Tor Weekly News — February 4th, 2014

Welcome to the fifth issue of Tor Weekly News in 2014, the weekly newsletter that covers what is happening in the Tor community.

News from the browser team front

Mike Perry has a detailed report about what the growing Tor Browser team has been up to. Among the good news, new fingerprinting defenses are getting close to be merged for “screen resolution, default character sets, site permissions, and local service enumeration”. Some other changes that will reduce the attack surface include “disabling addon update requests for addons that should not update, a potential fix for a disk leak in the browser’s video cache, […], and a potential fix to prevent the Flash plugin from being loaded into the browser at all until the user actually requests to use it.”

Most censored users currently have to use a separate browser bundle dubbed “pluggable transports bundle”. This has proven quite inconvenient for both users and those trying to support them. Mike reports progress on “unifying the pluggable transport bundles with the official bundles, so that both censored and uncensored users can use the same bundles. […] The progress is sufficient that we are very likely to be able to deploy a 3.6-beta1 release in February to test these unified bundles.”

Another important topic is how the privacy fixes in the Tor Browser can benefit a wider userbase. The team has “continued the merge process with Mozilla, and have worked to ensure that every patch of ours is on their radar […]. Two patches, one for an API we require to manage the Tor subprocess, and another to give us a filter to remove potentially dangerous drag-and-drop events to the desktop have already been merged. Next steps will include filing more bugs, continual contact with their development team, and touching up patches as needed.”

There are even more things to smile about in the report. Read it in full for the whole picture.

Key revocation in next generation hidden services

It looks like every public-key infrastructure struggles with how to handle key revocation. Hidden services are no different. The current design completely ignored preventing a stolen key from being reused by an attacker.

With the on-going effort to create a new protocol for hidden services, now seems to be a good time for George Kadianakis to raise this issue. In the past there was little control for the hidden services operators over their secret key. The new design enables offline management operations which include key revocation.

As George puts it, currently well-known solutions “are always messy and don’t work really well (look at SSL’s OCSP and CRLs).” So how can “the legitimate Hidden Service can inform a client that its keys got compromised”?

In his email, George describes two solutions, one relying on the directory authorities, the other on hidden service directories. Both have drawbacks, so perhaps further research is necessary.

In the same thread, Nick Hopper suggested a scheme that uses multiple hidden service directories to cross-certify their revocation lists. This gives more confidence to the user, since the adversary now has to compromise multiple hidden service directories.

Please join the discussion if you have ideas to share!

Help needed to remove DNS leaks from Mumble

Mumble is a “low-latency, high quality voice chat software primarily intended for use while gaming”.

It’s proven to be a reliable solution for voice chat among multiple parties over Tor. Matt and Colin have worked on a documentation on how to setup both the client and the server side for Tor users.
But the client is currently safely usable only on Linux system with torsocks and on Tails. On other operating systems, the Mumble client will unfortunately leak the address of the server to the local DNS resolver.

The changes that need to be made to the Mumble code are less trivial than one would think. Matt describe the issue in more details in his call for help. Have a look if you are up to some C++/Qt hacking.

Monthly status reports for January 2014

The wave of regular monthly reports from Tor project members for the month of January has begun. Damian Johnson released his report first, followed by reports from Philipp Winter, Sherief Alaa, the Tor Browser team from Mike Perry, Colin C., the help desk, Matt. Lunar, George Kadianakis, and Pearl Crescent.

Miscellaneous news

Nick Mathewson came up with a Python script to convert the new MaxMind GeoIP2 binary database to the format used by Tor for its geolocation database.

Thanks to John Ricketts from Quintex Alliance Consulting for providing another mirror for the Tor Project’s website and software.

Abhiram Chintangal and Oliver Baumann are reporting progress on their rewrite of the Tor Weather service.

Andreas Jonsson gave an update on how Mozilla is moving to a multi-process model for Firefox and how this should positively affect the possibility of sandboxing the Tor Browser in the future.

As planned, to help “developers to analyze the directory protocol and for researchers to understand what information is available to clients to make path selection decisions”, Karsten Loesing has made microdescriptor archives available on the metrics website.

Christian has deployed a test platform for the JavaScript-less version of Globe, a tool to retrieve information about the Tor network and its relays.

In an answer to Shadowman’s questions about pluggable transports, George Kadianakis wrote a detailed reply on how Tor manages pluggable transports, both on the server side an on the client side.

Arthur D. Edelstein has advertised a GreaseMonkey script to enable Tor Browser to access YouTube videos without having JavaScript enabled. Please be aware of the security risks that GreaseMonkey might introduce before using such a solution.

Andrew Lewman reports on his trip to Washington DC where he met Spitfire Strategies to learn about “Tor’s brand, media presence, and ideas for the future”. For a short excerpt: “It’s interesting to get critiques on all our past media appearances; what was good and what could be better. Overall, the team there are doing a great job.”

Lunar accounted for Tor’s presence at FOSDEM, one of the largest free software event in Europe. The project had a small booth shared with Mozilla and there was even a relay operator meetup.

Yan Zhu has released the first version of HTTPS Everywhere for Firefox Mobile. A good news for users of the upcoming Orfox.

Tor help desk roundup

Users often want to know if Tor can make them appear to be coming from a particular country. Although doing so can reduce one’s anonymity, it is documented on our FAQ page.

Orbot users have noticed that installing Orbot to their SD storage can cause Orbot to stop functioning correctly. Installing Orbot to the internal storage has resolved issues for a few users.

News from Tor StackExchange

Rhin is looking for hidden services hosting services. Jens pointed them to but it looks like no there are no gratis hidden services hosters currently available.

Vijay kudal wanted to know how to change the current circuit within shell scripts. Jens Kubieziel gave an answer using expect and hexdump.

Roya saw replying contradictory information with Atlas about the exit node being used. It seems to be a bug in check occuring when multiple nodes are using the same IP address.

This issue of Tor Weekly News has been assembled by Lunar, Matt Pagan, qbi, George Kadianakis, Colin, Sandeep, Paul Feitzinger and Karsten Loesing.

TWN is a community newsletter. It can’t rest upon a single pair of shoulders at all times, especially when those shoulders stand behind a booth for two days straight. So if you want to continue reading TWN, we really need your help! Please see the project page and say “hi” on the team mailing list.