Tor Weekly News — November 13th, 2013

Welcome to the twentieth issue of Tor Weekly News, the weekly newsletter that covers what is happening in the Tor community.

First beta release of Tor Browser Bundle 3.0

The Tor Browser Bundle is the Tor Project’s flagship product: an easy and straightforward way to browse the web with anonymity and privacy.

With previous Tor Browser Bundles, users had to interact with two different applications, Vidalia and the browser itself. Vidalia was responsible for handling and configuring the tor daemon, and the browser had no knowledge of the connection status and other details. The result was confusing error messages, and mismatched user expectations.

With the 3.0 series of Tor Browser Bundle, the browser is directly responsible for configuring and handling the tor daemon. Users only see one single application. It’s clearer that only the browser will go through the Tor network. Starting and stopping the browser will take care of starting and stopping tor — no extra steps are required.

Mike Perry, Kathleen Brade, Mark Smith, Georg Koppen, among others, are working hard to perfect many other usability and technical improvements that are part of Tor Browser Bundle 3.0 which has now reached the “beta” stage.

The new 3.0beta1 release is based on Firefox 17.0.10esr for security updates, and contains several other small improvements and corrections.

Current users of the 3.0 alpha series should update. Others should give it a try!

A critique of website traffic fingerprinting attacks

For a new blog post, Mike Perry took the time to reflect on fingerprinting attacks on website traffic. These are attacks “where the adversary attempts to recognize the encrypted traffic patterns of specific web pages without using any other information. In the case of Tor, this attack would take place between the user and the Guard node, or at the Guard node itself.”

In the post, Mike lays down three distinct types of adversary that could mount fingerprinting attacks: partial blocking of Tor, identification of visitors of a set of targeted pages, and identification of all web pages visited by a user.

In theory, such attacks could pose devastating threats to Tor users. But in practice, “false positives matter” together with other factors that affect the classification accuracy. Mike gives a comprehensive introduction to these issues before reviewing five research papers published between 2011 and 2013. Each of them are summarized together with their shortcomings.

Mike concludes that “defense work has not been as conclusively studied as these papers have claimed, and that defenses are actually easier than is presently assumed by the current body of literature.” He encourages researchers to re-evaluate existing defenses “such as HTTPOS, SPDY and pipeline randomization, Guard node adaptive padding, and Traffic Morphing“, and to think about “the development of additional defenses”. Mike ends his post by mentioning that some new defenses can also be dual purpose and help with end-to-end correlation attacks.

The “bananaphone” pluggable transport

Pluggable transports is how Tor traffic can be transformed from a
client to a bridge in order to hide it from Deep Packet Inspection filters.

Improving upon the initial work of Leif Ryge, David Stainton has been working on the new “bananaphone” pluggable transport for obfsproxy. The latter implements “reverse hash encoding“, described by Leif Ryge as “a steganographic encoding scheme which transforms a stream of binary data into a stream of tokens (e.g., something resembling natural language text) such that the stream can be decoded by concatenating the hashes of the tokens.”

For a concrete example, that means that using Project Gutenberg’s Don Quixote as corpus, one can encode “my little poney” into “lock whisper: yellow tremendous, again suddenly breathing. master’s faces; fees, beheld convinced there calm” and back again!

While it’s probably not going to be the most compact pluggable transport, “bananaphone” looks like a promising project.

Miscellaneous news

Christian Grothoff, Matthias Wachs and Hellekin Wolf are working on getting special-use domain names for P2P networks reserved according to RFC 6761: “the goal is to reserve .onion, .exit, .i2p, .gnu and .zkey (so that they don’t become ordinary commercial TLDs at some point)”.

The Tails team has released their report on Tails activity during the month of October. Things are happening on many fronts, have a look!

Andrea Shepard has been working on new scheduler code for Tor. Its goal is to remove the limitation that “we can only see one channel at a time when making scheduling decisions.” Balancing between circuits without opening new attack vectors is tricky, Andrea is asking for comments on potential heuristics.

Justin Findlay has recreated some of the website diagrams in the versatile SVG format.

Roger asked the community to create a “Tor, king of anonymity” graphic for his presentations. Griffin Boyce made a “queen of anonymity” picture, Lazlo Westerhof crowned the onion and Matt Pagan did the full Tor logo .

David Fifield released the new Pluggable Transports Tor Browser Bundle version 2.4.17-rc-1-pt2 based on Tor Browser Bundle 2.4.17-rc-1. The only change from the previous release of the pluggable transport bundle is a workaround that makes transports resume working on Mac OS X Mavericks.

Tor help desk round-up

Recently users have been writing the help desk asking for assistance verifying the signature on their Tor Browser Bundle package. These users said they found the instructions on the official Tor Project page confusing. One person reported being unsure of how to open a terminal on their computer. Another person did not know how to save the package signature onto the Desktop. Yet another person reported they were able to verify the signature only after discovering that their GnuPG program was named gpg2.exe rather than gpg.exe. A ticket on improving the signature verification page has been opened.

One user mentioned wanting to use the Tor Browser Bundle as their default browser but being unable to do so because their online bank required Java. Java is disabled in the Tor Browser Bundle because it can bypass the browser proxy settings and leak the client’s real IP address over the network.

This issue of Tor Weekly News has been assembled by Lunar, dope457, David Stainton, sqrt2, and Roger Dingledine.

Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing list if you want to get involved!