Tor Weekly News — August 27th, 2014

Welcome to the thirty-fourth issue of Tor Weekly News in 2014, the weekly newsletter that covers what is happening in the Tor community.

Orfox: a new Firefox-based secure browser for Android

With the growing popularity of pocket computers (also known as “phones”), users need to have access to censorship-circumvention and anonymity systems on these devices as well as on their desktop or laptop machines. While there is currently no supported implementation of Tor for Apple’s iOS, the Guardian Project works closely with the Tor Project to produce (amongst other software) a Tor client for Android named Orbot. Mobile applications can be proxied through Orbot just as they can through the Tor client on other operating systems, but mobile web browsing potentially suffers from the same issues that the Tor Browser was designed to protect against, such as disk leaks and a large attack surface. The Guardian Project has therefore also been maintaining a dedicated mobile browser for use with Orbot under the name Orweb.

Orweb is based on WebView, and is limited by that browser’s features; flaws such as the potential HTML5 IP leak, while possible to work around in the short term, have made it clear that the best future for secure mobile browsing lies in a switch to an application based on Firefox/Fennec/GeckoView.

Following a successful Google Summer of Code project by Amogh Pradeep and work by other Guardian Project members, Nathan Freitas announced that “a real working version” of Orfox, the new Orbot-compatible mobile browser, is now available. “All the necessary defaults [have been] changed to match Tor Browser’s defaults as closely as possible”; the developers also “remove the Android permissions for things like camera, mic, GPS” and “turn off webrtc.”

“We still need to figure out which preferences and features map between the desktop mobile browser and the Android version, so there is quite a bit of work to do”, but you can download and test this initial version by following the links in Nathan’s email. “Over the next few months we hope to launch this as our new official browser for Orbot, and deprecate Orweb as quickly as possible”, he concluded.

Miscellaneous news

A new release of ooniprobe, the network interference data collector for OONI, was announced by Arturo Filastò. Version 1.1.0 introduces a new command line tool “for listing the reports that have not been published to a collector and that allows the probe operator to choose which ones they would like to upload”. The new version also improves the privacy of the reports by sanitizing file paths.

Developers of applications using Onionoo — the web service to learn about currently running Tor relays and bridges — are invited to join the new onionoo-announce mailing list. Keeping the list low volume, Karsten Loesing plans on using it to announce major protocol changes, scheduled maintenance, major bug fixes, and other important news.

Yawning Angel has made available an experimental version of the Tor Browser that includes the latest version of the obfs4 pluggable transport. Testing on Windows and OS X would be particularly welcome.

Fabian Keil reported that FreeBSD now includes ports of liballium and obfsclient.

JusticeRage explained how relay operators who offer exiting on port 25 can protect the reputation of their domain name by using the Sender Policy Framework.

Sreenatha Bhatlapenumarthi sent the final GSoC report for the Tor Weather rewrite project. Juha Nurmi sent another report on the development of ahmia.fi.

Thanks to s7r for hosting a new mirror of the Tor Project’s website and software!

Tor help desk roundup

Users of different VPN (Virtual Private Network) services have told the help desk that Tor Browser has difficulty connecting to Tor when a VPN is in use. Using Tor with a VPN is not supported. For a trusted entry into the Tor network, bridges and pluggable transports are recommended, while for anonymizing all network traffic coming from a computer, Tails is recommended.

Easy development tasks to get involved with

The bandwidth authority scanners measure the actual bandwidth offered by Tor relays in order to get accurate information into the Tor consensus. The measurement process currently splits up the set of relays that are to be measured into 4 subsets, with the goal that measuring each of these subsets should take about the same time. However, this is not the case. Measuring subsets 2 and 3 is about twice as fast as measuring subset 1, and subset 4 is twice as fast as subset 2 and 3. If you're up for doing some experiments to split up the set into more equal subsets, please let us know about your findings on the ticket.

This issue of Tor Weekly News has been assembled by Lunar, harmony, Matt Pagan, Karsten Loesing, and dope457.

Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing list if you want to get involved!