Blogs

New Tor Browser Bundles

All of the stable Tor Browser Bundles have been updated with the latest Firefox 10.0.9esr release.

https://www.torproject.org/download/download-easy.html.en

Further notes about Tor Browser Bundle updates:

Tor Browser Bundle (2.2.39-3)

  • Update Firefox to 10.0.9esr
  • Update Torbutton to 1.4.6.3
  • Update NoScript to 2.5.7
  • Update HTTPS Everywhere to 2.2.2
  • Update libpng to 1.5.13

Top changes in Tor since the 2004 design paper (Part 1)

The main academic reference for Tor is "Tor: The Second-Generation Onion Router" by Dingledine, Mathewson, and Syverson. But that paper was published back in 2004, and Tor has evolved since then. So Steven Murdoch and Nick Mathewson are currently preparing an updated version of the Tor design paper, to include new design changes and research results concerning Tor over the last 8 years.

In this series of posts, we (Steven and Nick) will try to summarize the most interesting or significant changes to Tor's design since the publication of the original paper. We're only going to cover the stuff we think is most interesting, and we'll aim to do so in an interesting way.

We think this will be a three part series. In this first part, we'll cover the evolution of Tor's directory system, and some performance improvements in Tor's circuit creation and cell scheduling logic. read more »

Tor has funding for a project coordinator

A project coordinator is the person who brings order to chaos. You will coordinate and help track deliverables, progress, and metrics of current projects. You will also help plan future projects through proposals.

Your impact will involve:

  • Deriving deliverables, deadlines, and milestones for each active contract.
  • Developing timelines and schedules for completion of milestones and deliverables for each active, and occasionally proposed, contract.
  • Collecting ideas and potential deliverables for the future.
  • Raising concerns, timeline slips, and probability of missed deadlines to management.
  • Helping with managing people's schedules, work load, and keeping various people or teams in communication with one another.
  • Tracking deliverable completion.
  • Developing and maintaining metrics about project completion rate and other measures as based on evidence-based project management or something similar.
  • Helping contractors develop their contract deliverables for six month periods based on expected workload.
  • Maintaining project status pages on trac (or whatever system we have) with deliverables, tickets, and monthly summaries of progress.
  • Helping to write the monthly progress reports required for contracts.

See the job posting for information on how to apply and what you need to send in with your application.

Obfsproxy Bridges in the Amazon Cloud

The Tor Cloud images for all the seven regions have been updated to fix a bug found in the unattended-upgrades configuration. The normal bridge images have also been updated to include obfsproxy, which attempts to help users circumvent censorship by transforming the Tor traffic between the client and the bridge.

If you are already running a Tor Cloud bridge, you will need to either manually update your image, or set up a new Tor Cloud bridge and terminate the old one. If you decide not to take action, your image will fail to upgrade Tor correctly and will not be running as a bridge.

If you just want to fix the bug in the unattended-upgrades configuration, do the following; log on with SSH and edit /etc/apt/apt.conf.d/50unattended-upgrades to say precise instead of lucid.

New Tor Cloud images

The Tor Cloud images for all the seven regions have been updated to include the latest cloud image for stable Ubuntu release 12.04.1 LTS (Precise Pangolin). These new images are available on the Tor Cloud website.

The new images include Tor's new GPG key, uses apt-get instead of aptitude, and also includes the deb.torproject.org-keyring package (#6776).

If you are already running a Tor Cloud bridge, you will need to either manually update your image, or set up a new Tor Cloud bridge and terminate the old one. If you decide not to take action, your image will fail to upgrade Tor correctly and will not be running as a bridge. To manually update your image; log on with SSH, and follow the instructions to add the new GPG key, upgrade Tor, and install the deb.torproject.org-keyring package.

Tails 0.13 is out!

Tails 0.13 brings its lot of small but useful improvements and fixes a few security issues.

Download it now.

Changes

Notable user-visible changes include:

  • Use white-list/principle of least privilege approach for local services.
    Only users that need a certain local (i.e. hosted on loopback) service
    (according to our use cases) are granted access to it by our firewall;
    all other users are denied access.
  • Allow to modify language and layout in the "Advanced options" screen
    of the greeter.
  • Enable four workspaces in the Windows XP camouflage. This allows
    users to quickly switch to a more innocent looking workspace in case
    they are working on sensitive data and attract unwanted attention.
    The workspace switcher applet isn't there, though, since there's no
    such thing in Windows XP, so switching is only possible via keyboard
    shortcuts.
  • Claws Mail now saves local/POP emails in its dot-directory by default
    instead of the non-persistent ~/Mail directory. Users who are already
    using persistence for Claws will have to perform this change manually.
  • Add support for wireless regulation.
  • Hide the TailsData partition in desktop applications.
  • Tor
    • Upgrade to 0.2.2.39.
  • Iceweasel
    • Upgrade iceweasel to 10.0.7esr-2 (Extended Support Release).
  • Hardware support
    • Upgrade Linux to 3.2.23-1.
  • Software
    • Upgrade I2P to version 0.9.1.
    • Install GNOME System Monitor.
    • Upgrade WhisperBack to 1.6, with many UI improvements and new translations.
  • Ship a first version of the incremental update system. Updates are not
    currently triggered automatically, but this will allow tests to be done
    on larger scales.

Plus the usual bunch of minor bug reports and improvements.

See the online Changelog for technical details.

Don't hesitate to get in touch with us.

Some thoughts on the CRIME attack

By this point, some people have started to ask me about the Rizzo and Duong's new CRIME attack on TLS.

The short version is the same as with BEAST last year: Tor is not affected. TorBrowser is not affected. Other applications may be affected; please consult your app vendor.

Here's the longer version, in case you're more curious. This is going to assume a little technical background, but not too much. read more »

New bundles (security release)

New Bundles (security release)

All of the available bundles of Tor have been updated for the latest stable Tor 0.2.2.39 release and the 0.2.3.22-rc release. These releases fix a remote crash bug found in Tor and all users and relays are STRONGLY encouraged to update immediately.

https://www.torproject.org/download

Further notes about Tor Browser Bundle updates:

The random port selection has been temporarily disabled in the Linux and Mac OS X alpha bundles. Most of you probably didn't notice any random port selection happpening at all, but if you encounter a problem running a system Tor and your Tor Browser Bundle at the same time, you can switch to the stable bundles for now. The next update should have a fix that allows us to re-enable automatic port selection.

Tor Browser Bundle (2.2.39-1)

  • Update Tor to 0.2.2.39
  • Update NoScript to 2.5.4

Tor Browser Bundle (2.3.22-alpha-1)

  • Update Tor to 0.2.3.22-rc
  • Temporarily use fixed Control and SOCKS ports as a workaround for #6803
Syndicate content Syndicate content