Tor Weekly News — April 1st, 2015
Welcome to the thirteenth issue in 2015 of Tor Weekly News, the weekly newsletter that covers what’s happening in the Tor community.
Tor Browser 4.0.6 and 4.5a5 are out
Mike Perry announced two new releases by the Tor Browser team. Tor Browser 4.0.6 contains updates to Firefox, meek, and OpenSSL; it is also the last release planned to run on 32-bit Apple hardware. If you have a 64-bit Mac and are running Mac OS X 10.8, you can expect to be automatically upgraded to Tor Browser 4.5, optimized for your hardware, later this month. If you are running OS X 10.6 or 10.7, however, you will need to update manually once that version of Tor Browser is released, as described in the end-of-life announcement last year.
Tor Browser 4.5a5, meanwhile, includes several exciting security and usability updates. Tor Browser’s windows, when resized, will now “snap” to one of a limited range of sizes, to prevent an adversary from fingerprinting a user based on their unique browser size; the Security Slider now offers information about the features that are disabled at each security level; and Tor circuits remain in use for a longer period, avoiding the errors that can result when websites detect a change in your connection. You can read about all these features and more in Mike’s announcement.
These new releases contain important security updates, and all users should upgrade as soon as possible. As usual, you can get your copy of the new software using the in-browser updater, or from the project page.
Tails 1.3.2 is out
Tails version 1.3.2 was put out on March 31. This release includes updates to key software, fixing numerous security issues. All Tails users must upgrade as soon as possible; see the announcement for download instructions.
Crowdsourcing the future (of onion services)
Onion (or hidden) services are web (or other) services hosted in the Tor network that have anonymity, authentication, and confidentiality built in. As George Kadianakis writes, “anything you can build on the Internet, you can build on hidden services — but they’re better”. A major task for the Tor community in the near future is making these important tools more widely available, and usable by groups who urgently need them, so George took to the Tor blog to solicit ideas for future onion service-related projects that could form the basis for a crowdfunding campaign. “Long story short, we are looking for feedback! What hidden services projects would you like to see us crowdfund? How do you use hidden services; what makes them important to you? How you want to see them evolve?…Also, we are curious about which crowdfunding platforms you prefer and why.”
See the full post for an introduction to onion services, why they matter, why a crowdfunding campaign makes sense, and how to join in with your own ideas.
Spreading the word about Tor with free brochures
Tor advocates play an important role in talking to groups and audiences around the world about the ways Tor and online anonymity can benefit them. Until now, printed materials offering a simple introduction to the basic concepts behind Tor have been hard to come by, so Karsten Loesing announced a set of brochures, aimed at various audiences, that can be freely printed and distributed at Tor talks, tech conferences, public demonstrations, or just for fun. These will continue to receive updates and translations, so stay tuned.
If you don’t have access to printing facilities, you can contact the Tor Project with details of your event and requirements and receive a stack of brochures, possibly in return for a report or other feedback. Spread the word, and feel free to screen the Tor animation in your language while you’re at it!
Monthly status reports for March 2015
The wave of regular monthly reports from Tor project members for the month of March has begun. Damian Johnson released his report first, followed by reports from Tom Ritter, Philipp Winter, Pearl Crescent, Nick Mathewson, Juha Nurmi, and Isabela Bagueros.
Anthony G. Basile announced version 20150322 of tor-ramdisk, the micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. This release includes updates to Tor, busybox, OpenSSL, and the Linux kernel.
George Kadianakis used some newly-discovered bridge statistics to generate visual bandwidth histories, in order “to better understand how much bridges are used”. “Questions and feedback on my methodology are welcome”, writes George. On the other hand, “we should think about the privacy implications of these statistics since they are quite fine-grained (multiple measurements per day) and some bridges don’t have many clients (hence small anonymity set for them)”, so if you have comments on this topic feel free to send them to the thread.
News from Tor StackExchange
Tor’s StackExchange site is currently running a self-evaluation. On the evaluation page you’ll see some questions and answers. Please go through this list and rate those questions. It helps the Q&A site to improve those answers and see where weaknesses are.
This week in Tor history
A year ago this week, Tor developers were discussing the possibility of distributing bridge relay addresses via QR code, to avoid tricky copy-pastes and input errors that might cause a failed connection. Today, you can request some bridge lines from BridgeDB and select “Show QR code” to be shown…exactly that. Bridge address QR code recognition will soon make its way into the Orbot stable release, as well, so your simple censorship circumvention is no longer dependent on finicky touchscreen keyboards!
This issue of Tor Weekly News has been assembled by Harmony, Karsten Loesing, qbi, and the Tails team.
Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing list if you want to get involved!