Tor 0.2.7.6 is released
Here comes another stable release!
Tor version 0.2.7.6 fixes a major bug in entry guard selection, as well as a minor bug in hidden service reliability. (For more information on the guard bug, see Roger's preliminary analysis.
You can download the source from the usual place on the website. Packages should be up within a few days.
Changes in version 0.2.7.6 - 2015-12-10
- Major bugfixes (guard selection):
- Actually look at the Guard flag when selecting a new directory guard. When we implemented the directory guard design, we accidentally started treating all relays as if they have the Guard flag during guard selection, leading to weaker anonymity and worse performance. Fixes bug 17772; bugfix on 0.2.4.8-alpha. Discovered by Mohsen Imani.
- Minor features (geoip):
- Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2 Country database.
- Minor bugfixes (compilation):
- When checking for net/pfvar.h, include netinet/in.h if possible. This fixes transparent proxy detection on OpenBSD. Fixes bug 17551; bugfix on 0.1.2.1-alpha. Patch from "rubiate".
- Fix a compilation warning with Clang 3.6: Do not check the presence of an address which can never be NULL. Fixes bug 17781.
- Minor bugfixes (correctness):
- When displaying an IPv6 exit policy, include the mask bits correctly even when the number is greater than 31. Fixes bug 16056; bugfix on 0.2.4.7-alpha. Patch from "gturner".
- The wrong list was used when looking up expired intro points in a rend service object, causing what we think could be reachability issues for hidden services, and triggering a BUG log. Fixes bug 16702; bugfix on 0.2.7.2-alpha.
- Fix undefined behavior in the tor_cert_checksig function. Fixes bug 17722; bugfix on 0.2.7.2-alpha.
Please note that the comment area below has been archived.
BUPT former president
BUPT former president Bin-Xing Fang et al., Published "anonymous communication systems unobservability measure" in the "Computer Research and Development" (PDF), reported that they can observe traffic patterns Tor confuse widget will identify it. In order to avoid deep packet inspection, the researchers developed a protocol obfuscation tool, Tor anonymity network developed transport layer protocols confuse plug-ins include obfsprox (obfsproxy3 and obfsproxy4), meek and fte like. Researchers from Tor official website to download software, transport traffic soon after some research found that confusion Tor plugin vulnerable time analysis attacks. They found that, meek, bridges and HTTPS traffic packets inside the interval basically the same, but the meek packets in 0.5 seconds, has a near significant jitter, because the meek client in order to maintain a long connection with the cloud platform automatically when they are free to send a heartbeat packet, heartbeat packets are randomly between 0.1 seconds to 5 seconds to select a value. They also observed the other two data modes: bridge mode packet size are concentrated in the vicinity of 600B, reasons and Tor packet design related; under meek mode client-service packet size at around 200B, server to client end around 400B.
Please tor developers and other interested parties Bin Xing rogue plug-flow characteristics of the confusion of research !!
translated by https google translate
The research paper referred
The research paper referred to by the OP's post above in Mandarin Chinese has been referenced by an earlier post here: https://blog.torproject.org/comment/reply/1098/137900
The official name of the research paper in English is "Towards measuring unobservability in anonymous communication systems", Journal of Computer Research and Development, 2015, 52(10): 2373-2381.
The PDF version can be downloaded from: http://crad.ict.ac.cn/CN/abstract/abstract3031.shtml# The file size is about 6861 KB.
Thanks, we have seen that
Thanks, we have seen that paper. It doesn't mean that the censors in China have the capability to do the kind of traffic analysis they describe (yet), but it's something for us to keep in mind for the future. obfs4 and ScrambleSuit in fact are already capable of obfuscating their traffic patterns, but the capability hasn't been turned on yet because it hasn't been needed.
Another recent paper along these lines is "Seeing through Network-Protocol Obfuscation". They built detectors for various pluggable transports, but what I like the most about it is they paid attention to false positives.
If I try to download the
If I try to download the source code from https://www.torproject.org/download/download.html.en then 0.2.7.6 is shown as unstable, while the blog post advertises it as stable. Outdated download page?
"Here comes another stable
"Here comes another stable release!"
Why do you say it's a stable release? According to https://www.torproject.org/download/download.html.en it's an unstable/alpha release…
Meanwhile for 90% of Tor
Meanwhile for 90% of Tor users (windows) we are stuck at tor-win32-0.2.6.10
Let's hope Shari Steele's first job is to organise how the Tor team release new versions.
Please pay more attention on
Please pay more attention on GFW which is the strongest enemy for TOR
In China you can use
In China you can use meek-amazon, meek-azure, or a custom obfs4 bridge from https://bridges.torproject.org/ or email@example.com.
meek-amazon and meek-azure are slow, because they are too expensive to run at their full capacity. But you can make it fast by running your own copy on a CDN. Here are some guides for doing it:
It is stable. Update your
It is stable. Update your relay asap.
Downloadpage however may still declare diffrent.
For over a month, I've had
For over a month, I've had the same entry guard; however a few days ago I began to experience connection problems, and I saw that it switched to a different guard node; then today it changed to another one.
I vaguely remember something about you guys changing the behavior, making the first hop become more static, so this changing of entry guard nodes worried me.
* Is this related to what 0.2.7.6 should fix?
* Until a stable release, should I assume that I am vulnerable?
There are some different
There are some different scenarios where your Tor-Browser will switch to a different guard node. Thats not bad at all; Reducing the rotation-turns is just a allover plus for Tor-anonymity. Dont worry at that point. You sould not assuse that youre vulnerable.
its time for a zip-packed
its time for a zip-packed windows version tor-win0.2.7.6.zip !!!!!!!
cloudflare has been blocking
cloudflare has been blocking nearly all Tor exits since Friday.
Same here,too. They bash it
They bash it again )-:
Indeed, cloudflare is very
Indeed, cloudflare is very bad for Tor, on the cloudflare blog you can read the following lie: CloudFlare does not actively block visitors who use the Tor network. Why? Due to the behaviour of some individuals using the Tor network...
I don't even try to solve the impossible captchas.
The only thing cloudflare cares about is money.
A new Tor is great! Enjoy it
A new Tor is great! Enjoy it while it lasts.
Hello, can someone please
Hello, can someone please help me - I have a simple question. I've been getting a lot of "One more step Please complete the security check to access" pages lately, as have many others from what I read.
Will the captcha give me real IP away, if I enter it?
Would be really grateful.
It means the site you've
It means the site you've been visited runs by "Cloudflare"
Cloudflare has been blocked TOR IPs so you can't reach that site.
Well it's Tuesday and still
Well it's Tuesday and still no windows version :(
Come on Shari Steele, please get these guys in line and organise timely and simultaneous releases for all OS's.
The last 2 releases have been premature or partially released. This lack of preparedness makes Tor look unprofessional :(
We all love Tor, please make it look professional.
Hey, cloudflare is trolling
Hey, cloudflare is trolling the net with blocking tor.
Whats going on?
Finally now it's released
Finally now it's released :)
THANK YOU !
Boykott cloudflake by using
Boykott cloudflake by using another proxie like
www.webproxy.ca and other free webpoxies (make a macro for adding the proxie-url)
(-) https may not work in some cases.
Hope that helps.
I LOVE TOR PROJECT, I LOVE
I LOVE TOR PROJECT, I LOVE USA, I LOVE ALL WORLD ! ! ! THANKS ALL PROGRAMMERS & POLITIC'S THANKS ! ! ! GALACTIC LOVE YOUR ! ^_^
can anyone explain how in
can anyone explain how in the world can the same (version-wise) tor-win32-0.2.7.6.zip I downloaded on various dates (dec 2015 vs may 2016) from here, i.e. the official tor site, contain different binaries? sha1 dec 2015: 049D664E1CBEBD078928760564B70D86016B2C39, sha1 may 2016: 5A52C71714CD6747CD99B451B5A3400F174A96C3. wtf?
My guess would be library
My guess would be library updates (e.g. openssl).
Both of those "windows expert bundles" were built deterministically, as part of the Tor Browser build. So you can repeat the process for each of them, using the libraries available at the time.
(If you want a windows binary that doesn't change, you should fetch the official source tarball, and build it yourself.)