Blogs

www, archive, ns, and rsync +1

Thanks to Debian for providing a fine server capable of providing redundancy for a number of services. This new server is in live rotation for https://archive.torproject.org, https://www.torproject.org, acts as one of our primary DNS servers, and provides rsync for the archive data store. It mirrors 165GB of data hourly. The server is located in Darmstadt, Germany and provides a copy of the services on the European continent.

The addition of a second server allows us to implement some changes to the way we allow others to mirror our data sets. The primary server behind archive.torproject.org is also known as rsync.torproject.org. It now solely serves up rsync.torproject.org. If you have scripts that periodically mirror archive.torproject.org, you probably want to update them for rsync.torproject.org.

Thanks to the Debian Sysadmin Team for the server and hosting!

New Tor Browser Bundles

The stable Tor Browser Bundles have all been updated to the latest Firefox 10.0.07esr release.

https://www.torproject.org/download

Tor Browser Bundle (2.2.38-2)

  • Update Firefox to 10.0.7esr
  • Update Libevent to 2.0.20-stable
  • Update NoScript to 2.5.2
  • Update HTTPS Everywhere to 2.2.1

Wading into social waters

Recently, we've been introduced to two "Tor Project" Facebook Org pages. Neither of which are run by us at Tor, yet. There was also a Google+ page for a while, too. We currently use a few social media methods, such as mailing lists, pgp web of trust, internet relay chat, Identi.ca, and Twitter. Some people are very upset Tor is seemingly supporting Facebook, Google+ and others.

We're expanding into Facebook, Google+, Reddit, and others because our users are asking for it. There are existing Tor communities in many places, and we don't need to formally be at them all. It's great when individuals step up to the challenge and represent Tor in positive ways. However, as people join these communities, they are looking for a real discussion with us. For many people, these platforms are the primary means of communication.

We do have some concerns about social media sites. Let's enumerate these concerns.

  1. Current social media solutions don't respect user privacy, however it's all we have today. With buttons like "+1", "Like", and "Tweet this" strewn about websites, tracking your normal web activity, Tor is at least one solution to help you stop this global tracking. We believe you should be fully in control of your own data and metadata.

  2. The users are currently using these systems in very unsafe ways. We can join the system and set up a presence with details about how to use these systems more safely--or if they cannot be used safely at all. The goal is to educate people.The EFF has an explanation of these risks as well.

  3. We can get our message out to people and have a discussion with them, where they are, even though we don't control the medium and risk getting kicked off the system.

  4. Some are impersonating us now, and not at the quality level we want to see. A bad answer or impression from a fake Tor is worse than no answer at all.

Why don't we write our own?

Writing and deploying our own social media system is beyond the scope of our mission. However, tor can provide an anonymous base for such a system. We have hope for systems like Diaspora, tent, and FreedomBox.

New Stable Tor Browser Bundles

The stable Tor Browser Bundles have all been updated to the latest Tor 0.2.2.38 stable release.

https://www.torproject.org/download

Tor Browser Bundle (2.2.38-1)

  • Update Tor to 0.2.2.38
  • Update NoScript to 2.5
  • Update HTTPS Everywhere to 2.1

New Tor Browser and Obfsproxy Bundles

The alpha Tor Browser Bundles have all been updated to the latest Tor 0.2.3.20-rc release candidate as well as being updated with some bugfixes. We're getting closer and closer to releasing the 0.2.3.x series as stable, so please give these bundles a lot of testing and help us shake out all of the remaining bugs! The regular bundles have also been updated.

https://www.torproject.org/download

The Tor Obfsproxy Browser Bundles have also been brought up to date with all of the same software as the regular alpha Tor Browser Bundles. These are still a work in progress, so please remember to report bugs! You can download them from the obfsproxy page.

Tor Browser Bundle (2.3.20-alpha-1)

  • Update Tor to 0.2.3.20-rc
  • Update NoScript to 2.5
  • Change the urlbar search engine to Startpage (closes: #5925)
  • Firefox patch updates:
    • Fix the Tor Browser SIGFPE crash bug (closes: #6492)
    • Add a redirect API for HTTPS-Everywhere (closes: #5477)
    • Enable WebGL (as click-to-play only) (closes: #6370)

Updated Tor Cloud images with fix for Tor upgrades

The Tor Cloud images for all the seven regions have been updated to include the latest cloud image for stable Ubuntu release 10.04 LTS (Lucid Lynx). These new images are available on the Tor Cloud website.

The new images include a fix to allow Tor to upgrade automatically without requiring user intervention (#6511).

If you are already running a Tor Cloud bridge, you will need to either manually update your image, or set up a new Tor Cloud bridge and terminate the old one. If you decide not to take action, your image will fail to upgrade Tor correctly and will not be running as a bridge.

To manually update your image, do the following:

0. Log on with SSH
1. Open /etc/apt/apt.conf.d/50unattended-upgrades
2. Add the line: Dpkg::Options { --force-confold; }
3. Save and exit

Tor has funding for another browser hacker

Your job would be to work on Torbutton and patches to our Firefox-based browser, as well as a potential Android port. This would be a contractor position likely starting in October and going through Q1 2013, with the possibility of later in 2013 and beyond. There may also be a possibility for part-time work prior to October.

The purpose of our browser is to build a private-by-design reference implementation of "Do Not Track", but through the alteration of browser behavior and without the need for regulation or begging.

Your job will include triaging, diagnosing, and fixing bugs; looking for and resolving web privacy issues; responding on short notice to security issues; and working collaboratively with coworkers and volunteers on implementing new features and web behavior changes.

We'd also need help making our code more maintainable, testable, and mergeable by upstream. Sometimes, we need to drop everything and scramble to implement last-minute fixes, or to deploy urgent security updates. You'd also be reviewing other people's code, designs, and academic research papers, and looking for ways to improve upon them.

See the job posting for information on how to apply and what you need to send in with your application.

For an even more detailed overview of the full breadth and depth of the work you'd be doing, have a look at The Design and Implementation of the Tor Browser, especially The Design Requirements section.

New Tor Browser Bundles

The stable Tor Browser Bundles have all been updated to the latest Firefox 10.0.6esr release.

The alpha Tor Browser Bundles have also (finally) been updated with numerous new pieces of software, including the latest Tor release candidate (0.2.3.19-rc).

All users are strongly urged to upgrade.

https://www.torproject.org/download

Tor Browser Bundle (2.2.37-2)

  • Update Firefox to 10.0.6esr
  • Update Vidalia to 0.2.20
  • Update NoScript to 2.4.8
  • Disable Firefox crashreporter
  • Windows: Fix Firefox transparency problems with Aero theme (closes: #4795.)

Tor Browser Bundle (2.3.19-alpha-1)

  • Update Tor to 0.2.3.19-rc
  • Update Firefox to 14.0.1
  • Update libevent to 2.0.19-stable
  • Update OpenSSL to 1.0.1c
  • Update zlib to 1.2.7
  • Update Torbutton to 1.4.6
  • Update NoScript to 2.4.9
  • Update HTTPS Everywhere to 3.0development.5
  • Downgrade Vidalia to 0.2.20
  • Update libpng to 1.5.12
  • Syndicate content Syndicate content