Tor Weekly News — July 15th, 2015
Welcome to the twenty-eighth issue in 2015 of Tor Weekly News, the weekly newsletter that covers what’s happening in the Tor community.
Caspar Bowden, a leading advocate for many years in the field of civil liberties, and a member of the Tor Project, Inc.’s board of directors, has died after a short illness. As the Tor Project wrote in a statement, Caspar “was a passionate supporter of universal human rights, including the right to privacy”: “The world has lost a voice of tremendous moral courage.”
A Caspar Bowden Legacy Fund has been established “to promote advocacy for privacy as a universal human right and privacy enhancing technologies as one means to protect it”, in accordance with Caspar’s request “that we work to ensure equal protection regardless of nationality”. If you would like to make a contribution to this fund in Caspar’s memory, please see the web page for further details.
The Tor Project launches its search for a new Executive Director
Following the departure of long-time Executive Director Andrew Lewman earlier this year, the Tor Project, Inc. has opened a world-wide search for its new Executive Director. As Wendy Seltzer, a member of the board of directors, writes: “We have engaged The Wentworth Company to help us with the search process, and invite the broader Tor community and friends to share the job posting among your networks. If you are or know a great leader with a passion for anonymous communication and free software, please contact Judy Tabak at Wentworth (judytabak at wentco.com, other contact details in the posting) for more information or to be considered for the job.”
Tor 0.2.6.10 is out
Nick Mathewson put out a new release in the current Tor stable series. Version 0.2.6.10 contains a fix for a regression introduced in 0.2.6.3-alpha that made it difficult for clients to access onion services under certain circumstances — for example, if a hidden service restarts after a client connects, the same client would have been unable to connect again until the next hour. This version also “bulletproofs the cryptography init process, and fixes a bug when using the sandbox code with some older versions of Linux”.
“Everyone running an older version, especially an older version of 0.2.6, should upgrade”, writes Nick. Source code is downloadable from the distribution directory; packages will become available as their packagers package them.
New onion service-related proposals
A gathering of experts in Tor onion service research and development resulted (among other things) in two new Tor proposals for improving the anonymity and efficiency of services hosted inside the Tor network.
John Brooks and George Kadianakis expanded John’s earlier suggestion that the roles of “hidden service directory” and “introduction point” could be merged in the next generation of onion services, into what is now proposal 246. This innovation would simplify the relevant code, reduce load on the network, and limit the number of relays that can observe the service’s activity or serve as a fingerprint for an observer.
George also wrote up draft proposal 247, which tries to prevent “guard discovery attacks” (where an adversary is able to work out which Tor relay is being contacted directly by the target client, thereby allowing them to attack that relay itself and deanonymize the client) by making the attack significantly more costly to perform, using “vanguards”. By enabling a Tor configuration option, the service operator could pin the second and third hops (the “vanguards” in question) of their circuits for a longer period. A would-be attacker is then forced to carry out “a Sybil attack and two coercion attacks” before succeeding, as opposed to the current situation “where the Sybil attack is trivial to pull off, and only a single coercion attack is required”. “I consider this issue very important and any feedback is greatly appreciated”, wrote George.
This is privacy development at the most advanced level, and the waters are very much uncharted: there may be major design flaws, improvements, and counter-arguments lurking up ahead. If this is an area in which you feel you have a contribution to make, by all means take a look at the proposals, and then pitch in on the tor-dev mailing list!
ExoneraTor gets an update
The ExoneraTor service lets you use historical Tor network data to quickly determine whether or not a particular IP address was being used by a public Tor relay on a given date. This is useful if, for example, you’re the administrator of a web service that received malicious traffic on that date, and you want to find out if the IP address will be useful to your investigation of the problem.
After much discussion and feedback on the tor-relays list, Karsten Loesing and Julius Mittenzwei have updated ExoneraTor to offer a simpler, more intuitive service without unnecessary details that might confuse a non-specialist. Searches are now restricted to full days, rather than precise timestamps, to avoid most issues relating to timezone differences (ExoneraTor’s results are given in UTC, and searchers might forget to make adjustments for their local timezone); the form allowing searchers to check whether a relay permitted exit traffic to a target address and port has been replaced by an “Exit” column indicating whether or not any exit traffic was allowed by that relay, again for the sake of simplicity; and the overall look of the service has been streamlined, with clearer, non-technical explanations of Tor and Exonerator, and a translation into German (with more languages planned).
“Please give it a try, including the tricky edge cases where you expect it to break”, wrote Karsten. “And if you have any further feedback,” please send it to the tor-relays mailing list.
The Vegas plan continues to roll out
The “Vegas plan” — a reorganization of Tor’s active contributors into a more focused team-based structure, named after the fair city in which it was developed — continues to roll out, with the Measurement, Community, Networks, and Applications teams holding their first or second IRC meetings this week. Isabela Bagueros, Tor’s project manager, writes: “Keep an eye out for teams’ updates, and for things that can be done better; feedback will be key for making this successful, and that is why we will have a check-in during our next dev meeting. So follow up, participate, bring feedback!”
If you aren’t already working with one of the new teams, and feel you should be, please check in on IRC or the mailing lists, and someone will help direct you to the right place.
The upcoming IETF Meeting in Prague will have a DNS Operations meeting on 20th July that will discuss both the draft proposal to reserve .onion as a special-use domain suffix (about which Tor Weekly News has written before), and other proposals for related projects like I2P and Gnunet. If you're going to Prague, consider attending this meeting and humming in support of reserving .onion and these other domains!
After a hiatus in activity on the tor-mirrors list, Sebastian Hahn updated the file used to build the directory of mirrors on the Tor Project website with changes made in the last few months. “If you notice any unexpected entries or think you should be on the list but aren’t, I’ll check what the problem is.”
This issue of Tor Weekly News has been assembled by Karsten Loesing, Tom Ritter, Wendy Seltzer, Isabela Bagueros, nicoo, and Harmony.
Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing list if you want to get involved!