Tor Weekly News — November 26th, 2014

Welcome to the forty-seventh issue in 2014 of Tor Weekly News, the weekly newsletter that covers what’s happening in the Tor community.

A new Tor directory authority

Tor, being free software, can be used by anyone to set up their own anonymity network, as Tom Ritter demonstrated last month; but “the Tor network” as we know it today consists of the 6500+ relays voted on by nine “directory authorities” (or “dirauths”), operated by trusted members of the Tor development team and community.

As Mike Perry, a longtime directory authority operator, wished to retire his machine, “turtles”, without unbalancing the number of authorities producing the consensus, a new authority named “longclaw” was brought online by the autonomous tech collective Riseup, which has been offering free and secure methods of communication (most of them now available as hidden services) since 1999.

Thanks to Riseup for playing this key role in the operation of the Tor network!

Miscellaneous news

Nathan Freitas announced the release of Orbot 14.1.3, which includes improved handling of background processes; it builds on the earlier 14.1.0, which brought with it support for Android 5.0 Lollipop, as well as stability fixes. Orweb was brought up to version 0.7, also introducing support for the new Android release.

George Kadianakis sent out a co-authored draft of a proposal for statistics concerning hidden service activity that relays could collect and publish without harming the anonymity or security of users and hidden services, and which might “be useful to Tor developers and to people who want to understand hidden services and the onionspace better.”

Tom Ritter drafted a proposal exploring methods a hidden service operator might use to prove to certificate authorities that they control the service’s private key when requesting SSL certificates.

Karsten Loesing spruced up the documentation on the Tor Metrics portal, including a handy glossary of frequently-used Tor-specific terms.

Damian Johnson sketched out a roadmap for further development of Stem, the Tor controller library in Python, welcoming “more general ideas on directions to take Stem, the tor-prompt, and this whole space”.

Andrew Lewman reported on his experiments in mirroring the Tor Project website using the Fastly CDN as well as the BitTorrent Sync application.

Following a suggestion that a guide to server hardening should be distributed with the tor software package, Libertas drafted a sample document and asked for reviews. “Please share any opinions or contributions you have. This was written in a little more than an hour, so it’s still a work in progress.”

Libertas also scanned a large number of currently-running Tor relays to check which ssh access authentication methods their servers supported, finding 2051 relays that still permitted password-based ssh authentication. “Generally, it is far more secure to allow only public key auth. The Ubuntu help pages have a good guide on setting up key-based auth”.

SiNA Rabbani noted that a large proportion of Tor exit relays are located in Europe, and called for relay operators to consider running nodes with US hosts. “I am not sure if the reason is lack of Tor-friendly ISPs or people are just too freaked out about the summer of Snowden. I think it’s very wrong to assume that EU countries are not part of the world-wide-wiretap, packets are going through a few internet exchanges anyways.”

Thanks to Andy Weber, Matt Kraai, Alexander Dietrich, James Murphy, Jesse Victors, Lucid Networks, mirror-server.de, NTU Open Source Society, and Justaguy for running mirrors of the Tor Project’s website and software!

Tor help desk roundup

The help desk commonly sees questions from users who get error messages when using Vidalia, the graphical Tor controller. Vidalia is unmaintained and many of its features simply do not work any more, so it has been deprecated. For web browsing, only the latest version of Tor Browser should be used. If you were trying to use the (now also defunct) Vidalia Bridge or Relay Bundles, documentation for how to set up bridges and regular relays more effectively without Vidalia can be found on the website.

This issue of Tor Weekly News has been assembled by Harmony, Matt Pagan, Roger Dingledine, and Karsten Loesing.

Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing list if you want to get involved!