Blogs

Tor at the Heart: Flash Proxy

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom. Donate today!

Flash Proxy

Sometimes Tor bridge relays can be blocked despite the fact that their addresses are handed out only a few at a time. Flash proxies create many, generally ephemeral bridge IP addresses, with the goal of outpacing a censor's ability to block them. Rather than increasing the number of bridges at static addresses, flash proxies make existing bridges reachable by a larger and changing pool of addresses.

"Flash proxy" is a name that should make you think "quick" and "short-lived." Our implementation uses standard web technologies: JavaScript and WebSocket. (In the long-ago past we used Adobe Flash, but do not any longer.)

Flash Proxy is built into Tor Browser. In fact, any browser that runs JavaScript and has support for WebSockets is a potential proxy available to help censored Internet users.

How It Works

In addition to the Tor client and relay, we provide three new pieces. The Tor client contacts the flash proxy facilitator to advertise that it needs a connection. The facilitator is responsible for keeping track of clients and proxies, and assigning one to another. The flash proxy polls the facilitator for client registrations, then begins a connection to the client when it gets one. The transport plugins on the client and the relay broker the connection between WebSockets and plain TCP.

A sample session may go like this:

1. The client starts Tor and the client transport plugin program (flashproxy-client), and sends a registration to the facilitator using a secure rendezvous. The client transport plugin begins listening for a remote connection.
2. A flash proxy comes online and polls the facilitator.
3. The facilitator returns a client registration, informing the flash proxy where to connect.
4. The proxy makes an outgoing connection to the client, which is received by the client's transport plugin.
5. The proxy makes an outgoing connection to the transport plugin on the Tor relay. The proxy begins sending and receiving data between the client and relay.

From the user's perspective, only a few things change compared to using normal Tor. The user must run the client transport plugin program and use a slightly modified Tor configuration file.

Cupcake

Cupcake is an easy way to distribute Flash Proxy, with the goal of getting as many people to become bridges as possible.

Cupcake can be distributed in two ways:

  • As a Chrome or Firefox add-on (turning your computer into a less temporary proxy)
  • As a module/theme/app on popular web platforms (turning every visitor to your site into a temporary proxy)

Tor at the Heart: GlobaLeaks

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom. Donate today!

GlobaLeaks

GlobaLeaks is an open source whistleblowing framework that empowers anyone to easily set up and maintain a whistleblowing platform. GlobaLeaks focuses on portability and accessibility and can help many different types of users—media organizations, activist groups, corporations and public agencies—set up their own submission systems. It is a web application running as a Tor Hidden Service that whistleblowers and journalists can use to anonymously exchange information and documents. Started in 2011 by a group of Italians, the project is now developed by the Hermes Center for Transparency and Digital Human Rights.

One of the main goals of GlobaLeaks is to provide a configurable system to meet the needs of under-resourced groups and activists who are communicating in their native languages. By default the platform enforces a strict data deletion policy, encryption of file content on disk, and routing of all network requests through the Tor Network. But configurability allows implementing organizations to make choices about how they engage in the process. The tool makes it easy to choose what languages to use, how long data is stored on the system, and the questions a source must answer before they create a submission.

To date over 60 organizations in more than 20 languages have used GlobaLeaks to set up whistleblowing systems. Investigative journalists are using it to produce evidence in controversial stories, NGOs and public agencies are using it to better handle their communication with sources, and we have even seen businesses adopt the tool to handle internal corruption reporting.

At the end of 2015 Ecuador Transparente, a GlobaLeaks user, uncovered political manipulation by state organizations. MexicoLeaks has produced award winning journalism while fighting local corruption with the help of the software. You can even see how the Elephant Action League uses the software to combat wildlife crime in the documentary The Ivory Game.

NGOs also use GlobaLeaks to manage the communication process with sources. Organizations like Transparency International Italy and Amnesty International rely on the system to provide a communication channel off email and telephone networks. The PubLeaks project in the Netherlands uses it to provide a contact point for over 42 Dutch media groups.

A project that uses GlobaLeaks has even helped provide the justification for improving legal protection for whistleblowers. The Serbian parliament recently passed a legal framework for whistleblower protection. Pijstrka.rs was acknowledged by the prime minister of Serbia at an anti-corruption conference in Belgrade for its exemplary role in protecting Serbians reporting on corruption.

In all of these contexts, it is crucially important for sources to remain anonymous. Without the work of the Tor Project, the existence of the Tor Network and the larger Tor community, none of this work would be possible.

Going forward, the development of the project is focused on making it easier to install and maintain a node and improving the resilience of the platform to attacks. If you would like to get involved, you can help translate the project, hunt for bounty, author new code, or donate to the project.

Tor at the Heart: Tor Messenger

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom. Donate today!





Tor Messenger

Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. It supports a wide variety of transport networks, including XMPP, IRC, Twitter, and others; enables Off-the-Record (OTR) Messaging automatically; has an easy-to-use graphical user interface; and has a secure automatic updater.

Tor Messenger builds on the networks you are familiar with, so you can continue communicating in a way your contacts are willing and able to do.

It's based on Instantbird, an instant messaging client developed in the Mozilla community, and leverages both the code (Tor Launcher, updater) and in-house expertise that the Tor Project has garnered working on Tor Browser with Firefox.

It was launched in Oct. 2015 and has since been receiving steady security and stability releases. However, there remain a few important items on the short term roadmap,

This summer, the team participated in GSoC, helping to mentor a project implementing CONIKS. CONIKS is a key verification system with the goal of easing the burden of key management for end-users, while at the same time not asking users to trust their communication providers to act in their interest. An alpha release was recently tagged.

At the Tor developers' meeting in Seattle this past September, we held several sessions on messaging. One of the goals was to help determine where to take Tor Messenger in the future. The consensus was that we should be focused on eliminating metadata, both in the currently supported networks (where this might materialize as rosterless communication or having temporary identities), or incorporating new networks with architectures like those found in other onion messaging systems. There are many unsolved problems here, like balancing serverless communication with presence detection and asynchronous messaging, and we're excited to help push the field forward.

Tor Browser 6.5a6-hardened is released

A new hardened Tor Browser release is available. It can be found in the 6.5a6-hardened distribution directory and on the download page for hardened builds.

This release features important security updates to Firefox. Other components got an update as well: Tor to 0.2.9.7-rc and HTTPS-Everywhere to 5.2.8.

With this release the broken preferences pane in non-en-US locales is fixed and we moved to pt-BR for Portuguese as it turns out that all our translations for Portuguese are containing Brazilian language strings. We added links to the Tor Browser Manual, an effort led by the community team to make help easier available for our users in case of problems.

Here is the full changelog since 6.5a5-hardened:

  • All Platforms
    • Update Firefox to 45.6.0esr
    • Update Tor to tor-0.2.9.7-rc
    • Update Torbutton to 1.9.6.9
      • Bug 16622: Timezone spoofing moved to tor-browser.git
      • Bug 20701: Allow the directory listing stylesheet in the content policy
      • Bug 20556: Use pt-BR strings from now on
      • Bug 20614: Add links to Tor Browser User Manual
      • Bug 20414: Fix non-rendering arrow on OS X
      • Bug 20728: Fix bad preferences.xul dimensions
      • Bug 20318: Remove helpdesk link from about:tor
      • Bug 20753: Remove obsolete StartPage locale strings
      • Bug 20947: Donation banner improvements
      • Translation updates
    • Update HTTPS-Everywhere to 5.2.8
    • Bug 16622: Spoof timezone with Firefox patch
    • Bug 20707: Fix broken preferences tab in non-en-US alpha bundles
    • Bug 20709: Fix wrong update URL in alpha bundles
    • Bug 20556: Start using pt-BR instead of pt-PT for Portuguese
    • Bug 20809: Use non-/html search engine URL for DuckDuckGo search plugins
    • Bug 20837: Activate iat-mode for certain obfs4 bridges
    • Bug 20838: Uncomment NX01 default obfs4 bridge
    • Bug 20840: Rotate ports a third time for default obfs4 bridges

Tor Browser 6.5a6 is released

Tor Browser 6.5a6 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox. Other components got an update as well: Tor to 0.2.9.6-rc and HTTPS-Everywhere to 5.2.8.

With this release we made progress in both the usability and security area. In the former we fixed the broken preferences pane in non-en-US bundles and moved to pt-BR bundles for Portuguese as it turns out that all our translations for Portuguese are containing Brazilian language strings. We added links to the Tor Browser Manual, an effort led by the community team to make help easier available for our users in case of problems.

On the security side we are proud to announce the first fruits of our sandboxing efforts.

On Linux the Tor Browser sandbox is centered around Linux namespaces along with seccomp-bpf, and attempts to reduce the attack surface available to adversaries to prevent exploits from succeeding, and to limit the capabilities of an attacker in the event that they do manage to compromise either the tor client instance or the browser itself. This is done by creating lightweight namespace based containers in which the Tor Browser components are run, with various restrictions imposed by the operating system. For example, the container that the browser runs in does not have an IP address to leak, or a connection to the external network except via Tor.

It is made available to end users as a separate downloadable binary, sandboxed-tor-browser, that manages installing and updating Tor Browser, configuring Tor and the sandbox, and running the actual sandboxed Tor Browser. Having bubblewrap installed is required for this to work. Additional documentation about the implementation, known issues, and frequently asked questions is available at our wiki.

We have also made some progress with sandboxing on macOS. Building on the work done in the past by IronFox and similar projects, we have created sandbox profiles for the Tor daemon and for Tor Browser itself. These profiles, along with some command line scripts that use Apple's sandbox-exec command to start Tor and Tor Browser, are included in our Tor Browser 6.5a6 OSX packages. At this time we are asking advanced users to use the OSX sandbox profiles on an experimental basis and give us feedback on any problems that they encounter. In the future, we hope to create software for macOS that is similar to the Linux Tor Browser sandbox.

Besides work on sandboxing this release features our first step in exploring options to harden the memory allocator. We have enabled jemalloc4 on Linux bundles and abort on redzone corruption. We are here especially interested in performance and stability related feedback.

Here is the full changelog since 6.5a5:

  • All Platforms
    • Update Firefox to 45.6.0esr
    • Update Tor to tor-0.2.9.6-rc
    • Update Torbutton to 1.9.6.8
      • Bug 16622: Timezone spoofing moved to tor-browser.git
      • Bug 20701: Allow the directory listing stylesheet in the content policy
      • Bug 20556: Use pt-BR strings from now on
      • Bug 20614: Add links to Tor Browser User Manual
      • Bug 20414: Fix non-rendering arrow on OS X
      • Bug 20728: Fix bad preferences.xul dimensions
      • Bug 20318: Remove helpdesk link from about:tor
      • Bug 20753: Remove obsolete StartPage locale strings
      • Translation updates
    • Update HTTPS-Everywhere to 5.2.8
    • Bug 16622: Spoof timezone with Firefox patch
    • Bug 20707: Fix broken preferences tab in non-en-US alpha bundles
    • Bug 20709: Fix wrong update URL in alpha bundles
    • Bug 20556: Start using pt-BR instead of pt-PT for Portuguese
    • Bug 20809: Use non-/html search engine URL for DuckDuckGo search plugins
    • Bug 20837: Activate iat-mode for certain obfs4 bridges
    • Bug 20838: Uncomment NX01 default obfs4 bridge
    • Bug 20840: Rotate ports a third time for default obfs4 bridges
  • OS X
    • Bug 20121: Create Seatbelt profile(s) for Tor Browser
  • Linux
    • Bug 20352: Integrate sandboxed-tor-browser into our Gitian build
    • Bug 20758: Make Linux sandbox build deterministic
    • Bug 10281: Use jemalloc4 and abort on redzone corruption

Tor Browser 6.0.8 released

Tor Browser 6.0.8 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Besides updating Firefox to 45.6.0esr which is fixing important security bugs we ship the latest Tor stable version, 0.2.8.11. HTTPS-Everywhere is updated as well (to 5.2.8) and we make improvements to our default obfs4 bridges.

Here is the full changelog since 6.0.7:

  • All Platforms
    • Update Firefox to 45.6.0esr
    • Update Tor to 0.2.8.11
    • Update Torbutton to 1.9.5.13
    • Update HTTPS-Everywhere to 5.2.8
    • Bug 20809: Use non-/html search engine URL for DuckDuckGo search plugins
    • Bug 20837: Activate iat-mode for certain obfs4 bridges
    • Bug 20838: Uncomment NX01 default obfs4 bridge
    • Bug 20840: Rotate ports a third time for default obfs4 bridges

Tor at the Heart: Riseup.net

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today!





Riseup.net

Riseup.net was started back in 1999 after the WTO protests in Seattle. They provide online communication tools, including email, chat, file uploads and collaborative platforms for people and groups working on liberatory social change. Riseup is a project to create democratic alternatives and to practice self-determination through the control of secure means of communication.

The Riseup collective is made up of many "birds" who believe it is vital that essential communication infrastructure be controlled by movement organizations and not by corporations or governments.

They strive to keep mail as secure and private as possible. They do not log your IP address. (Most services keep detailed records of every machine that connects to their servers. Riseup only keeps information that cannot be used to uniquely identify your machine). All of your data, including your mail, is stored by riseup.net in encrypted form. They work hard to keep their servers secure and well defended against any malicious attack. They do not share any of their user data with anyone. They actively fight all attempts to subpoena or otherwise acquire any user information or logs. They do not read, search, or process any of your incoming or outgoing mail, other than by automatic means to protect you from viruses and spam or when directed to do so by you when troubleshooting.

Some of the Riseup birds work tirelessly on building secure email infrastructure, one of them runs longclaw, one of our amazing directory authorities, and all of them are dedicated to building a better Internet—and thus, incidentally, a better world. Oh, and they also run two fast Tor exit nodes, wagtail and pipit.

In addition, for years Riseup has been providing Onion Services for each of their services. Start using them today here!

We also can't thank them enough for writing this Onion Service Best Practices Guide, helping countless users and services around the Internet to be more secure, and truly making everyone not part of a DarkWeb but rather a SecureWeb (tm).

We hope we can continue this close relationship with Riseup. So many Tor users around the world depend on them for protection. Please visit our bird friends at Riseup and support their critical work!

And don't forget to donate to the Tor Project and get involved!

Thank you for reading, and soon enjoy not being in 2016 anymore! :)

Tor 0.2.9.7-rc is released: almost stable!

There's a new development release of Tor!

Tor 0.2.9.7-rc fixes a few small bugs remaining in Tor 0.2.9.6-rc, including a few that had prevented tests from passing on some platforms.

The source code for this release is now available from the download page on our website. Packages should be available soon. I expect that this Tor release will probably go into the hardened TorBrowser package series coming out in the next couple of days. (I hear that 0.2.9.6-rc will be in the regular TorBrowser alphas, since those froze a little before I finished this Tor release.)

We're rapidly running out of serious bugs to fix in 0.2.9.x, so this is probably the last release candidate before stable ... unless you find bugs while testing! Please try these releases, and let us know if anything breaks. Testing either 0.2.9.6-rc or 0.2.9.7-rc would be helpful.

Changes in version 0.2.9.7-rc - 2016-12-12

  • Minor features (geoip):
    • Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2 Country database.
  • Minor bugfix (build):
    • The current Git revision when building from a local repository is now detected correctly when using git worktrees. Fixes bug 20492; bugfix on 0.2.3.9-alpha.

  read more »

Syndicate content Syndicate content