is updated primarily due to Firefox 3.0.13 with its ssl fixes.

The full changelist is:
1.2.7: Released 2009-08-04

  • update Firefox to 3.0.13
  • add Polish translation
  • update libevent to 1.4.12

On August 19, we released Tor Browser Bundle 1.2.8. The big changes are the inclusion of statically linked openssl dlls to resolve a few geoip lookup and functionality issues with Vidalia, and the upgrade to the new Vidalia 0.2.2.

The full list of updates and fixes:

  • update Torbutton to 1.2.2
  • update Vidalia to 0.2.2
  • compile OpenSSL 0.9.8k with Visual C to make dlls
  • update Pidgin to 2.6.1

On August 3rd, we release Vidalia 0.2.1. This is a major change in the way OS X and Windows bundles are installed, as well as many usability enhancements. This also sets the stage for a plugin-API being developed over the next few months.

The changes are:

  • Add a "Find Bridges Now" button that will attempt to automatically
    download a set of bridge addresses and add them to the list of bridges
    in the Network settings page.
  • Add support for building with Google's Breakpad crash reporting
    library (currently disabled by default).
  • Show or hide the "Who has used my bridge recently?" link along with
    the other bridge-related widgets when the user toggles the relay mode
    in the Network settings page. (Ticket #480)
  • Tolerate bridge addresses that do not specify a port number, since Tor
    now defaults to using port 443 in such cases.
  • Add support for viewing the map as a full screen widget when built
    with KDE Marble support.
  • Compute the salted hash of the control password ourself when starting
    Tor, rather than launching Tor once to hash the password, parsing the
    output, and then again to actually start Tor.
  • Add a signal handler that allows Vidalia to clean up and exit normally
    when it catches a SIGINT or SIGTERM signal. (Ticket #481)
  • If the user chooses to ignore further warnings for a particular port,
    remove it from the WarnPlaintextPorts and RejectPlaintextPorts
    settings immediately. Also remember their preferences and reapply them
    later, even if Tor is unable to writes to its torrc.(Ticket #493)
  • Don't display additional plaintext port warning message boxes until
    the first visible message box is dismissed. (Ticket #493)
  • Renamed the 'make win32-installer' CMake target to 'make dist-win32'
    for consistency with our 'make dist-osx' target.
  • Fix a couple bugs in the WiX-based Windows installer related to building
    a Marble-enabled Vidalia installer.
  • Write the list of source files containing translatable strings to a
    .pro file and supply just the .pro file as an argument to lupdate, rather
    than supplying all of the source file names themselves.

On August 14th, we release Vidalia 0.2.2. It addresses an issue with openssl which causes the geoip lookups to fail on various versions of Windows. It also switches from the Nullsoft Installer to the Microsoft System Installer for better compatibility with Microsoft Windows.
There are now separate Apple OS X builds, one for PowerPC architectures and one for i386 architectures. No more Universal binary bloat to download.
The changes are:

  • When the user clicks "Browse" in the Advanced settings page to locate
    a new torrc, set the initial directory shown in the file dialog to the
    current location of the user's torrc. (Ticket #505)
  • Use 'ditto' to strip the architectures we don't want from the Qt
    frameworks installed into the app bundle with the dist-osx,
    dist-osx-bundle and dist-osx-split-bundle build targets.
  • Fix a bug in the CMakeLists.txt files for ts2po and po2ts that caused
    build errors on Panther for those two tools.
  • Include rebuilt OpenSSL libraries in the Windows packages that are
    built with the static (/MT) version of the Microsoft Visual C++
    Runtime. Otherwise, we would require users to install the MSVC
    Redistributable, which doesn't work for portable installations such as
    the Tor Browser Bundle.
  • Remove the NSIS file for the Vidalia installer since we now ship
    MSI-based installers on Windows.

On August 27th, we released Vidalia 0.2.3. This fixes some more bugs with "Who has used by bridge" functionality and switches to Qt signals for event handling.
The changes are:

  • Create the data directory before trying to copy over the default
    Vidalia configuration file from inside the application bundle on Mac
    OS X. Affects only OS X drag-and-drop installer users without a
    previous Vidalia installation.
  • Change all Tor event handling to use Qt's signals and slots mechanism
    instead of custom QEvent subclasses.
  • Fix another bug that resulted in the "Who has used my bridge?" link
    initially being visible when the user clicks "Setup Relaying" from
    the control panel if they are running a non-bridge relay.
    (Ticket #509, reported by "vrapp")
  • Always hide the "Who has used my bridge?" link when Tor isn't running,
    since clicking it won't return useful information until Tor actually
    is running.

On August 9th, we released Torbutton 1.2.2.
The changes and enhancements are:

  • bugfix: Workaround Firefox Bug 440892 to prevent external apps from
    being launched (and thus bypassing proxy settings) without user
    confirmation. Independently reported by Greg Fleischer and optimist.
  • bugfix: Create a separate "No Proxy For" option and remove the
    string "localhost" from proxy exemptions. Prevents a theoretical
    proxy bypass condition discovered by optimist. Fix based on patch from
    optimist.
  • bugfix: bug 970: Purge undo tab list on Tor toggle.
  • bugfix: bug 1040: Scrub URLs from log level 4 and higher log messages.
    Mac OS writes Firefox console messages to disk by default.
  • bugfix: bug 1033: Fix FoxyProxy conflict that caused some FoxyProxy
    strings to fail to display.
  • misc: bug 1006: Pop up a more specific failure message for pref
    changing errors during Tor toggle.
  • misc: Fix a couple of strict javascript warns on FF3.5
  • misc: Add chrome url protection call to conceal other addons during
    non-Tor usage. Patch by Sebastian Lisken.
  • misc: Remove torbutton log system init message that may have scared some
    paranoids.

Architecture and technical design docs

Update our secure updater, Thandy, to have optional BitTorrent support to distribute load spikes following new releases better. Currently, it uses the mainline BitTorrent libraries that can be installed along with Thandy, but there is also some groundwork to support other BitTorrent libraries later on.

Advocacy and outreach.

Andrew, Jacob, Karsten, Mike, Nick, and Roger attended the Privacy Enhancing Technologies Symposium in Seattle, WA. Details can be found at http://petsymposium.org/2009/. Jacob, Karsten, Mike, and Roger each presented their work on Tor.

Jacob, Karsten, Mike, Roger, and Sebastian attended Hacking at Random 2009 in Vierhouten, Netherlands. Details of the conference can be found at https://wiki.har2009.org/page/Main_Page. Jacob and Roger presented about Tor.

Jacob attended FooCamp 2009. More details can be found at http://foocamp09.wiki.oreilly.com/wiki/index.php/Main_Page. Jacob presented about Tor.

Andrew contacted Tor relay operators that started running a relay between June 12, 2009 and July 13, 2009; ostensibly for the Iranian protest movement. Of the 37 new relays, 13 had gone offline. After contacting the relay operators, 7 of the 13 are back online.

Preconfigured privacy (circumvention) bundles for USB or LiveCD.

On August 4, we released Tor Browser Bundle 1.2.7. It is updated primarily due to Firefox 3.0.13 with its ssl fixes.

The full changelist is:
1.2.7: Released 2009-08-04

  • update Firefox to 3.0.13
  • add Polish translation
  • update libevent to 1.4.12

On August 19, we released Tor Browser Bundle 1.2.8. The big changes are the inclusion of statically linked openssl dlls to resolve a few geoip lookup and functionality issues with Vidalia, and the upgrade to the new Vidalia 0.2.2.

The full list of updates and fixes:

  • update Torbutton to 1.2.2
  • update Vidalia to 0.2.2
  • compile OpenSSL 0.9.8k with Visual C to make dlls
  • update Pidgin to 2.6.1

Jacob and Steve Tyree started work on a portable Tor Browser Bundle for Apple OS X. Jacob started work on a portable Tor Browser Bundle for generic Linux. Both bundles are currently in developer testing, gearing up for an alpha release in September 2009.

Updated TorVM with current packages for torbutton, tor, qemu. Added geoip and pycrypto to TorVM.

Scalability, load balancing, directory overhead, efficiency.

Continued metrics work with torperf and directory request statistics. Update bufferstats report, http://git.torproject.org/checkout/metrics/master/report/buffer/buffers…
Updated circuit window report, http://git.torproject.org/checkout/metrics/master/report/circwindow/cir…

updated statistics on directory requests, http://git.torproject.org/checkout/metrics/master/report/dirarch/

And updated measurements on overall tor network performance, http://git.torproject.org/checkout/metrics/master/report/performance/to…

Continued work on our bandwidth node scanner to provide better extra-info for clients to make better routing decisions.

Added a seventh directory authority run by Jacob Appelbaum.

More reliable (e.g. split) download mechanism.

Christian Fromme started work on our email auto-responder, get-tor, to better handle split downloads via email.

Jon, our mirror volunteer, continued to contact mirrors and update their status accordingly. The net change is zero, but we added a new mirror and removed a stale mirror.

Translation work

Runa, our Google Summer of Code student, finished the project to allow for website content to be translated via the Tor Translation Portal, https://translation.torproject.org/. The conversion tools are now live and Danish and Farsi are the first languages enabled in the Tor Translation Portal for testing.

In August, there were:

8 Russian updates for the website
29 Polish updates for the website
15 Chinese updates for the website
Danish updates for Torbutton
Nederlandish updates for Torbutton

khled.8@hotmai.com

September 21, 2009

Permalink

hi, government has probably blocked tor in iran, do you have any idea how they can block tor, and how can we solve this problem?

khled.8@hotmai.com

September 21, 2009

Permalink

Hi!"geoip.vidalia-project.net:1443"how to become a"geoip.vidalia-project.net:80"? I use TOR 0.2.1.19,now.I can't see "Location".

khled.8@hotmai.com

September 23, 2009

Permalink

Hi, I wonder is it possible to use set tor on region - ex. USA or Europe or such a country ? 'cause is needed to some vortals when see other country there is no opiton to use some function. Anyway What should to do or What to do to run this project.I'm ready to help.

khled.8@hotmai.com

September 24, 2009

Permalink

Ahhh... that would explain why Tor stopped working today. Hm... Unfortunately, China has blocked the downloads page - how can MAC users download the latest version of Tor to hopefully bridge connections or bypass this node block?

khled.8@hotmai.com

September 24, 2009

Permalink

Tor is blocked in China,almost totally. Any one can give some solution? Thanks !

use an tor bridge.. ;-)

the bridge not work Mr.
tor has blocked in Iran
please please please please please please help men

Seems the fingerprint in Tor TLS handshake has been fully analyzed by the GFW people.

China would have to block all SSL for this to work. We've confirmed the GFW is doing simple IP:port blocking at this time.

Hi! Why I can't see the "location" in the Vidalia?(can't see the flag)

Hi. I want to ask you something: why to leave firefox (in tor browser) update itself? why not to deactivate that option in Firefox Portable? why are there other options activated, like google's safebrowsing?
I mean, I want privacy, ok, then why to let google to track me? (Please, read this: http://ha.ckers.org/blog/20090824/google-safe-browsing-and-chrome-priva…). Why do you think I can even trust in google/firefox/whatever? Ok, firefox is FOSS, but safebrowsing is something that, being an informed user, as I am, is not needed.
Please, deactivate all that settings.
Thanks.

The included firefox in the tor browser bundle is set to disable automatic updates when Torbutton is enabled.

As of TBB 1.2.9:

user_pref("browser.safebrowsing.enabled", false);
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.update", false);

These are set automatically.

hi, how can I change server that tor connects to ? I want to have IP from USA is that possible ?

Hi there,

I think this topic came up before, but I cant see an answer to it.
Is it possible to add compression to Tor for all node 2 node comms ?

If not already, this could compress data (plain HTML) 10 times or more, which would relieve traffic on the network and create the illusion of more bandwidth.

For those of using it to browse the net (not so much those pesky p2p people) we could see an instant increase in page load times ?

Tor is a tunnel, it doesn't know anything about the content stream sent into it, therefore we don't have the ability to compress or not. The issue is on the other end, how would this compression work?

Most websites already support gzip compression between the browser and the web server. The compression should be done at the application level before it ever gets into Tor.

Think of Tor like anonymous tcp. tcp/ip doesn't compress your data because it should just transport the data, not modify it.

Thank you phobos for getting back to me.
I appreciate the response.

if you have trouble downloading Tor in China, use a proxy site like vtunnel.com or zend2.com.

2 weeks ago it got more difficult to connect to Vidalia in China. I had to add a bridge from here: https://bridges.torproject.org/ to make it work again. If you cannot enter the bridge url, use one of the above proxy sites.

I'm trying to install Tor with Vidalia on Ubuntu Hardy. The torproject wiki says, "Most users should simply download Vidalia as part of a Tor software bundle", and links to instructions for adding the torproject.org repository.

I have successfully (I think) added that repository in Synaptic, and installed Tor from that repository. But I can't find any indication that Vidalia has been installed along with Tor. And even with the torproject.org repository enabled and the sources updated, "sudo apt-get install vidalia" gets the response, "Couldn't find package vidalia".

Is Vidalia included in the Tor package in your Ubuntu repository?

if so, can you suggest what I did wrong, or should do to make it right to get Vidalia?

If Vidalia isn't in your Ubuntu repository, what is your recommended repository or download location for Vidalia for Ubuntu (hardy)?
,

Please do you know how I could configure bittorrent to work with tor? thanks in advance

No, we don't know. We don't support bittorrent over Tor. Please use another program, perhaps bitblinder, http://www.bitblinder.com/.