Today the EFF and the Tor Project are launching a public beta of a new Firefox extension called HTTPS Everywhere.
This Firefox extension was inspired by the launch of Google's encrypted search option. We wanted a way to ensure that every search our browsers sent was encrypted, including the search box and URL bar features. At the same time, we were also able to encrypt most or all of the browser's communications with other popular sites that support SSL, but don't provide it by default.
Recently, a few articles have been published regarding Tor, Wikileaks, and snooping data coming out of the Tor network. I write to remind our users, and people in search of privacy enhancing technology, that good software is just one part of the solution. Education is just as important. This is why there is a warning on the Tor download page about what Tor does and does not do. We also have a FAQ entry about this topic. Any plaintext communication over the Internet is open to intercept. This is true if the transport mechanism is email, http, tor, or carrier pigeons. Tor does not magically encrypt the Internet from end to end. Tor does wrap your traffic in encrypted layers as it transports it through the Tor network. read more »
As announced here, http://archives.seul.org/or/talk/Feb-2010/msg00033.html, we now produce rpms and debs of Tor and Vidalia for easier installation.
When using ubuntu, opensuse, fedora, centos/redhat, or debian, you can simply add our repositories to your package management application (yum, apt, apttitude, zypper, etc) and always have the latest -stable or -alpha tor and vidalia.
This is a direct result of hiring Erinn in December.
The EFF has recently released a browser fingerprinting test suite that they call Panopticlick. The idea is that in normal operation, your browser leaks a lot of information about its configuration which can be used to uniquely fingerprint you independent of your cookies.
Because of how EFF's testing tool functions, it has created some confusion and concern among Tor users, so I wanted to make a few comments to try to clear things up. read more »
You should upgrade to Tor 0.2.1.22 or 0.2.2.7-alpha:
In early January we discovered that two of the seven servers that run directory
authorities were compromised (moria1 and gabelmoo), along with
metrics.torproject.org, a new server we'd recently set up to serve
metrics data and graphs. The three servers have since been reinstalled
with service migrated to other servers.
We made fresh identity keys for the two directory authorities, which is
why you need to upgrade.
Moria also hosted our git repository and svn repository. We took the
services offline as soon as we learned of the breach. It appears the
attackers didn't realize what they broke into -- just that they had
found some servers with lots of bandwidth. The attackers set up some ssh
keys and proceeded to use the three servers for launching other attacks.
We've done some preliminary comparisons, and it looks like git and svn
were not touched in any way. read more »
Roger recently gave a talk at 26C3 about our experiences with various censorship technologies.
In the aftermath of the Iranian elections in June, and then the late September blockings in China, we've learned a lot about how circumvention tools work in reality for activists in tough situations. I'll give an overview of the Tor architecture, and summarize the variety of people who use it and what security it provides. Then we'll focus on the use of tools like Tor in countries like Iran and China: why anonymity is important for circumvention, why transparency in design and operation is critical for trust, the role of popular media in helping – and harming – the effectiveness of the tools, and tradeoffs between usability and security. After describing Tor's strategy for secure circumvention (what we thought would work), I'll talk about how the arms race actually seems to be going in practice.
The slides of the presentation can be found at the bottom of this post.
We've mirrored the full 700MB video of the presentation at http://media.torproject.org/video/26c3-3554-de-tor_and_censorship_lesson...
Thanks to Rob at Freedom House for putting together some videos about how to get, install, and use Tor, Tor Browser Bundle, and Bridges.
- Installing and Using Tor, http://tinyvid.tv/show/3lejztnthk2tm
- Installing and Using the Tor Browser Bundle, http://tinyvid.tv/show/b0e2hzylie8r
- Installing and Using Bridges with Tor, http://tinyvid.tv/show/3uiwckrlqynqv
Freedom House has put together other videos on various tools to use to stay secure online at, http://www.youtube.com/freedom4internet.
Check them out and leave constructive feedback. I'm sure Rob will appreciate help with translating these videos as well.
Tor 0.2.1.17-rc marks the fourth -- and hopefully last -- release
candidate for the 0.2.1.x series. It lays the groundwork for further
client performance improvements, and also fixes a big bug with directory
authorities that were causing them to assign Guard and Stable flags
The Windows bundles also finally include the geoip database that we
thought we'd been shipping since 0.2.0.x (oops), and the OS X bundles
should actually install Torbutton rather than giving you a cryptic
failure message (oops).
This is a release candidate! That means that we don't know of any
remaining show-stopping bugs, and 0.2.1.18 will be the new stable if
there are no problems. Please test it, and tell us about any problems
that you find.
Changes in version 0.2.1.17-rc - 2009-07-02
Major features: read more »
- Clients now use the bandwidth values in the consensus, rather than
I've been fielding some calls from the press about Tor and Iran. Someone quoted me as saying "double the clients from Iran over the past few days". We wondered, what are the real numbers? What does our network see from Iran? Is port 443 or https:// really blocked? Here's what we've discovered in the past day of working with the new metrics we've developed to be safe to collect without compromising anyone's anonymity. read more »
Tor 0.2.0.30 is released. A better formatted version of this report can be found at gmane.org
Tor 0.2.0.30 switches to a more efficient directory distribution design,
adds features to make connections to the Tor network harder to block,
allows Tor to act as a DNS proxy, adds separate rate limiting for relayed
traffic to make it easier for clients to become relays, fixes a variety
of potential anonymity problems, and includes the usual huge pile of
other features and bug fixes.
Changes in version 0.2.0.30 - 2008-07-15
o New v3 directory design:
- Tor now uses a new way to learn about and distribute information
about the network: the directory authorities vote on a common
network status document rather than each publishing their own
opinion. Now clients and caches download only one networkstatus read more »