Blogs

Net Freedom, Secretary Clinton, and Tor

I attended the speech given by Secretary Clinton on Jan 21, 2010, http://www.state.gov/secretary/rm/2010/01/135519.htm. Most of it was a rehashing of what many of us already know and believe, but it's still good to hear the US Govt "gets it" and is trying to promote the openness on which the Internet has thrived. You can watch the full speech at http://netfreedom.state.gov. Interestingly, someone got to ask the anonymity question before me,

QUESTION: You talked about anonymity on line and how we have to prevent that. But you also talk about censorship by governments. And I’m struck by – having a veil of anonymity in certain situations is actually quite beneficial. So are you looking to strike a balance between that and this emphasis on censorship? read more »

Updates on Internet Censorship in Poland

Recently, the proposal to create a Registry of Banned Websites and Services was approved. More details can be found at

http://globalvoicesonline.org/2010/01/21/poland-government-approves-prop...

and a letter to the President at: http://polishlinux.org/poland/polish-internet-users-against-the-censorsh...

Tor Project infrastructure updates

You should upgrade to Tor 0.2.1.22 or 0.2.2.7-alpha:
https://www.torproject.org/easy-download.html.en

In early January we discovered that two of the seven servers that run directory
authorities were compromised (moria1 and gabelmoo), along with
metrics.torproject.org, a new server we'd recently set up to serve
metrics data and graphs. The three servers have since been reinstalled
with service migrated to other servers.

We made fresh identity keys for the two directory authorities, which is
why you need to upgrade.

Moria also hosted our git repository and svn repository. We took the
services offline as soon as we learned of the breach. It appears the
attackers didn't realize what they broke into -- just that they had
found some servers with lots of bandwidth. The attackers set up some ssh
keys and proceeded to use the three servers for launching other attacks.
We've done some preliminary comparisons, and it looks like git and svn
were not touched in any way. read more »

Start of a Tor Legal Support Directory

Over the past few months, a number of exit relay operators have contacted us asking for help with some legal issues encountered while running their relay. While we can't provide legal advice in all jurisdictions, we can frequently find you a next hop in the legal chain to get you the advice or representation you need. Sometimes this advice is free/pro-bono, other times it is not. It's up to the legal organization to decide if they can take your case or refer you to someone else.

Rather than keep a secret list of people willing to help, we're building a public list for operators to contact directly, in their own country. A big thanks to Fred and Gwen at the EFF for helping to start this list and for making introductions. And, of course, a big thanks to the organizations for agreeing to be listed and for offering support to Tor relay operators.

If you'd like to add your name to this list, please let me know.

The current list of legal support organizations by country is:

Finland:
Turre Legal
http://www.turre.com/
Fax +358985657006
contact person: Herkko Hietanen
http://www.turre.com/lawyers/

The Netherlands:
Bits of Freedom
http://www.bof.nl

Australia:
Electronic Frontier Australia
http://www.efa.org.au/
email: email@efa.org.au
Phone: +61 2 9011 1088
Fax: +61 2 8002 400

Germany, Switzerland, Austria:
Chaos Computer Club
http://www.ccc.de/
anonymizer@ccc.de

Zwiebelfreunde e.V.
http://www.zwiebelfreunde.de/
support@torservers.net

United States:
Electronic Frontier Foundation
http://www.eff.org/about/contact
information@eff.org

Switzerland:
http://www.privacyfoundation.ch

Poland, Internet Censorship, and Tor

Over the past month I've been working with a few people from Poland. We are discussing how we can improve the impression of Tor in country. It seems a few people want to make all anonymity and privacy tools illegal; and tor is a well-known scapegoat. Thanks to the efforts of Paweł Wilk for writing a few sane articles about online privacy and Tor in particular.

Sywlia Presley of Global Voices writes up a great overview of the situation at http://globalvoicesonline.org/2010/01/10/poland-discussions-of-tor-and-i.... read more »

Tor and Censorship: lessons learned

Roger recently gave a talk at 26C3 about our experiences with various censorship technologies.

In the aftermath of the Iranian elections in June, and then the late September blockings in China, we've learned a lot about how circumvention tools work in reality for activists in tough situations. I'll give an overview of the Tor architecture, and summarize the variety of people who use it and what security it provides. Then we'll focus on the use of tools like Tor in countries like Iran and China: why anonymity is important for circumvention, why transparency in design and operation is critical for trust, the role of popular media in helping – and harming – the effectiveness of the tools, and tradeoffs between usability and security. After describing Tor's strategy for secure circumvention (what we thought would work), I'll talk about how the arms race actually seems to be going in practice.

The slides of the presentation can be found at the bottom of this post.

We've mirrored the full 700MB video of the presentation at http://media.torproject.org/video/26c3-3554-de-tor_and_censorship_lesson...

Tor Browser Bundle 1.3.0 Released

On December 31, 2009, I released the latest in the Tor Browser Bundle series, 1.3.0. The version bump from 1.2.10 to 1.3.0 is due to the change to Firefox 3.5.6 (from Firefox 3.0.15).

You can get the latest TBB in 12 languages at https://www.torproject.org/torbrowser/

Torbutton 1.2.4 fixes a number of privacy and anonymity issues with the Firefox 3.5.x code base.

The official changelog is:

- upgrade Firefox to 3.5.6
- update Pidgin to 2.6.4
- update Torbutton to 1.2.4

Feel free to file bugs at
https://bugs.torproject.org/flyspray/index.php?tasks=all&project=4.

The original announcement is at http://archives.seul.org/or/talk/Jan-2010/msg00037.html

New Stable released, Tor 0.2.1.21

Tor 0.2.1.21 fixes an incompatibility with the most recent OpenSSL
library. If you use Tor on Linux / Unix and you're getting SSL
renegotiation errors, upgrading should help. We also recommend an
upgrade if you're an exit relay.

https://www.torproject.org/easy-download

Changes in version 0.2.1.21 - 2009-12-21
Major bugfixes:

  • Work around a security feature in OpenSSL 0.9.8l that prevents our
    handshake from working unless we explicitly tell OpenSSL that we
    are using SSL renegotiation safely. We are, of course, but OpenSSL
    0.9.8l won't work unless we say we are.
  • Avoid crashing if the client is trying to upload many bytes and the
    circuit gets torn down at the same time, or if the flip side
    happens on the exit relay. Bugfix on 0.2.0.1-alpha; fixes bug 1150.

Minor bugfixes: read more »

  • Do not refuse to learn about authority certs and v2 networkstatus
Syndicate content Syndicate content