Tor 0.2.6.10 is released

Hi, all! There's a new stable Tor release out, and source code is now available on the website. If you build Tor from source code, you'll want to upgrade. Otherwise, packages should be available reasonably soon.

Remember to check signatures! (See the FAQ for information how)

Tor version 0.2.6.10 fixes some significant stability and hidden service client bugs, bulletproofs the cryptography init process, and fixes a bug when using the sandbox code with some older versions of Linux. Everyone running an older version, especially an older version of 0.2.6, should upgrade.

Changes in version 0.2.6.10 - 2015-07-12

  • Major bugfixes (hidden service clients, stability):
    • Stop refusing to store updated hidden service descriptors on a client. This reverts commit 9407040c59218 (which indeed fixed bug 14219, but introduced a major hidden service reachability regression detailed in bug 16381). This is a temporary fix since we can live with the minor issue in bug 14219 (it just results in some load on the network) but the regression of 16381 is too much of a setback. First-round fix for bug 16381; bugfix on 0.2.6.3-alpha.
  • Major bugfixes (stability):
    • Stop crashing with an assertion failure when parsing certain kinds of malformed or truncated microdescriptors. Fixes bug 16400; bugfix on 0.2.6.1-alpha. Found by "torkeln"; fix based on a patch by "cypherpunks_backup".
    • Stop random client-side assertion failures that could occur when connecting to a busy hidden service, or connecting to a hidden service while a NEWNYM is in progress. Fixes bug 16013; bugfix on 0.1.0.1-rc.

 

  • Minor features (geoip):
    • Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
    • Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database.
  • Minor bugfixes (crypto error-handling):
    • Check for failures from crypto_early_init, and refuse to continue. A previous typo meant that we could keep going with an uninitialized crypto library, and would have OpenSSL initialize its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced when implementing ticket 4900. Patch by "teor".
  • Minor bugfixes (Linux seccomp2 sandbox):
    • Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need these when eventfd2() support is missing. Fixes bug 16363; bugfix on 0.2.6.3-alpha. Patch from "teor".
Anonymous

July 12, 2015

Permalink

Can`t seem to connect I have installed and uninstalled started and restarted and still cant connect to the network Os windows 8.1. Here is the log 12-Jul-15 18:26:29 PM.478 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
12-Jul-15 18:26:33 PM.297 [NOTICE] Opening Socks listener on 127.0.0.1:9150
12-Jul-15 18:26:40 PM.466 [NOTICE] Bootstrapped 5%: Connecting to directory server
12-Jul-15 18:26:40 PM.469 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server
12-Jul-15 18:26:42 PM.717 [NOTICE] Bootstrapped 15%: Establishing an encrypted directory connection
12-Jul-15 18:26:43 PM.119 [NOTICE] Bootstrapped 20%: Asking for networkstatus consensus
12-Jul-15 18:26:43 PM.573 [NOTICE] Bootstrapped 25%: Loading networkstatus consensus
12-Jul-15 18:26:50 PM.307 [WARN] Our clock is 3 hours, 33 minutes behind the time published in the consensus network status document (2015-07-12 22:00:00 UTC). Tor needs an accurate clock to work correctly. Please check your time and date settings!
12-Jul-15 18:26:50 PM.307 [NOTICE] I learned some more directory information, but not enough to build a circuit: We have no recent usable consensus.
12-Jul-15 18:27:01 PM.473 [WARN] Proxy Client: unable to connect to 109.105.109.163:38980 ("general SOCKS server failure")
12-Jul-15 18:27:01 PM.475 [WARN] Proxy Client: unable to connect to 109.105.109.163:47779 ("general SOCKS server failure")
12-Jul-15 18:27:01 PM.478 [WARN] Proxy Client: unable to connect to 169.229.59.75:46328 ("general SOCKS server failure")
12-Jul-15 18:27:05 PM.314 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
12-Jul-15 18:27:05 PM.315 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
12-Jul-15 18:27:05 PM.315 [NOTICE] Closing old Socks listener on 127.0.0.1:9150
12-Jul-15 18:27:05 PM.422 [NOTICE] Delaying directory fetches: DisableNetwork is set.

Anonymous

July 13, 2015

Permalink

Hello torproject,
may half off-topic but i have a question:

on some Entry Guards you can see specific patterns.
When you download bigger files normally(?) you see a 'flat line' in Bandwidth Graph on most Entry Guards.
Some Entry Guards produce ZIGZAGS.
Maybe reducing size of data packets?

Is this a benign/neutral or a more malign behaviour?(And why?)
Thanks in advance.

Probably i dont't know enough about visible data flow in the tor onion protocol but
if i see specific 'patterns' on my Entry Guard, same 'patterns' are on
the Exit Node?
An adversary Exit Node, especally a state, can correlate these 'patterns'?

The particular patterns you describe probably don't show up on both sides of the circuit. They have to do with how your entry relay sends its data to you, which doesn't have that much to do with how the exit relay received the data from the destination.

But that said, yes, the "traffic correlation" attack likely works well in general for an adversary who is in a position to see both edges. That's why Tor's security is designed around reducing the chances that an adversary can get into this position.

For other background, check out
https://blog.torproject.org/blog/one-cell-enough

But! He can see "both sides" pattern if he has access to destination server traffic. Or maybe he controls exit relay?
Can anything be done to at least detect such "patterned" data and warn a user that he maybe tracked? Say, the exit relay classifies traffic from some server as modulated and marks it for a client.
By the way there IS at least one adversary in this position precisely.
As for an original message I think you can mix noise in you connection to entry relay - connect cuncurrently to some source which sends back noise.
And btw this IS a problem - imagine an evil commercial security company selling the product which is designed to modulate outgoing connections on a web site depending on the source of incoming request etc. So no need to control both sides!

Technically you are right.
But #13465 was never fixed: now you're providing "tor-win32-0.2.x.xx.zip" extracted from TBB, which is not a bug fix, just a workaround, because updated Tor expert bundle has disappeared from https://dist.torproject.org/win32/
Those "tor-0.2.x.xx-win32.exe" builds showed console window with tor logs, and could be closed with "CTRL + C" or "X" from DOS windows.
This "tor-win32-0.2.x.xx.zip" runs without any window or UI, and has to be killed via task manager.
If #13465 was properly fixed, #13819 should never exist.

Under Windows, you can easily modify the existing tor.exe to display a console without rebuilding. Open tor.exe in CFF Explorer, click on "Optional Header", change the Subsystem to "Windows Console" then File->Save. I use CFF Explorer to edit the .exe file, although I'm sure other .exe/.dll/PE format editors would work.

Anonymous

July 13, 2015

Permalink

Another pile of poo site that outright bans Tor. These sites should be blasted into a black hole in space.

"Either your network or ip address has been banned from Slashdot

...due to script flooding that originated from your network or ip address -- or this IP might have been used to post comments designed to break web browser rendering. Or you crawled us with a rude robot, especially one that doesn't understand RFCs very well.

If you feel that this is unwarranted, feel free to include your IP address (37.130.227.133) in the subject of an email, and we will examine why there is a ban. If you fail to include the IP address (again, in the subject!), then your message will be deleted and ignored. I mean come on, we're good, we're not psychic.

If you think your IP number is different from 37.130.227.133, tell us both.

If you are using a browser with some kind of add-on that crawls or caches pages for you, tell us what it is.

Since you can't read the FAQ because you're banned, here's the relevant portion:
Why is my IP banned?

If your IP is banned, it's probably because one of these is true:

Your IP has been used to perform a denial of service attack (or the accidental equivalent) against Slashdot.
Your IP was used to post comments that break Slashdot's rendering.
You're using a proxy server used by someone who did one of those things.

How do I get an IP unbanned?

Email banned@slashdot.org. Be sure to specify the IP itself, your user ID, and any other pertinent information. (If you're connecting through a proxy server, you might need to have the admin contact us instead.)"

a... they just flood your input connection - you send a small request they reply with big unrequested trash. Otherwise it's cheaper to just let you through.
What a shit site which can be broken by comments!!! Surprising that they still get their salaries and not get fired. They are really "American Psycho" types.

Anonymous

July 14, 2015

Permalink

Hello. I have a few questions for The Tor Project, Inc. Is their any evidence to suggest that Windows 8.1,8,7,vista and xp have an NSA backdoor? Can Tails be installed on a computer to replace the previous operating system? Thank you for your time.

Gosh. I don't know of any backdoors in those versions of Windows, but also I don't use Windows, in part because of its closed and proprietary nature, which does indeed make it harder to detect flaws or problems (whether they're intentional or accidental).

As for installing Tails, it aims to be used without needing to install it. Recent versions of Tails let you have persistent storage, which for many purposes is just as good as installing it.

Anonymous

July 14, 2015

Permalink

Dragging non-English characters from outside TBB to the text field inside TBB you can get the unrecognized characters

Anonymous

July 14, 2015

Permalink

the majority of the times that I try to change the tor circuit I fall into 5.39.79.01 or another french site...very strange: is this normal?

Anonymous

July 15, 2015

Permalink

Will there ever be a simple way to run a relay again? I used to use Vidaia to run a relay node. Am not tech savvy enough to work out how to run a node without Vidalia.

I want to help out but the tech is too complex

A simple way to run a node would really be a plus

I agree. The reason we haven't prioritized it so far is that really fast relays are most useful to the network, and they will probably be run by people who have the experience and skills to set them up and keep them running.

If somebody wants to set up a community build that makes it easier to run a Tor relay on Windows or OS X, that would be grand.

the tor-win32-0.2.6.10.zip file is not available yet for windows as a download

you should maintain the windows Vidalia installers as they are on 2.6.4 at the moment

any way with Vidalia all i did was replace the tor.exe and the dll files that is in the default zip file

https://www.torproject.org/dist/torbrowser/4.5.3/tor-win32-0.2.6.9.zip
i just put all the tor files into the below directly seems to be working as the node is up and operating
C:\Program Files (x86)\Vidalia Relay Bundle\Tor\

one question avast mail:URL keeps on going off randomly (had turn off all mail checking) and was getting cert errors as well which i turned off (i assume this is the internode cert that tor makes its own certs up as they have some really mad random www names

i am running it relay only (an exit node would bring unwanted problems and i don't have a static dedicated IP to thow it at)

Anonymous

July 15, 2015

Permalink

I am not the first to raise concern over this. I tested the browser uniqueness with Panopticlick. Found it very unique among many. That was with no changes made to defaults. With Security Slider pushed to the highest level, browser became more unique for obvious reasons.

Here is what I do not understand:

When I forced a full screen mode, the browser became very common! Earlier with defaults it was unique among over 350,000 and with highest security, was over just 300! But, with maximizing the window (720p or 1080p) made it unique among one in over 5 million!

Won't such resolution help to avoid detection of being a Tor Browser? Whole idea of being anonymous is to blend in! Not the other way around!

This question sounds reasonable to me. The problem though is that you've asked it in a blog post about the program Tor. The Tor Browser folks are unlikely to ever run across it.

You'll do better asking them on irc, or asking on tor-talk, or asking on tor.stackexchange.com.

You are interpreting the Panopticlick results backwards. Being unique among 300 is good (more anonymous); being unique in 5 million is bad (less anonymous). Look at the number of bits of identifying information. You want the number to be low (web sites have less information about you).

You became more anonymous when you increased the security slider because the highest level disables JavaScript, and JavaScript is the source of most browser fingerprinting techniques. You became less anonymous when you maximized the window because now web sites have information about how big your monitor is, how big the controls are around the screen, etc. This is the reason why Tor Browser starts in an unmaximized state and why you shouldn't maximize it.

See the section "Specific Fingerprinting Defenses in the Tor Browser," item "Monitor, Widget, and OS Desktop Resolution" at
https://www.torproject.org/projects/torbrowser/design/#fingerprinting-l….

Indeed! It will come out the next time anybody builds a Tor Browser, with this new Tor version in it. Perhaps that person would be you? Otherwise, be patient I guess.

Also, there might be Tor Browser nightlies around somewhere -- I know that some folks used to make them. (And if not, maybe you should start?)

This is a great idea. It sounds exactly like the common response to requests for documentation for an open source project.

Rather than the people who actually developed and know how the software works writing documentation, people who are struggling to figure it out should write documentation.

Tor for windows is all but orphaned. All of the project's energy is now being poured into Tor Browser.

The atitude of the project seems to have evolved to be that most people are too stupid to learn how to use Tor properly so they should be herded into using TB. Nevermind that some people are in a position that they have to use Windows sometimes and really do know how to properly control leakage, but don't want to get all the bloat needed to compile Tor on w32 and then waste a huge amount of time guessing about what Windows directories various pieces are expected to be found in.

Well to be fair many users do seem to be trying to shoot themselves in the foot. I think there is a concern that given Windows' status as closed source, it's impossible to be sure that you're controlling leakage because the OS itself may leak.

That's fair. But the more you try to make things idiot proof, the more idiots you get because it makes it even harder for people to learn.

I don't care for Windows at all, but alot of people use it, and TB is supported on it. If the OS leaks around Tor, then I don't see how using TB on Windows solves that problem.

Anonymous

July 16, 2015

Permalink

What I want to know is why Tor still do not have heuristic decloaking detection methods in place for everything from Tor core, extensions to plugins.
Tor-Firefox should be able to control everything its extensions and sub-processes are doing.

Do not Tor care about privacy anymore? Is Tor in itself a honeypot?

Tor decloaking methods are becoming so common that even FBI know about them, for crying out loud!

Can you please fix these problems already?!
I'm sure somebody might get killed if you do not fix these common decloaking hacks.

Sounds like this is a Tor Browser question, not a core-Tor question. Core-Tor doesn't have any of these issues (I believe), whereas you're right that browsers do.

For the browser side, see:
https://blog.torproject.org/blog/isec-partners-conducts-tor-browser-har…
and
https://trac.torproject.org/projects/tor/ticket/14270

Also, note that many of the ways that Tor users have been screwed lately involve having them download a file through Tor, and then using a totally different program to "run" that file. Tor Browser by itself is going to have a tough time noticing or preventing that. You need a whole environment, like Tails, in that case.

The browser is part of core-tor. Without the browser tor is a useless pet project for crypto-nerds. A science project. No one who needs anonymity and privacy would use it. They wouldn't know or understand how.

"involve having them download a file through Tor"

That claim is very vague. FUD. Everything the browser do is download stuff via tor. Web pages(html files, pictures, html5 videos, etc).

So Bullshit! Read the news and listen to people!
Tor servers got penetrated.
Tor browser users got decloaked due to leaking of IP. Via bugs, javascript and flash.

Javascript is on by default now. Serious stupid security mistake. Hence honeypot.

Flash is started by the browser and should be controlled by the browser. If not than it should be blocked. Yes, flash is optional and insecure by default but if firewall software can do it, so can tor.

Tor project dev team should know better than this. Hence honeypot.
Seems like they care more about the crypto stuff than anonymity and privacy. Like a useless science project.

To Tor project dev team: Do what you claim or change your claim!

As one user said: "That drone strike who killed children was tor project's fault."

The Tor Project doesn't have the resources to maintain such a significant fork of Firefox. What they could do is make it harder to install additional addons and make the warnings about downloaded files harder to ignore, but such steps are likely to upset the userbase further; just look at the response to automatic resizing.
On another note, while the NSA is a far greater threat than the FBI, I don't think you are doing yourself any favors by underestimating them. Of course they know ways to unmask tor users given that such methods are freely discussed online; what you need to be concerned about is the possible methods that aren't known by the general public.

Anonymous

July 16, 2015

Permalink

What are the exact commands to build Tor from source code?

As root and in the same directory where I had unzipped the source code, I typed

  1. ./configure</p>
  2. <p>make</p>
  3. <p>make install

and nothing happened!!

Anonymous

July 19, 2015

Permalink

We should be able to enable/disable usage of guard nodes. It causes anonymity problems when using a bridge which you know 100% is not malicious.

Hope this gets implemented as it is a very serious issue for advanced tor users.

Anonymous

July 20, 2015

Permalink

When using a Bridge, it says "Unknown country (Unknown IP)"

wouldn't it be better for it to say simply "Bridge" ?

I am talking about "Tor circuit for this site".