February 2008 Progress Report

Tor (released Feb 24) is the first release candidate for the 0.2.0 series. It makes more progress towards normalizing Tor's TLS handshake, makes hidden services work better again, helps relays bootstrap if they don't know their IP address, adds optional support for linking in openbsd's allocator or tcmalloc, allows really fast relays to scale past 15000 sockets, and fixes a bunch of minor bugs reported by Veracode.

Tor (released Feb 9) makes more progress towards normalizing Tor's TLS handshake, makes path selection for relays more secure and IP address guessing more robust, and generally fixes a lot of bugs in preparation for calling the 0.2.0 branch stable.

Torbutton 1.1.13 (released Feb 1), 1.1.14 (released Feb 24), and 1.1.15 (released Feb 26) fix many more potential privacy and identity leaks, mostly based on exploits found by Greg Fleischer. They also add support for automatic updates via the usual Firefox extension upgrade approach.

Work continued toward the upcoming Vidalia 0.1.0 release (which came out March 1): support for launching Firefox and Polipo as supporting applications; support for learning from Tor when the first circuit is ready so it can inform the user; and many other bugfixes including a few security fixes.

The Tor release contained many security-related cleanups based on an anonymously submitted code review from a static analysis tool. The Tor release contained even more security-related cleanups, based on an external security analysis and audit by Veracode. Hopefully cleanups at this stage will reduce the number of times we need to push out an urgent new stable "0.2.0" release for security reasons. read more »

Isaac Mao elected as one of our new directors

In Tor's annual board meeting in January, we added Isaac Mao to our board of directors. Isaac is a well-known blogger, especially among the Chinese blogging community, and adding him is the first part of our push to make the Tor board (and The Tor Project in general) more international in scope and awareness.

Isaac will take over Rebecca McKinnon's spot on the board, though Rebecca is planning to stick around and continue helping with advice about how to interact with the media and Tor's role in society, especially in Asia. Isaac has a lot of ideas about how to make Tor easier to use and how to get the word out to all the different groups that need it. We're looking forward to working with him!

January 2008 Progress Report

Tor (released Jan 25) adds a sixth v3 directory authority run by CCC, fixes a big memory leak in, and adds new config options that can warn or reject connections to ports generally associated with vulnerable-plaintext protocols.

Tor and (released Jan 17) add a fifth v3 directory authority run by Karsten Loesing, and generally clean up a lot of features and minor bugs.

Tor (released Jan 17) fixes a huge memory leak on exit relays, makes the default exit policy a little bit more conservative so it's safer to run an exit relay on a home system, and fixes a variety of smaller issues.

We continued work on the "BridgeDB" module: major progress on January was to improve robustness of the email subsystem so it is better at detecting forged mails that claim to be from gmail but are actually from elsewhere.

Work continued toward the upcoming Torbutton 1.1.13 release (which came out Feb 1). This new release has several significant security-related fixes:

Work continued toward the upcoming Vidalia 0.1.0 release: support for launching Firefox and Polipo as supporting applications; support for learning from Tor when the first circuit is ready so it can inform the user; and many other bugfixes including a few security fixes:

We added a "How do I find a bridge?" link and corresponding help text to Vidalia's 'Network' settings page.

From the Tor ChangeLog:
“Do not try to download missing certificates until we have tried to check our fallback consensus.” This change gets us closer to being able to bootstrap without ever needing to contact the central directory authorities. read more »

Media coverage of "Covert channel vulnerabilities in anonymity systems"

Over the past few days there has been some coverage of my PhD thesis, and its relationship to Tor, on blogs and online news sites. It seems like this wave started with a column by Russ Cooper, which triggered articles in PC World and Dark Reading. The media attention came as a bit of a surprise to me, since nobody asked to interview me over this. I'd encourage other journalists writing about Tor to contact someone from the project as we're happy to help give some context.

My thesis is a fairly diverse collection of work, but the articles emphasize the impact of the attacks I discuss on users of anonymity networks like Tor. Actually, my thesis doesn't aim to show that Tor is insecure; the reason I selected Tor as a test case was that it's one of the few (and by far the largest) low-latency system that aims to stand up to observation. Other, simpler, systems have comparatively well understood weaknesses, and so there is less value in researching them.

Quantifying the security of anonymity systems is a difficult question and still being actively worked on. Comparing different systems is even harder since they make different assumptions on the capabilities of attackers (the “threat model”). The mere chance of attacks doesn't indicate that a system is insecure, since they might make assumptions about the environment that are not met, or are insufficiently reliable for the scenario being considered.

The actual goal of my thesis was try to better understand the strengths and weaknesses of systems like Tor, but more importantly to also to suggest a more general methodology for discovering, and resolving flaws. I proposed that the work from the well-established field of covert channels could be usefully applied, and used examples, including Tor, to justify this.

There remains much work to be done before it's possible to be sure how secure anonymity systems are, but hopefully this framework will be a useful one in moving forward. Since in September 2007 I joined the Tor project, I hope I'll also help in other ways too.

Tor meetup in San Francisco, 7pm this Thursday


Hi, folks! I'm in the San Francisco area for the week, so I thought it would be good to have an impromptu meetup for Tor users, operators, and enthusiasts. So if that's you, and if you're in town, and you'd like to chat, hang out, or whatever, stop on by. I'll try to hang around for a couple of hours at least.
When: 7pm, Thursday.
Where: the Sugarlump Coffee Lounge, at 2862 24th St, at Bryant.
I hope you can make it!

Vidalia bundle, OSX and Qt bugs

It appears Qt-4.3.3 has a bug that is causing Vidalia to crash when the list of Tor nodes refreshes and is sorted. The current and bundles for OSX are built against Qt-4.3.3.

I've downgraded the build hosts to Qt-4.3.2. The rebuilt OSX vidalia-bundle packages for both and are available as:

These bundles contain Vidalia compiled with Qt-4.3.2. This makes Vidalia happy again.

24C3 talk

I'm back from the 24C3 congress in Berlin. My talk went well (video, slides).

Basically I gave an overview of some of the big technical things we did in 2007, some of the policy/legal issues that we're tackling, and some of the technical things that need to come next. The focus was on Germany, so it included some discussion of the upcoming data retention problems, and of the general issue with police in Germany seizing servers.


Welcome to the official Tor Project blog. We post a few times a month to discuss topics such as Tor development, recent press, and other related memes.

Syndicate content Syndicate content