June 2009 Progress Report

New releases

On June 20th we released Tor 0.2.1.16-rc.
On June 21st, we released Tor Browser Bundle 1.2.1.
On June 23rd, we released Tor Browser Bundle 1.2.2.
On June 24th, we released Tor 0.2.0.35-stable. We expect that this release is the last of the 0.2.0.x -stable series, soon to be replaced with the 0.2.1.x series.
On June 30th, we released Vidalia 0.1.14.

Censorship circumvention

Packaged rpms for Red Flag Linux version 6. Red Flag Linux is reported to be the new operating system for all Internet cafe's in China. So far, no one has seen this conversion actually happen, but now we're ready if it does.

Our email autoresponder, gettor , received a number of patches to deal with dkim issues, including finding a dkim bug that prevented yahoo email users from fetching Tor. This bug has been fixed. Additionally, we've whitelisted some domains where we
see we're having lots of use but dkim isn't always configured properly. We've had thousands of users from China using gettor.

Outreach/Advocacy

Andrew, Roger, and Wendy attended Computers, Freedom, and Privacy 2009 Conference (http://www.cfp2009.org). Andrew presented a “quicktake” talk on “Who uses Tor?”. Andrew and Roger, along with Paul Syverson, and a North African blogger, hosted a panel on “It Takes A Village To Be Anonymous”. Due to the sensitive situation surrounding the blogger, this panel was not recorded.

Andrew talked with the Committee to Protect Journalists (http://cpj.org) about online security and circumvention tools.

Jillian C. York blogged at KnightPulse about “Average citizens browse anonymously
”, http://www.knightpulse.org/blog/09/06/04/average-citizens-browse-anonym…

Due to Iranian's usage of Tor during the recent election, the general press/media conducted a few interviews with Andrew:

  1. Computer World, http://www.computerworld.com/action/article.do?command=viewArticleBasic…
  2. Cnet News, http://news.cnet.com/8301-13578_3-10267287-38.html
  3. Deutche Welle, http://www.dw-world.de/dw/article/0,,4400882,00.html
  4. Technology Review, http://www.technologyreview.com/web/22893/
  5. Origo, in Hungary, http://www.origo.hu/techbazis/internet/20090618-a-kiberforradalmarok-fe…
  6. O'Reilly, http://radar.oreilly.com/2009/06/tor-and-the-legality-of-runnin.html
  7. Washington Times, http://www.washingtontimes.com/news/2009/jun/26/protesters-use-navy-tec…
  8. Arte TV video interview, the 30-minute video interview can't be put online, but will be shown to their viewers in late June/early July 2009. http://www.arte.tv
  9. EFF, http://www.eff.org/deeplinks/2009/06/help-protesters-iran-run-tor-relay…
  10. A Houston Radio station did an on-air interview, but didn't put the interview online.
  11. A Romanian newspaper did an interview, but didn't put the story online.
  12. Public Rado International did a more in-depth interview. They expect it to be on PBS Radio and BBC Radio 4 in early July 2009.

A number of blogs and other media picked up these original interviews and spread the word even further:

  1. Wall Street Journal, http://blogs.wsj.com/digits/2009/06/18/iranians-using-tor-to-anonymize-…
  2. CBS News, http://www.cbsnews.com/blogs/2009/06/17/politics/politicalhotsheet/entr…
  3. http://curtisschweitzer.net/blog/?p=2995
  4. http://voices.allthingsd.com/20090618/iranians-using-tor-to-anonymize-w…
  5. http://www.dailyfinance.com/2009/06/24/nokia-and-siemens-in-iran-contro…
  6. http://www.muslimnews.co.uk/news/news.php?article=16360

Preconfigured privacy (circumvention) bundles for USB or LiveCD.

Tor Browser Bundle 1.2.1 and 1.2.2 released in June. Planning a migration of the base operating system for the Incognito LiveCD to switch from Gentoo to an Ubuntu variant. We can always use help in maintaining Incognito.

Scalability, load balancing, directory overhead, efficiency.

June was spent documenting, stabilizing, and streamlining the bandwidth authority scanner, which has been runningfor a while on the Directory Authority named ides.

It is good enough to start running on multiple authorities now to produce actual results for clients to use.

More reliable (e.g. split) download mechanism.

Our email autoresponder, gettor , received a number of patches to deal with dkim issues, including finding a dkim bug that prevented yahoo email users from fetching Tor. This bug
has been fixed. Additionally, we've whitelisted some domains where we see we're having lots of use but dkim isn't always configured properly. We've had thousands of users from China using gettor.

The Tor Check website (check.torproject.org) had a few bugs and we've fixed all but two. We sometimes still have false negatives (because the Tor client doesn't know to fetch the consensus at any specific time) and we also still sometimes barf python exceptions because mod_python has some weird exception from time to time. We also accepted a patch from Marcus Greip that extends the TorBulkExitList to allow arbitrary ports rather than just port 80.

Footprints from Tor Browser Bundle.

Reduced the scanning for plugins Portable Firefox can do on launch of the application. There is still an issue where Firefox displays other plugins to users, but they aren't actually valid plugins and won't run on command. Firefox acquires the names through queries to the Windows Registry.

Translations

16 Polish website updates
8 Italian website updates
3 German website updates

Anonymous

July 12, 2009

Permalink

Less Progress, }-(.

Having trouble getting tor to run.
Would be nice for a little more laymans if possible instructions.
Could the problem be with my current Anti Virus programs and how to deal with that?

Norton and Spyware Doctor.

Herb

Anonymous

July 12, 2009

Permalink

When I say layman I mean somewhere there was a note about, Opening a port.

Come on guys and gals some of us would like to set up a relay know a little about the tech stuff but not a lot? Thus the how to do for the layman?

Herb

Anonymous

July 21, 2009

Permalink

First I would like to thank everyone who made these programs available to someone like me who doesn't have the necessary skills to do this on my own. I first came across the Tor Project when I was looking into the stories of North Korea and the recent DNS attacks. I wanted to know more about how true this was. From what I have read a high school student can do this on his home PC and it could look like it was an attack by a hostile government. Anyway, I was also concerned about the new NSA mega billion dollar listening operation the US is building. Not that I have any state secrets to hide, mostly I just want to keep my bank account and credit card info secure when I go online. So now I have Tor, Incognito and Back Track 3. I used Back Track 3 to monitor myself to see how much info I was leaking to who knows? While I am quite satisfied with using Incognito on my laptop for anything that has to be absolutely secure I did have some questions about being "attacked". I wanted to know if there was a way for me to monitor surveillance of my PC. Is there something that would give an alert that an attempt was being made to scan my transmissions or PC? How would I know if someone was using a program like Back Track to capture my information? For example If I was in China, Iran, or Honduras and I was sending info that was being censored how would I know if the military or police was going to be knocking down my door? Hope this makes sense. Any references where I could do some research on this would be appreciated.

Again thanks for TOR and Incognito

rmac