Tor 0.2.2.14-alpha released

Tor 0.2.2.14-alpha greatly improves client-side handling of circuit build
timeouts, which are used to estimate speed and improve performance. We
also move to a much better GeoIP database, port Tor to Windows CE,
introduce new compile flags that improve code security, add an eighth
v3 directory authority, and address a lot of more minor issues.

https://www.torproject.org/download

Packages will be appearing over the next few days or weeks. (We've decided
to start announcing alpha versions when they're released, rather than
waiting for all the packages first.)

Changes in version 0.2.2.14-alpha - 2010-07-12
o Major bugfixes:
- Tor directory authorities no longer crash when started with a
cached-microdesc-consensus file in their data directory. Bugfix
on 0.2.2.6-alpha; fixes bug 1532.
- Treat an unset $HOME like an empty $HOME rather than triggering an
assert. Bugfix on 0.0.8pre1; fixes bug 1522.
- Ignore negative and large circuit build timeout values that can
happen during a suspend or hibernate. These values caused various
asserts to fire. Bugfix on 0.2.2.2-alpha; fixes bug 1245.
- Alter calculation of Pareto distribution parameter 'Xm' for
Circuit Build Timeout learning to use the weighted average of the
top N=3 modes (because we have three entry guards). Considering
multiple modes should improve the timeout calculation in some cases,
and prevent extremely high timeout values. Bugfix on 0.2.2.2-alpha;
fixes bug 1335.
- Alter calculation of Pareto distribution parameter 'Alpha' to use a
right censored distribution model. This approach improves over the
synthetic timeout generation approach that was producing insanely
high timeout values. Now we calculate build timeouts using truncated
times. Bugfix on 0.2.2.2-alpha; fixes bugs 1245 and 1335.
- Do not close circuits that are under construction when they reach
the circuit build timeout. Instead, leave them building (but do not
use them) for up until the time corresponding to the 95th percentile
on the Pareto CDF or 60 seconds, whichever is greater. This is done
to provide better data for the new Pareto model. This percentile
can be controlled by the consensus.

o Major features:
- Move to the June 2010 Maxmind GeoLite country db (rather than the
June 2009 ip-to-country GeoIP db) for our statistics that count
how many users relays are seeing from each country. Now we have
more accurate data for many African countries.
- Port Tor to build and run correctly on Windows CE systems, using
the wcecompat library. Contributed by Valerio Lupi.
- New "--enable-gcc-hardening" ./configure flag (off by default)
to turn on gcc compile time hardening options. It ensures
that signed ints have defined behavior (-fwrapv), enables
-D_FORTIFY_SOURCE=2 (requiring -O2), adds stack smashing protection
with canaries (-fstack-protector-all), turns on ASLR protection if
supported by the kernel (-fPIE, -pie), and adds additional security
related warnings. Verified to work on Mac OS X and Debian Lenny.
- New "--enable-linker-hardening" ./configure flag (off by default)
to turn on ELF specific hardening features (relro, now). This does
not work with Mac OS X or any other non-ELF binary format.

o New directory authorities:
- Set up maatuska (run by Linus Nordberg) as the eighth v3 directory
authority.

o Minor features:
- New config option "WarnUnsafeSocks 0" disables the warning that
occurs whenever Tor receives only an IP address instead of a
hostname. Setups that do DNS locally over Tor are fine, and we
shouldn't spam the logs in that case.
- Convert the HACKING file to asciidoc, and add a few new sections
to it, explaining how we use Git, how we make changelogs, and
what should go in a patch.
- Add a TIMEOUT_RATE keyword to the BUILDTIMEOUT_SET control port
event, to give information on the current rate of circuit timeouts
over our stored history.
- Add ability to disable circuit build time learning via consensus
parameter and via a LearnCircuitBuildTimeout config option. Also
automatically disable circuit build time calculation if we are
either a AuthoritativeDirectory, or if we fail to write our state
file. Fixes bug 1296.
- More gracefully handle corrupt state files, removing asserts
in favor of saving a backup and resetting state.
- Rename the "log.h" header to "torlog.h" so as to conflict with fewer
system headers.

o Minor bugfixes:
- Build correctly on OSX with zlib 1.2.4 and higher with all warnings
enabled.
- When a2x fails, mention that the user could disable manpages instead
of trying to fix their asciidoc installation.
- Where available, use Libevent 2.0's periodic timers so that our
once-per-second cleanup code gets called even more closely to
once per second than it would otherwise. Fixes bug 943.
- If you run a bridge that listens on multiple IP addresses, and
some user configures a bridge address that uses a different IP
address than your bridge writes in its router descriptor, and the
user doesn't specify an identity key, their Tor would discard the
descriptor because "it isn't one of our configured bridges", and
fail to bootstrap. Now believe the descriptor and bootstrap anyway.
Bugfix on 0.2.0.3-alpha.
- If OpenSSL fails to make a duplicate of a private or public key, log
an error message and try to exit cleanly. May help with debugging
if bug 1209 ever remanifests.
- Save a couple bytes in memory allocation every time we escape
certain characters in a string. Patch from Florian Zumbiehl.
- Make it explicit that we don't cannibalize one-hop circuits. This
happens in the wild, but doesn't turn out to be a problem because
we fortunately don't use those circuits. Many thanks to outofwords
for the initial analysis and to swissknife who confirmed that
two-hop circuits are actually created.
- Make directory mirrors report non-zero dirreq-v[23]-shares again.
Fixes bug 1564; bugfix on 0.2.2.9-alpha.
- Eliminate a case where a circuit build time warning was displayed
after network connectivity resumed. Bugfix on 0.2.2.2-alpha.

Anonymous

July 19, 2010

Permalink

Will it become easier to install on ubuntu linux?

Install on Windows: 1 step
Install on Linux: 10+ steps, manually edit text files, run commands at the shell, and no install instructions for making it work with Vidalia.

Why is it so much harder to setup and use on Linux, when it's literally one step on Windows?

Linux assumes people know how their OS works. You can download the individual deb files and simply install them without all of the other steps.

You don't have to manually edit anything to use deb.torproject.org repositories. Windows doesn't have a concept of repositories of software, therefore everything has to be self-contained.

Do you have examples of non-Ubuntu projects that have 1 step installs with a repository?

Hi!!!!!!!!!!!!!!!

You may want to watch my videoclip about using FactorBee in Linux!!!!!!!!!!!

http://honeybeenet.altervista.org/factorbee/?id=112100

If you only need a Tor client to surf the Net, it's easy to use Tor in Linux, with my browser bundle, factorbee!!!!!!!!! Also the TorProject has made a Tor Browser Bundle for Linux!!!!!!! You may want to look at both, and decide which one is the best for you!!!!!!!!!

The only extra software factorbee requires, though it's not mandatory to have, is EncFS!!! (apt-get install encfs) If you install it, it'll avoid unencrypted files writings on the disk!!!! although it's not even needed if you tell factorbee to run from the RAM and disable swap files!!!!!!! (like it's showed in the video!!!!!!!!!!)

~bee!!!!!!!!!!!!

Anonymous

July 19, 2010

Permalink

I have an idea of a way to securely speed up the fetching of sites on the internet, I would advise keeping the current method for .onion sites, just because those aren't usually high powered servers that can handle a whole bunch of connections, but I want to know where should I sent the idea to? Using my method even cookies get securely to the same place to be able to use any site on the internet effectively, even while still using tor.

Anonymous

July 19, 2010

Permalink

In China, tor GFW has been completely blocked, the latest bridge can not connect.

Anonymous

July 19, 2010

Permalink

In China, tor GFW has been completely blocked, the latest bridge can not connect.

no,mr. anonymous,it took me for almost a week to connect.i donnot know when the vidalia turn yellow again when i start my computer one day......

Anonymous

July 20, 2010

Permalink

Download broken links?

I'm browsing from Sao Paulo, downloading always gets a broken link, possibly few people here are downloading...

Download page lands here -
http://www.torproject.org/download.html.pt

Download link it gives is this -
http://www.torproject.org/torbrowser/dist/tor-browser-1.3.7_pt-BR.exe

Browsing in http://www.torproject.org/torbrowser/dist/
There just seems to be no version for pt_BR in the directory.

I'm starting to do some outreach here in Brazil about Tor, to raise questions, there is intense debate on a whole new Internet legislation here. Anonymity and the privacy-rights vs investigation-ability question, of course, is a big deal.

Anonymous

July 20, 2010

Permalink

We modified the code of previous versions to introduce management of circuit build times and this was the key advantage of Tor - Black Belt Edition.

We have looked at the code again and made the current management of timeouts more aggressive to get a little bit more performance out of it.

You can pick up a copy, with changes to source code included (for scrutiny) here:
http://www.kickasstorrents.com/tor-black-belt-edition-2010-08-aug-2010-…

Be patient, we are seeding from a single server which is not up 24x7

Anonymous

July 20, 2010

Permalink

Hi, before 0.2.2.14 was released we were modifying the code and adding circuitBuildTimeout management ourselves.

It can be still be made more aggressive, which is what Tor - Black Belt Edition is about.

We have included source code mods with the distro.

You can pick up a copy here:http://www.kickasstorrents.com/tor-black-belt-edition-2010-08-aug-2010-…

This server is not 24x7, so please be patient with the torrent.

Anonymous

July 21, 2010

Permalink

hi ive got a question about the version of firefox that is included with the tor bundle, it always seems to be wayy out of date, lots of firefox vulnerabilities have been found and patched since the version thats included in the bundle was released, but the version in tor bundle lags way behind and hence is extremely insecure...

what im curious about is it ok to update the version of firefox that is bundled with Tor without having to wait for the official Tor bundle update release? for instance sometimes i get a popup message from the Tor bundle version of firefox saying an update is available, but im worried if i update to it, it might end up breaking something.. could someone please advise? cheers...

are you saying its ok to use the auto update mechanism and it wont break anything with regards to Tor?

i think its an important issue as we do not know who the people running the exit nodes are, and hence cant trust them, so its important to have a fully patched browser at all times, but will having the latest patched browser destroy the anonymising features built into the bundled version?

are you saying that the only customisations of the tor bundled firefox are in the prefs.js file? and if so i guess that means its ok to autoupdate firefox? am i correct in that assumption?

The auto-update runs over ssl over tor. Very few exit nodes are found to modify traffic, and when they are we block them from the network.

You should not trust the tor network, this is by design. You shouldn't assume your isp, internet provider, or destination sites are any more trustworthy.

The firefox in the TBB is the portable firefox from portableapps.com, and customized with prefs.js and other files at https://svn.torproject.org/svn/torbrowser/trunk/. The whole process is clearly documented.

also with regard to my statement about way out of date, the current latest version of FF i am using is 3.6.7, i do not understand how 3.5.11 can be the latest... slightly confused...

Firefox has at least two active branches. We stick with the 3.5 branch because the code changes in 3.6 have not be fully analyzed for anonymity and privacy leaks. We believe torbutton is safe to use witih 3.6, but TBB is conservative and sticks with the fully analyzed 3.5 branch.

Anonymous

July 22, 2010

Permalink

I have a question about tor:
i know the data between the links is encrypted, but when data hits the end link it is not encrypted, so if i goto a non-https site and enter my username and password, does that mean some punk kid running a tor relay can get my user/pass if he happens to be that last node?

Anonymous

July 22, 2010

Permalink

can some punk kid who setup a relay server see my username/password if it was entered on a non-https site and he happened to be the end node?

if that's the case i trust some large ISP like ATT or Verizon who yes can sniff my login/pass but at least wont release my username/pass or abuse it like some random kid setting up a tor relay

From experience, the risks of some punk kid sniffing and releasing the data are pretty slim. You're just as likely to have the problem on free wifi at your local cafe or someone with access to the data at your ISP.

The real problem is the lack of encryption support at the destination. You shouldn't trust the network (ISP, wifi, dial-up, tor, etc) in the first place.

Hi Anonymous!!!!!!!!!

Good question your one!!!!!!!!!!!!!!

I'm thinking about phobos's article and i'm thinking!!, but do people wear motorcycle helmets because it's required by Law!!!!!!!!!!!!? I think people using motorcycles should wear helmets for their own safety!!!!!! Who cares if there is a law telling you to wear one!!!!!!!!!!!!!!! It should make no difference for you!!!!!!!!!

You have to do things (or avoid to do things) because you should know what's right and wrong, for you and the others!!!!!!!!!!!

Intercepting the exit traffic of one's own TOR exit-node is very easy!!!!!!!!!!!!! Yeah, you're very right, Wireshark (http://en.wikipedia.org/wiki/Wireshark) is all you need to do it!!!!!!!!!!! it isn't a difficult task to accomplish!!!!!!!!!
If somebody only "reads" the passersby traffic without modifying it, nobody will notice what he's doing!!!!!!!!!!!! yeah, this is why you must presume all TOR exit-nodes are sniffing their own traffic!!!!!!! There is no way to know if a TOR exit node is intercepting its traffic!!!!!!!!!!! So, if you don't tell anybody what you're doing, nobody will ever catch you!!!!! but, that's not the point!!!!!! I think people don't need a law telling them how they should behave!!!!!!!!! Wear an helmet for you yourself, not because it's what the law says!!!!!!! Invading the privacy of the others is very wrong!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! even in places where wiretapping your own computer is legal, it's something of wrong to do!!!!!!!!!

But of course, not all people are good people!!!!!!!!!!!!!!!!!!

So, in the end, the best thing you can do is to think in the skeptical way, as if all tor exit nodes were compromised!!!!!!!!!! Never send your own personal details, login screenames and passwords in plain text through TOR!!!!!!!!!!!!!! nobody knows, perhaps, even if there is "only one" compromised exit node in the TOR network, well, if you're going to use it, then there is no differences between "one" or "all"!!!!!!!!!!!!!!

In factorbee, i installed Certificate Patrol!!!!!!!! It's a super total great addon for firefox!!!!!!!!!!!!!!!!!!!!! With one click you'll be able to inspect SSL certificates, to avoid tor nodes to man-in-the-middle you with fake SSL certificates!!!! http://patrol.psyced.org/ (scroll to "Reviews" to read articles about SSL injection and factorbee!!!!!!) YEAH!!!!!!!!! It's a very useful addon to look at the fingerprints of SSL certs!!!!!!!!!!

When all people will have the right knowledge.... !!!! sniffing the traffic out of Tor nodes will be useless!!! As nobody will send, ever again, anything of important in "plain text"(unencrypted!!)!!!!!!!!

bye!!!!!!!!!!!!!!!!
~bee!!!!!!!

you don't understand, i am in a place where the site i want to goto is blocked, and i must use tor to access it, however their login part is not SSL encrypted..

great, so tor is useless to me.
a site i want to use doesn't encrypt their login in SSL.
frankly i trust my large ISP (ATT) over TOR since anyone on TOR can sniff my user/pass.
ATT doesn't let punk kids sniff their traffic, and ATT isn't going to abuse my login/pass

a site i goto doesn't encrypt the login thru SSL, so therefore tor is useless to me..
i trust my large ISP rather than random people setting up tor nodes who can easily sniff traffic.
my ISP isn't going to reveal my login/pass or abuse it most likely.. and if they do they can get in trouble legally.. however pursuing individuals for setting up nodes will be much harder

Anonymous

July 23, 2010

Permalink

建议添加(add):
虚拟IP(Virtual IP Address)机制( Mechanism),使:

提供中继(Relay)用户(User)A以虚拟的IP(Virtual IP Address)联网(# Network),使(Use)网络审查者(censor the Internet)查到(Found)虚拟IP(Virtual IP Address)后(After)要经过(To go through)反查(pegging )才能(Can Be Found)and 屏蔽掉(ban the)用户(user)A的真实IP(True IP Address)。

Anonymous

July 23, 2010

Permalink

Hi,

it's off topic, but I wanted to ask if firefox extension "Https Everywhere", developed by EFF and The Tor Project, is open source or not.
And if it is, where can I find the source?

Hi!!!!!!!!!!!!!!

This is funny!!!!!!!!! one day, i've got an user of my BeeFREE addon asking me the same question!!!!!!!!! I even wrote the answer in a page at BeeFree's website!!!! http://honeybeenet.altervista.org/beefree/?id=105200

Well yeah!!!!!!!!! The .XPI file of "HTTPS Everywhere", is the file within the source code of "HTTPS Everywhere"!!!!!!! Addons for firefox are written in a script language, so there is «only the source!!»!!!!!!!

Rename "https-everywhere-0.2.1.xpi" to "https-everywhere-0.2.1.zip" and decompress the file to look at its source code!!!!!!!!!!

bye!!!!!!!!!!!
~bee!!!!!!

Anonymous

August 05, 2010

Permalink

bridges启用(use)动态更新(auto update)是慢性自杀(Suicide),建议(Suggest)停用(Disable)bridges的动态更新(auto update),除非(Unless)已经能够(Can)破解(Crack)网络审查(traffic analysis)的实时监控(Real-time monitoring)bridges。

Anonymous

August 22, 2010

Permalink

加密(Encryption)and 分发(distribute)bridges,Example :
torrc:bridges 0.0.0.0→bridges x6d.15g4。m_8dds65'56〔zskuj 显示(Show)

Anonymous

August 22, 2010

Permalink

I have been using the Linux Tor browser bundle and find it work's ok, I find it particularly useful when using LiveCD's.

Recently I discovered http://www.portablelinuxapps.org/ and it would be good if the Linux Tor bundle used it's system of having a download of one uncompressed file that just needs to be clicked on. This is very similar to how people are use to and familiar with the one-click .exe windows program files.