Blogs

FOCI ‘13 Call for Papers (Deadline May 6th) Don’t Miss Out!

The 3rd USENIX Workshop on Free and Open Communications on the Internet (FOCI '13) has put out a call for papers. Submissions are being encouraged from a wide range of disciplines; both technical and non-technical. Don’t miss out!

The FOCI ’13 program committee is looking for new, interesting works on a wide variety of topics including technically-focused position papers and works-in-progress as well as papers within the social sciences focusing on policy, law, regulation, economics or related fields of study.

Papers must be submitted by May 6, 2013, 11:59 p.m. PDT. For more details on the submission process, please see the complete Call for Papers

Then mark your calendars and join members of the Tor team at the
3rd USENIX Workshop on Free and Open Communications on the Internet - August 13, 2013 in Washington, D.C
Co-located with the 22nd USENIX Security Symposium, August 14-16, 2013

NOTE: Roger Dingledine and Jacob Appelbaum from Tor are participating on the FOCI '13 program and steering committees, therefore we are helping to promote the call for these papers.

Trip Report: White House Forum to Combat Human Trafficking

Trip Report White House Forum to Combat Human Trafficking, 09 April 2013

I was invited to attend the White House Forum to Combat Human Trafficking. I've been part of a task force to look at the role of technology in human trafficking. Secretary of State John Kerry sent a video since he was in another country at the time. A local Tor volunteer from Cambridge, Massachusetts has White House Press credentials and was able to cover the event. This article is a better writeup and interview, with video, than anything else I've seen covering the event. Interestingly, no other press showed up to cover the event. It seems CCTV Cambridge was the only press covering this White House initiative.

The room was full of a mix of people from law enforcement, human rights organizations, legal firms, and commercial companies. Eric Holder, Attorney General of US, Janet Napolitano, Secretary of DHS, and Cecilia Munoz, Director of Domestic Policy Council, all gave speeches about what their respective organizations are doing to fight trafficking. The US Dept of Health and Human Services is the main organization behind all of this. Their end trafficking site is a fine starting point.

As far as my role, it's been to think about how technology is being used by traffickers and how victims could get help in their situations. Thorn, FAIR Girls, and Polaris are all working on solutions and gathering raw data to support decisions.

I then spent some time talking to various organizations in DC and helping to explain Tor to more law enforcement.

Overall, it was a good day trip to DC.

New Tor Cloud images with obfs3

The Tor Cloud images have been updated to include the latest version of Ubuntu 12.04.2 LTS (Precise Pangolin). An instance created from any of the images will automatically be a normal bridge, an obfs2 bridge, and an obfs3 bridge.

When setting up an instance, please remember to edit the security group with the following rules: SSH (22), HTTPS (443), 40872, and 52176.

Forensic Analysis of Tor on Linux

As part of a deliverable for two of our sponsors (Sponsor J, Sponsor L), I have been working on a forensic analysis of the Tor Browser Bundle. In this three part series, I will summarize the most interesting or significant traces left behind after using the bundle. This post will cover Debian Linux (#8166), part two will cover Windows 7, and part three will cover OS X 10.8.

Process

I set up a virtual machine with a fresh install of Debian 6.0 Squeeze, logged in once and shut it down cleanly. I then connected the virtual drive to another virtual machine and used dd to create an image of the drive. I also used hashdeep to compute hashes for every file on the drive, and rsync to copy all the files over to an external drive.

After having secured a copy of the clean virtual machine, I rebooted the system, connected an external drive, and copied the Tor Browser Bundle (version 2.3.25-6, 64-bit) from the external drive to my Debian home directory. I extracted the package archive and started the Tor Browser Bundle by running ./start-tor-browser inside the Tor Browser directory.

Once the Tor Browser was up and running, I browsed to a few pages, read a few paragraphs here and there, clicked on a few links, and then shut it down by closing the Tor Browser and clicking on the Exit-button in Vidalia. The Tor Browser did not crash and I did not see any error messages. I deleted the Tor Browser directory and the tarball using rm -rf.

I repeated the steps with dd, hashdeep, and rsync to create a copy of the tainted virtual machine.

Results

Using hashdeep, I compared the hashes from the tainted virtual machine against the hashes from the clean virtual machine: 68 files had a hash that did not match any of the hashes in the clean set. The most interesting files are:

~/.local/share/gvfs-metadata/home: contains the filename of the Tor Browser Bundle tarball: tor-browser-gnu-linux-x86_64-2.3.25-5-dev-en-US.tar.gz. GVFS is the virtual filesystem for the GNOME desktop, so this result will probably vary depending on the window manager used. I have created #8695 for this issue.

~/.xsession-errors: contains the following string: “Window manager warning: Buggy client sent a _NET_ACTIVE_WINDOW message with a timestamp of 0 for 0x3800089 (Tor Browse)”. It is worth noting that a file named .xsession-errors.old could also exist. I have created #8696 for this issue.

~/.bash_history: contains a record of commands typed into the terminal. I started the Tor Browser Bundle from the command line, so this file contains lines such as ./start-tor-browser. I have created #8697 for this issue.

/var/log/daemon.log, /var/log/syslog, /var/log/kern.log, /var/log/messages: contains information about attached devices. I had an external drive attached to the virtual machine, so these files contain lines such as “Mounted /dev/sdb1 (Read-Write, label “THA”, NTFS 3.1)” and “Initializing USB Mass Storage driver…”.

Tor help desk expands with four more languages

When we first launched the Tor help desk back in November 2011, we provided support in English and Farsi. We recently expanded the help desk with four more languages: Arabic, French, Mandarin, and Spanish. The help desk is a best effort service with no guarantees, but we generally respond within 48 hours.

For support in English, email help@rt.torproject.org. For other languages, try:

help-ar@rt.torproject.org for Arabic
help-es@rt.torproject.org for Spanish
help-fa@rt.torproject.org for Farsi
help-fr@rt.torproject.org for French
help-zh@rt.torproject.org for Mandarin

Tor in Google Summer of Code 2013

in

Interested in coding on Tor and getting paid for it by Google? If you are a student, we have good news for you: We have been accepted as a mentoring organisation for Google Summer of Code 2013!

Here are the facts: The summer of code gives you the opportunity to work on your own Tor-related coding project with one of the Tor developers as your mentor. You can apply for a coding project related to Tor itself or to one of its many supplemental projects. Your mentor will help you when you're stuck with your project and guide you in becoming part of the Tor community. Google pays you 5,000 USD for the three months of your project, so that you can focus on coding and don't have to worry about how to pay your bills.

Did we catch your attention? These are your next steps: Go look at the Google Summer of Code FAQ to make sure you are eligible to participate. Have a look at our ideas list to see if one of those projects matches your interests. If there is no project on that list that you'd want to work on, read the documentation on our website and make up your own project idea! Come to #tor-dev on OFTC and let us know about your project idea. Communication is essential to success in the summer of code, and we're unlikely to accept students we haven't heard from before reading their application. So really, come to the IRC channel and talk to us!

Finally, write down your project idea using our template and submit your application to Google until May 3, 2013.

We are looking forward to discussing your project idea with you!

New Tor Browser Bundles with Firefox 17.0.5esr

All of the Tor Browser Bundles have been updated to the latest Firefox 17.0.5esr.

https://www.torproject.org/download

Tor Browser Bundle (2.3.25-6)

  • Update Firefox to 17.0.5esr
  • Update NoScript to 2.6.59

Tor Browser Bundle (2.4.11-alpha-2)

  • Update Firefox to 17.0.5esr
  • Update NoScript to 2.6.59

Stem Release 1.0

in

Hi all. After eighteen months of work and a number of delays rivaling that of the Big Dig I'm pleased to announce the initial release of stem!

For those who aren't familiar with it, stem is a python controller library for tor. With it you can write scripts and applications that interact with your tor client or relay. For some examples of what you can do see the tutorials on...

https://stem.torproject.org/

Stem is compatible with python 2.6 and higher (including the 3.x series), and is a near complete implementation of tor's control and directory specifications. It has relatively high test coverage (~80% for most modules) and integration tests to check its continued interoperability with new releases of tor.

As always, if you encounter issues or have feature requests then please let me know! Also, if you write something that uses stem then please tell me, both so we can continue to improve our API and expand the tutorial's list of examples.

Many thanks to everyone that helped make this initial release of stem possible, both with its development and packaging! -Damian

Syndicate content Syndicate content