Jacob Appelbaum joins us to help out with:
- developing a translation portal. This should help us find translators
and make their updates easier.
- coordinating the Tor translation team and getting parts that need
- helping to better document Tor for non-technical users.
- writing an auto-responder to use Google's gmail to deliver Tor to
users who request it
- helping to get auto-updating for Tor and Vidalia working seamlessly
- maintaining the code that runs the tor exitlist
- generally advocating Tor
Matt Edman joins the Tor Project. Matt joins to help us enhance Tor's
interactions with Vidalia. Specifically, he's working on:
- integrating upnp libraries into vidalia to make it easier to setup servers
- displaying Tor's startup status more visually in Vidalia to help users
understand what's going on as Tor starts
- assist with making translating Vidalia's interface and help files
easier for translators
- helping to flesh out proposals in queue on or-dev
- helping to get auto-updating or Tor and Vidalia working seamlessly
- tackling the "matt" section of the TODO file.
Welcome Jacob and Matt!
Tor 0.2.0.24-rc (released Apr 22) adds dizum (run by Alex de Joode)
as the new sixth v3 directory authority, makes relays with dynamic IP
addresses and no DirPort notice more quickly when their IP address
changes, fixes a few rare crashes and memory leaks, and fixes a few
other miscellaneous bugs. Tor 0.2.0.25-rc (released Apr 23) makes Tor
work again on OS X and certain BSDs.
Torbutton 1.1.18 (released Apr 17) fixes many usability and interoperability
items, in an attempt to make the new Torbutton not so obnoxious in its
zeal to protect the user. It also includes new translations for French,
Russian, Farsi, Italian, and Spanish.
We did a complete overhaul of the https://check.torproject.org/
page. Now it accepts a language choice,
Available languages are German, English, Spanish, Italian, Farsi,
Japanese, Polish, Portugese, Russian, and Chinese. The Tor Browser
Bundle automatically uses the appropriate language as its home page,
based on which language of the Browser Bundle was downloaded.
Started on a documentation page to explain to users what bridges are,
how they can decide whether they need one, and how to configure their
Tor client to use them:
We've also started working on a design proposal for making it easier
to set up a private or testing Tor network. With the advent of the v3
directory protocol, it currently takes up to 30 minutes before a test
network will produce a useful networkstatus consensus. Also, there are
a dozen different config options that need to be set correctly for
a Tor network running on a single IP address to not trigger various
security defenses. This approach should let more people set up their
own Tor networks, either for testing or because they can't reach the
main Tor network. read more »
There have been a lot of questions today about just what the
recent Debian OpenSSL flaw means for Tor clients. Here's an attempt to
explain it in a bit more detail. (Go read the Tor security advisory before
reading this post.)
First, let's look at the security/anonymity implications for users who
aren't running on Debian, Ubuntu, or similar. These implications all
stem from the fact that some of the Tor relays and v3 directory authorities
have weak keys, so the Tor network isn't able to provide as much anonymity
as we would like.
The biggest issue is that perhaps 300 Tor relays were running with
weak keys and weak crypto, out of the roughly 1500-2000 total running
relays. What can an attacker do from this? If you happen to pick three
weak relays in a row for your circuit, then somebody watching your local
network connection (or watching the first relay you pick) could break all
the layers of Tor encryption and read the traffic as if they were watching
it at the exit relay. read more »
Tor-0.2.0.26-rc replaces several V3 directory authority keys affected by a recent Debian OpenSSL bug.
This is a security-critical release.
Everybody running any version in the 0.2.0.x series should upgrade, whether
they are running Debian or not. Also, all servers running any version of Tor
whose keys were generated by Debian, Ubuntu, or any derived distribution may
have to replace their identity keys. See our security advisory for full details. As always, you can find Tor 0.2.0.26-rc on the downloads page.
Changes in version 0.2.0.26-rc - 2008-05-13
Major security fixes:
- Use new V3 directory authority keys on the tor26, gabelmoo, and moria1 V3 directory authorities. The old keys were generated with a vulnerable version of Debian's OpenSSL package, and must be considered compromised. Other authorities' keys were not generatedwith an affected version of OpenSSL.
- List authority signatures as "unrecognized" based on DirServer lines, not on cert cache. Bugfix on 0.2.0.x.
- Add a new V3AuthUseLegacyKey option to make it easier for authorities to change their identity keys if they have to.
The Tor Browser Bundle is released. Changes include an update to Firefox Portable 184.108.40.206, Tor 0.2.0.25-rc, Vidalia r2539, and TorButton 1.1.18-alpha.
Tor updates include fixed threading on BSD-family implentations and other minor features.
Vidalia updates include the ability to start polipo as Vidalia itself starts up.
Torbutton updates include a number of bugfixes and new translations for French, Russian, Farsi, Italian, and Spanish.
Please test out the bundle and submit any bugs you may find. Thanks and enjoy.
We're happy to welcome:
- Aleksei Gorny working on Tor exit scanner improvements
- Camilo Viecco working on Providing Blossom functionality to Vidalia
- Domenik Bork working on Configuration of Hidden Services with User Authorization in Vidalia
- Sebastian Hahn working on A networking application to automatically carry out tests for Tor
- Simon Johansson working on a Translation Wiki
- Christian Wilms working on Performance Enhancing Measures for Tor Hidden Services
- Fallon Chen working on Improving Tor Path Selection
There were a total of 40 applications for 7 slots this year. Congratulations to Aleksei, Camilo, Domenik, Sebastian, Simon, Christian, and Fallon for their excellent applications and subsequent selection. We look forward to releasing their completed projects as functionality for the benefit of the Tor user community.
Nick encouraged me to rewrite TorCheck in Python. Roger encouraged me to automatically translate TorCheck messages into a given locale when specifically requested. This is finished, reasonably stable and live right now.
As usual, TorCheck queries the TorDNSEL to determine if the visitor is possibly using a proper Tor exit node.
Users of the TorBrowser will now automatically have a fully translated browsing experience. Any other user can simply select the proper ISO 3166 Code for their country and make a GET request with a properly set LANG query string as linked above. There's a good chance that your locale will be supported in the future if it isn't already.
If you'd like to pitch in and translate TorCheck into your locale, we'd love the help! Feel free to check the translations directory for current translations and see if your locale has been translated. If you'd like to add a locale we haven't translated, download a copy of the PO template file and translate away!
Give the new TorCheck a try today!
Tor Browser Bundle 1.0.0 (released Mar 20) and 1.0.1 (released Mar 26) makes it work correctly with Polipo again, updates the versions of many of its components, and makes it easier to build the Bundle with custom included "jar" (plug-in) files as well as "xpi" (extension) files.
We moved the Tor Browser Bundle website into the main Tor website, so it can re-use our translation infrastructure. Currently its frontpage is available in English, German, Italian, Polish, and Russian.