Tails, The Amnesic Incognito Live System, version 1.3, is out.
The Tor Browser has additional operating system and data security. This security restricts reads and writes to a limited number of folders. Learn how to manipulate files with the new Tor Browser.
The obfs4 pluggable transport is now available to connect to Tor bridges. Pluggable transports transform the Tor traffic between the client and the bridge to help disguise Tor traffic from censors.
Keyringer lets you manage and share secrets using OpenPGP and Git from the command line.
Upgrades and changes
- The Mac and Linux manual installation processes no longer require the
isohybridcommand. Removing the
isohybridcommand simplifies the installation.
- The tap-to-click and two-finger scrolling trackpad settings are now enabled by default. This should be more intuitive for Mac users.
- The Ibus Vietnamese input method is now supported.
- Improved support for OpenPGP smartcards through the installation of GnuPG 2.
There are numerous other changes that may not be apparent in the daily operation of a typical user. Technical details of all the changes are listed in the Changelog.
See the current list of known issues.
Download or upgrade
Go to the download page.
What's coming up?
The next Tails release is scheduled for April 7.
Have a look to our roadmap to see where we are heading to.
Do you want to help? There are many ways you can contribute to Tails. If you want to help, come talk to us!
Support and feedback
For support and feedback, visit the Support section on the Tails website.
Tor 0.2.6.3-alpha is the third (and hopefully final) alpha release in the 0.2.6.x series. It introduces support for more kinds of sockets, makes it harder to accidentally run an exit, improves our multithreading backend, incorporates several fixes for the AutomapHostsOnResolve option, and fixes numerous other bugs besides.
If no major regressions or security holes are found in this version, the next version will be a release candidate.
You can download the source from the usual place on the website. Packages should be up in a few days.
NOTE: This is an alpha release. Please expect bugs.Changes in version 0.2.6.3-alpha - 2015-02-19
- Deprecated versions:
- Tor relays older than 0.2.4.18-rc are no longer allowed to advertise themselves on the network. Closes ticket 13555.
- Major features (security, unix domain sockets):
- Allow SocksPort to be an AF_UNIX Unix Domain Socket. Now high risk applications can reach Tor without having to create AF_INET or AF_INET6 sockets, meaning they can completely disable their ability to make non-Tor network connections. To create a socket of this type, use "SocksPort unix:/path/to/socket". Implements ticket 12585.
- Support mapping hidden service virtual ports to AF_UNIX sockets. The syntax is "HiddenServicePort 80 unix:/path/to/socket". Implements ticket 11485.
Welcome to the seventh issue in 2015 of Tor Weekly News, the weekly newsletter that covers what’s happening in the Tor community.
Anonymous web services hosted in the Tor network have until now been referred to as “hidden services”. Although this name accurately describes one of their properties, it does not convey some of the other benefits that the system provides, like end-to-end encryption without a purchased SSL certificate, or self-authenticating domain names outside of the commercial DNS system. Furthermore, as Aaron Johnson points out, words like “hidden” and “dark” have an unnecessarily negative connotation.
Aaron and other members of the SponsorR team declared themselves in favor of using the word “onion” (as in “onion routing”) to characterize Tor-protected web services. “Hidden services” could be renamed “onion services”, while websites offered as onion services are “onionsites”; an onion service’s URL is its “onion address”, while the dreaded “Dark Web” becomes simply “onionspace”.
A full list of new and more precise terminology is in Aaron’s message and on the Tor wiki; please feel free to contribute to the discussion on the tor-dev mailing list with your thoughts.
Nathan Freitas of the Guardian Project announced the release of version 15-alpha-3 of Orbot. This release includes more work on VPN support, and builds on last week’s early release of the PLUTO library to offer support for meek, although it is not currently possible to use both at the same time. See Nathan’s announcement for usage instructions and download links.
Yawning Angel asked for comments on an implementation of a proposal to let Tor create “ephemeral” onion services, using key material that is supplied at runtime rather than stored on the disk. See Yawning’s post for a detailed explanation of the concept and a link to the new code; however, trying to run this untested and unreviewed new branch “WILL BROADCAST YOUR SECRETS TO THE NSA’S ORBITAL SPACE STATION”, so don’t do that.
Yawning also announced version 0.0.4 of obfs4proxy, which “is more useful for the Tor Browser people than anyone else, since it means that the next build can remove the old go.crypto cruft from the build process, and the ScrambleSuit client provider can be switched over to obfs4proxy like obfs2 and obfs3 have been”.
SiNA Rabbani announced that Faravahar, the directory authority which he operates, will be moving to a new IP address on Friday.
Thanks to cuanto for running a mirror of the Tor Project website and software!
Thomas White published a guide to configuring an Nginx webserver as a hidden service: “It isn’t intended to be a hardening guide or an ultra secure way of hosting, but it is for people who want to casually publish some static HTML files or with a little extra configuration to host some applications”.
Collin Anderson and the University of Toronto’s Citizen Lab made a joint submission to the United Nations Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, examining the importance of digital security software such as Tor in upholding free expression and the right to privacy.
carlo von lynX wondered about the truth of the statement that “it would take latencies in the order of hours to fully make communications impossible to shape and correlate”. Roger Dingledine clarified : “It’s actually worse than that — we have no idea. I’d love to have a graph where the x axis is how much additional overhead (latency, bandwidth, whatever) we’re willing to add, and the y axis is how much additional security (anonymity, privacy, whatever) we can get. Currently we have zero data points for this graph.”
This issue of Tor Weekly News has been assembled by Harmony and Roger Dingledine.
Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing list if you want to get involved!
The 2015 Tor UX Sprint
Many open-source privacy tools struggle with questions of usability: so much effort goes into ensuring they are secure that few resources are left over to work on the user experience. But as Linda Lee and David Fifield write, “usability is critical to security”: user interface issues “can degrade user experience, cause confusion, or even cause people to accidentally deanonymize themselves”.
To explore, and hopefully solve, some of these problems, a group of Tor developers, designers, users, and researchers met at UC Berkeley at the start of the month. As part of the weekend, users were asked to walk through the process of installing and running Tor Browser, noting aloud their assumptions and reactions as they went.
Issues and “stopping points” (where users find the process too difficult to continue) discovered during these sessions were noted, and have been assigned tickets on Tor’s bug tracker. For more details of the event and its outcomes, please see Linda and David’s post; “if you are interested in helping to improve the usability of Tor Browser, get in touch by email or IRC”.
Tor and the Library Freedom Project
As Tor Weekly News reported last September, Massachusetts librarian and activist Alison Macrina has been leading a campaign to educate colleagues and library patrons on the state of digital surveillance and the use of privacy-preserving software such as Tor and Tails. As Alison and April Glaser wrote at the time, “libraries provide access to information and protect patrons’ right to explore new ideas, no matter how controversial or subversive”.
These initial workshops formed the basis for the Library Freedom Project, which has just received a grant from the Knight Foundation to expand its activities beyond the New England region. In a guest post on the Tor blog, Alison introduced the project, the motivations behind it, and its plans for the next few years, as well as suggesting some possible areas for collaboration with the Tor community in the future: “One specific way that librarians can help the Tor Project is with usability issues – we have lots of experience helping ordinary users with common usability problems […] Librarians can also run dev sprints, help update documentation, and generally advocate for tools that help safeguard privacy and anonymity.”
For more information on the Library Freedom Project, or to propose your own ideas, please see the project’s website. Thanks to Alison and colleagues for this important work!
Vidalia laid to rest
Now that Vidalia, the graphical user interface for Tor, has been completely unmaintained ”for too long to be a recommended solution”, Sebastian Hahn has removed the last links to Vidalia-related content from the Tor Project website. If you are still using a version of Tor Browser (outside of Tails) that contains Vidalia, it is almost certainly too old to be safe, so please upgrade as soon as possible.
Vidalia is still shipped in the latest version of Tails, however, so the Tails team has been working on a simple interface to replace one of the most-missed features of the defunct program, the circuit visualization window. The Tor Browser team have already implemented a similar per-site circuit diagram in the current 4.5-alpha series, so there should soon be no reason at all for users to continue controlling their Tor through Vidalia.
More monthly status reports for January 2015
The wave of regular monthly reports from Tor project members for the month of January continued, with reports from George Kadianakis, Pearl Crescent, Michael Schloh von Bennewitz, Nick Mathewson, Karsten Loesing, and Arlo Breault.
George Kadianakis linked to the technical report produced by the team working on statistics related to the amount of hidden service usage on the Tor network; Karsten Loesing added some more information regarding the fraction of network activity this represents. These are advanced calculations, so if you’re not experienced in data science but want to know more about this topic, the team will be back shortly with a more “casual-reader-friendly” analysis of the results.
“Fresh off a round of real-world intensive testing and debugging using spotty 2.5G coverage in the foothills of the Himalayas”, Nathan Freitas of the ever-intrepid Guardian Project announced the first release candidate for version 14.1 of ChatSecure, the “most private” messaging client for Android and iOS, featuring numerous improvements to usability, stability, and network handling. Please see Nathan’s announcement for the full changelog.
Nathan also shared a “very early” incarnation of PLUTO, “a simplified means for developers to include traffic obfuscation capabilities into their applications” with initial support for obfs4 and meek. “We think many apps could utilize this approach to defeat DPI filtering, and that this would be useful to offer decoupled from the way Tor integrates it”.
David Fifield posted a tutorial for configuring the meek pluggable transport to work with hard-to-block HTTPS websites interested in helping censored Tor users, rather than the large content delivery networks it currently uses, along with the regular summary of the costs incurred by meek’s infrastructure last month: “meek has so far been a smashing success. It’s the #2 pluggable transport behind obfs3 and it moved over 5 TB of traffic last month. But the costs are starting to get serious.” If you have ideas for supporting this vitally important anti-censorship tool, please see David’s message for more details.
Also in meek news, Across The Great FireWall published a Chinese-language introduction to the concepts underpinning this pluggable transport. Other resources (in Chinese and other languages) are listed on the wiki.
Nick Mathewson took to the Tor blog to explain exactly what Tor design proposals are for and how they are written, and offered status updates (and review recommendations) for some new and still-open proposals.
Arturo Filastò asked for help in coming up with a roadmap for the future of the Open Observatory of Network Interference, asking for opinions on a range of possible development, deployment, and research projects. Feel free to let the ooni-dev list know which of the ideas catches your attention.
After soliciting feedback on including newer pluggable transports in Tails, the Tails team decided to focus on obfs4 and then (“tentatively”) meek for upcoming versions of the anonymous live operating system.
Tom “TvdW” van der Woerdt wrote a detailed report on his experience implementing a Tor client from scratch in the Go programming language, following Tor’s specification document. One instance of “GoTor” briefly broke the Tor relay speed record with 250 megabytes/second, but Tom ultimately decided that Go isn’t the right language for such a thing, as its library support doesn’t make it easy enough to do. Thanks to Tom for running the experiment, and catching some specification errors in the process!
Even though Tor Browser is not vulnerable to the recent WebRTC IP attack proof-of-concept proof-of-concept, Mike Perry nevertheless invited “interested parties to try harder to bypass Tor in a stock Firefox using WebRTC and associated protocols (RTSP, SCTP) with media.peerconnection.enabled set to false”, before a plan to enable WebRTC-based QRCode bridge address resolution and sharing in Tor Launcher is implemented.
Shadow, the tool by Rob Jansen that allows full Tor network simulation, now has a new website. As Rob wrote: “The new website still uses the Jekyll engine, and is a stripped down customized version of the open source SOLID theme. Please send me feedback if you have it.”
Jillian York of the EFF discussed the problems of over-reliance on US government funding — and the dearth of other funding streams — for anti-surveillance tools, including Tor.
Seven of the eleven activists arrested last year in Spain for, amongst other things, having had email accounts with the technical collective Riseup — longtime Tor allies and operators of one of the directory authorities — have been released from prison. As Riseup wrote following the arrests, “security is not a crime”: “Giving up your basic right to privacy for fear of being flagged as a terrorist is unacceptable.”
Easy development tasks to get involved with
Two problems confronting Mac users who want to download Tor Browser are the “disk image” format and Apple’s Gatekeeper security system. If these users try to run Tor Browser directly from the disk image window that opens after downloading, they will receive an error telling them “Firefox is already running”, and if they correctly move the program to the Applications folder, Gatekeeper will prevent them from running it directly anyway.
If you have access to a machine running the latest version of Mac OS X, and want to spend ten minutes making life easier for Tor users, the Tor Browser download page would benefit from screenshots showing users how to drag the program to the Applications folder, and how to disable Gatekeeper by control-clicking on the Tor Browser icon when running for the first time. Please see the relevant bug ticket for a nice set of example screenshots; your contribution will be gratefully received!
This issue of Tor Weekly News has been assembled by Harmony, Roger Dingledine, Kate Krauss, and David Fifield.
Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing list if you want to get involved!
Usability is critical to security. Additionally, there has been research on "stopping points," common points where people would get frustrated with Tor enough that they would stop the installation process or stop using Tor. Usability issues also can degrade user experience, cause confusion, or even cause people to accidentally deanonymize themselves.
To address usability issues broadly, we brought together Tor developers, designers, users, and researchers to discuss usability problems and how to fix them. Last weekend, there was a user experience (UX) sprint dedicated to improving the usability of Tor Browser.
A major part of the sprint was user testing the current Tor Browser (4.0.3). We asked users—some with prior Tor experience, some without—to perform some common tasks:
- Search for, download, and install Tor Browser
- Do a web search
- Watch a video
- Use "New Identity"
- Interact with and describe the current browser toolbar buttons
The users performed this task in a "cognitive walkthrough" fashion, talking aloud while completing each of the tasks, explaining their understanding of the task and motivation for completing it in that specific way. With permission, we recorded the contents of the computer screen so developers could watch in another room. We hope to present the screen videos and other outcomes of the sprint at the upcoming winter dev meeting.
Because of the limited size of the study (there were five participants), it's not possible to state with confidence what fraction of users will encounter major usability obstacles. However, it was effective at discovering and demonstrating issues that are likely to cause problems for many users. We will use our observations to guide future experiments. A few aspects stood out as deserving of further attention:
While searching for Tor Browser, users encountered various sources for the browser other than our target "Easy Download" page, and also found some odd sources for documentation. Users who found a download page other than the "easy" version expressed varying degrees of confusion, depending on their landing page. Ticket #14685 is about finding a way to consolidate or drive users to our preferred download page.
Even though everyone was able to get past the dialog, it was a big obstacle to installation. (If it happens to you, the trick is to Ctrl-click on the Tor Browser icon and select "Open".) To solve this problem is not easy, but we can perhaps make it better by providing better documentation. Ticket #6540 tracks this issue.
If you try to run Tor Browser from a read-only filesystem, you get a misleading error message:
This is a known issue, tracked in ticket #4782, that affected some users. It happens on OS X if you run the Tor Browser app directly from the disk image (.dmg) instead of first copying it to the Applications folder.
Tickets created as a result of the sprint have the #uxsprint2015 tag. In addition, the new #tbb-usability-stoppoint tag marks stopping points, to help track usability issues like the above, which result in users being unable or unwilling to continue using the browser.
We hope that usability experiments and improvements will be ongoing. In the future, we'd like to test other aspects of Tor Browser, such as downloading files, updating, and managing Tor and non-Tor browsers, as well as expanding the tests to larger and diverse user groups. If you are interested in helping improve the usability of Tor Browser, get in touch by email or IRC. We need help from a lot of different kinds of people: designers, translators, programmers, and usability experts to name a few.
We thank the Tor Project for supporting the sprint, the participants, those who helped us recruit on short notice, and those who helped us plan and set goals and everyone who attended as a developer or observer: Arlo, Arthur, Ashkan, David, Griffin, Isis, Krishna, Linda, Mike, and Nima. We also thank the Tor help desk, whose #tbb-helpdesk-frequent tag helped us prioritize tickets. Special thanks go to Nima for suggesting the idea of a UX meeting in the first place.
Linda Lee and David Fifield
Hi, Tor community! My name is Alison, and I'm the founder of the Library Freedom Project, an initiative that aims to make real the promise of intellectual freedom in libraries. It's a partnership among librarians, technologists, attorneys, and privacy advocates to teach librarians about surveillance threats, privacy rights, and privacy-protecting technology tools. So far, we've been all over Massachusetts and parts of New England, and we have been awarded a generous grant from the Knight Foundation to bring privacy training to libraries across the United States.
We teach librarians three things. Kade Crockford of the ACLU of Massachusetts teaches the current state of digital surveillance. Jessie Rossman, an attorney and surveillance law expert also from the ACLU of Massachusetts, offers a privacy-focused “know your rights” training. I teach technology tools – like Tor and Tails .
Libraries have historically been staunch defenders of privacy, taking public stands against surveillance initiatives like the USA PATRIOT Act. Libraries offer public internet terminals, and librarians like me teach free computer classes to the public. Our patrons come from all walks of life, but we tend to serve communities particularly vulnerable to surveillance (including immigrants, Muslim Americans, people of color, people who are homeless, and those who have been incarcerated) in higher numbers than in the general population. For all of these reasons, libraries are an obvious place to promote and protect online privacy and anonymity and fight against digital censorship and surveillance – that's why I started the Library Freedom Project.
While we focus on US libraries, we are eager to speak to our colleagues in other countries, since privacy is a right for everyone in every country (and privacy is threatened everywhere).
In the tech part of my trainings, I teach tools like the Tor Browser, Tails, HTTPS Everywhere, and DuckDuckGo. I show librarians how to install these on public PCs, and provide curricula for librarians who want to teach privacy-focused computer classes. I help library staff configure Tor relays and set their library websites to run on HTTPS by default. They are thrilled to learn about these tools – as I said, librarians as a profession have always valued privacy, but the development of mass surveillance technologies has outpaced their technical ability. They want to protect their patrons, but they don't know where to start. Thanks to the tools developed by folks in the Tor community, I've been able to teach librarians the skills they need to take anti-surveillance tools to the public. Librarians whom I've trained have started teaching their own classes to library patrons, and the public response has been overwhelmingly positive and moving – these classes make a real difference in the lives of everyday people who are desperate to learn practical ways to take back their digital privacy. The work of the Tor community makes it possible for me and other librarians to help them do this.
So please allow me to express my heartfelt thanks for all that you do. Without tools developed by the Tor community, my work would not be possible. On a personal level, I'm awed by how welcoming and helpful this community has been to me. Tor community folks have offered me feedback, encouragement, and assistance at every turn. Tor Project core member Nima Fatemi even helped build my website (thanks again Nima, I owe you big time!). Now that I run the Library Freedom Project full time, I look forward to working even more closely with folks from the Tor community, and I'd love to give back to your community the way you've given to mine. One specific way that librarians can help the Tor Project is with usability issues – we have lots of experience helping ordinary users with common usability problems. I'd like to introduce developers to librarians who've installed anonymity tools and other free software in their libraries. Librarians can also run dev sprints, help update documentation, and generally advocate for tools that help safeguard privacy and anonymity.
With Knight funding, our goal is to conduct 100 librarian trainings in two years, and build a website of resources for librarians who want to teach their communities how to protect themselves against online surveillance. I'll be traveling all over the US to do this, so please get in touch with me to see if I'm coming to your city! I'd love to bring Tor community members with me to my trainings and help develop a partnership between our two communities.
For more information about the Library Freedom Project, to get involved in the fight for digital civil liberties in libraries, or to offer your own ideas for how this project can move forward, visit our website or contact me.
(This post is likely to be interesting for folks who want to know how the Tor software is made.)
At the core of the Tor software lies the network protocol that Tor relays and clients use to talk to each other. We try to make sure we have a good set of specification documents for the protocol at all times, so that other people can write compatible software that interoperates with Tor.
Once upon a time, we used to change these specification documents whenever we changed the software's behavior. That didn't go well. We would have changes in the spec that we had forgotten to make in the software, and tons of inline comments where we argued about whether a particular paragraph was a good idea.
So back in 2007, we introduced a lightweight change-proposal process: to make a change to the Tor protocol, you write up a little design document, and send it to the tor-dev mailing list. Once it meets editorial quality, it can go into the proposals repository. Once it's implemented, it can be merged into the spec.
There are a lot of proposals to look at, though. The current set of open proposals has almost 100,000 words in it! (That's almost half again as long as the Tor specs themselves.)
To help people navigate through this pile of design proposals, I started to write a regular "proposal status" email to explain what all of the open proposals are about. Last year, however, I fell out of the habit. Tonight, I've tried to fall back in: here's the latest proposal status writeup.
Below the cut, my summaries of the still-open proposals that have been added in the past couple of year -- and thanks to all the busy designers who have been working to think of ways to improve Tor! read more »
Welcome to the fifth issue in 2015 of Tor Weekly News, the weekly newsletter that covers what’s happening in the Tor community.
Mozilla’s Tor relays go live
Late last year, Mozilla announced its partnership with the Tor Project in the Polaris Privacy Initiative, a program aimed at “giving users more control, awareness and protection in their Web experiences”. One of the two Tor-related “experiments” Mozilla planned to carry out was the operation of several high-capacity middle relays, and last week Mozilla’s Network Engineering team announced that the new nodes had been running for several weeks, in a blog post that explores the technical decisions and challenges they faced in setting them up.
The team discussed the hardware and infrastructure chosen for the relays, configuration management using Ansible (publishing their playbook at the same time), and security practices, as well as announcing their intention to continue posting about their experiences and findings during the experiment.
Thanks to Mozilla for this contribution to the Tor network!
Monthly status reports for January 2015
The wave of regular monthly reports from Tor project members for the month of January has begun. Juha Nurmi released his report first, followed by reports from Philipp Winter, Damian Johnson, Sherief Alaa, Georg Koppen, and David Goulet.
meejah announced version 0.12.0 of txtorcon, the Tor controller client in Twisted; please see the announcement for a full list of improvements.
Nick Mathewson submitted a draft of proposal 241, which aims to protect users against adversaries who are able to attack their connectivity to the Tor network and force them to use malicious guard nodes. Roger Dingledine offered some further thoughts.
Nick also set out the schedule for the Tor 0.2.6 feature freeze.
After reports from users that Tor Browser’s default obfs4 bridges are no longer usable in China, David Fifield estimated the time it takes for the “Great Firewall” to react to new circumvention systems as lying “between 2 and 10 weeks”, and asked for additional data to narrow the range further.
Isis Lovecruft “would be super stoked if we could make it as easy and seamless as possible for the bridge operators who are still running obfs2 (!!) to move to supporting better, newer pluggable transports”, such as obfs4, and wondered how to make it possible for operators running Debian stable to get the necessary dependencies onto their system without extensive backporting: “If someone has done this, or has another simple solution, would you mind writing up some short how-to on the steps you took, please?”
The Tails team continued to discuss the advantages and disadvantages of removing AdBlock Plus from Tails’ version of Tor Browser.
Sadia Afroz compiled a timeline of Tor blocking events, and shared it with the ooni-dev mailing list, along with a request for missing data points; Collin Anderson responded with some additional information.
Patrick Schleizer announced that the Whonix team is looking for “a sponsor who is willing to donate a suitable sized virtual or root server”, and gave a list of planned requirements. If you can meet this need, please see Patrick’s message for next steps.
Konstantin Müller shared a report written as part of a Master’s degree, offering an introduction to “the past, present, and future” of Tor hidden services.
News from Tor StackExchange
Windy wanted to know how often a client fetches consensus data from a directory server. Jens Kubieziel provided some information by walking through the source code, and concluded: “every minute it is checked if the consensus document is too old. If it is older than the current time a new one will be fetched.”
This issue of Tor Weekly News has been assembled by qbi and Harmony.
Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page , write down your name and subscribe to the team mailing list if you want to get involved!