Tor Weekly News — October 2nd, 2013

Welcome to the fourteenth issue of Tor Weekly News, the weekly newsletter that covers what’s happening in the much-discussed Tor community.

Tor Browser Bundle 3.0alpha4 released

On September 28th, Mike Perry released the fourth alpha of the new Tor Browser Bundle 3.0 series. The main highlights of this series are the important usability improvements that integrate Tor configuration and control into the browser itself, rather than relying on the unmaintained Vidalia interface.

The latest iteration is based on Firefox 17.0.9esr, which brings with it a lot of important security fixes. It also fixes a fingerprinting issue by randomizing the timestamp sent when establishing an HTTPS connection.

Two small but important usability improvements in the new Tor Launcher component were made: users can now directly copy and paste “bridge” lines from the bridge database, while clock-skews that would prevent Tor from functioning properly are now reported to users.

Download your copy, test it, and report any problems you find. If you're feeling adventurous, you can also try out the crucial new security process by independently reproducing the binaries from the publicly-reviewable source code.

Tor mini-hackathon at GNU 30th anniversary

The Tor mini-hackathon at the GNU 30th anniversary event took place over the weekend, and Nick Mathewson sent out a brief report on how things went. As well as working on proposal 220, which involves improvements to Tor server identity keys, Nick merged some small patches into the Tor mainline branch, and collected promises of several more to come. He also directed a few enquiring minds towards Tor's online community, saying “I hope we’ll be seeing more of some of the folks I talked to on our mailing lists and IRC channels soon”.

Tor Stack Exchange page in private beta

The Tor Stack Exchange page, which reached 100% commitment last week, has now been moved into the ‘private beta’ stage. Runa Sandvik clarified that “the purpose behind it is to ensure that users who committed to the site’s proposal have a chance to start asking and answering questions, as well as help with the initial community building activities that will define and shape the site”. She added that “the more experts who participate in the private beta, the more certain it is that our page will move on to the next stage (i.e. the public beta).”

Fruitful discussions are already taking place: Karsten Loesing wrote to the wider community on the question of what to do about contact information for bridge operators after it was posed on Stack Exchange.

Roger Dingledine put out a call for Tor developers and anonymity researchers to participate in answering questions on the site, adding “Steven, Philipp, Jens, and I can't do it by ourselves.” If you have expert knowledge to contribute, please send an email to to get an invitation!

liballium: Pluggable Transports utility library in C

Yawning Angel announced a new library to ease the task of writing pluggable transports. liballium is a “simple library that handles the Tor Pluggable Transport Configuration protocol. The idea is for this library to be the C/C++ equivalent to pyptlib (and maybe more, depending on how much time I have to work on it).”

The code is available for review featuring “a reasonably well commented example.”

Feel free to follow up with “questions, comments, feedback”!

Tor Help Desk Roundup

Multiple users wrote to the help desk asking for guidance setting up hidden service sites. The most straightforward documentation for hidden services is in the torrc file itself. A more in-depth guide can be found on the Tor Project website. The website also documents how hidden services work. Technical details can be found in the Rendezvous Specification document.

Monthly status reports for September 2013

The wave of regular monthly reports from Tor project members for the month of September has begun. Runa Sandvik released her report first, followed by reports from Damian Johnson, Philipp Winter, Sherief Alaa, and Noel David Torres Taño.

Miscellaneous news

Mike Perry published his new GPG public key, adding: “this new key will be used to sign email from me going forward, and will be used to sign software releases until such time as I get around to creating a second set of keys on a hardware token for that purpose”.

David Fifield updated the Pluggable Transports bundles using the latest Tor Browser Bundle. In order to benefit from the improvements and security fixes, please update!

intrigeri sent a release schedule for Tails 0.21. The first release candidate should be out on October 20th.

Roger Dingledine sent out “a list of criteria to consider when evaluating pluggable transports for readiness of deployment to users”, asking for comments on his initial draft.

If you have the necessary hardware and want to help Tails out, please test two upcoming features: persistent printer settings and support for more SD card readers (the “sdio” type).

This issue of Tor Weekly News has been assembled by harmony, Lunar, dope457, and Matt Pagan.

Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing list if you want to get involved!