Tor Weekly News — September 4th, 2015
Welcome to the thirty-fourth issue in 2015 of Tor Weekly News, the weekly newsletter that covers what’s happening in the Tor community.
Tor Browser 5.0.2 and 5.5a2 are out
The Tor Browser team announced new stable and alpha releases of the privacy-preserving web browser. Version 5.0.2 fixes a bug that was causing the browser’s launcher icons in the Ubuntu Unity and GNOME desktops to be duplicated, and includes a newer version of the NoScript add-on. Version 5.5a2 incorporates these updates along with another small crash bug fix from the stable series.
Both new releases include important security updates to their respective Firefox versions, so please ensure you upgrade as soon as possible. If you are already running a recent Tor Browser, it has probably updated itself already; if not, head to the project page to download your copy now.
Final reports from two Summer of Privacy students
Two of the developers participating in Tor’s first-ever Summer of Privacy coding season, Jesse Victors and Donncha O’Cearbhaill, submitted their final progress reports after months of intensive development.
Jesse’s DNS-like naming system for onion services is already in a testable state. “All of the infrastructure for OnioNS is in place”, and while a few protocols are still to be finished, “the client-side and HS-side software is pretty reliable and stable at this point”, with support for Debian, Ubuntu, Mint, and Fedora. Development will continue into the future, and “once the OnioNS software is fully ready, no modifications to Tor should be necessary to merge OnioNS into the Tor network”.
Donncha’s project, the onion service load-balancing manager OnionBalance, has also seen one testing release, and the next steps in development are to package the software for Debian, clarify the documentation, and implement “smartcard / HSM support master service key storage and signing”. “I’ll continue developing OnionBalance so that if possible, it can facilitate some form of load balancing and redundancy with next-gen hidden services”.
Congratulations to Jesse and Donncha on getting their innovative projects to this stage, and thanks to the mentors and coordinators who have made the Summer of Privacy a success. The southern-hemisphere development timetable is still ongoing, however, so stay tuned for updates from Israel and Cristóbal Leiva on their TSoP projects.
Should cloud-based Tor relays be rejected?
Observing that “we sometimes see attacks from relays that are hosted on cloud platforms”, Philipp Winter investigated the actual benefit to the Tor network that these relays provide. He found that in an average consensus from July 2015, “cloud-hosted relays contributed only around 0.8% of bandwidth” (with the caveat that “this is just a lower bound”). Rejecting such relays from the consensus might force attackers to jump through more hoops, but would mean “obtaining the netblocks that are periodically published by all three (and perhaps more) cloud providers”.
Tim Wilson-Brown (teor) wondered about the effect this might have on Tor developers and researchers who would like to use cloud-based relays, while nusenu requested that any rejection be publicly documented “so volunteers don’t waste their time and money setting up blacklisted relays”.
Karsten Loesing announced version 2.6 of Onionoo, the Tor network data observatory. This release adds two new relay family-related fields to details documents that, together with the “effective_family” field introduced in version 2.4, replace the older “family” field, which is now deprecated. These new fields support different family-mapping use-cases that may be required by Tor network tools such as Atlas, Globe, and Roster. “The current ‘family’ field will stay available until Atlas and Globe are updated. If I should also wait for other clients to be updated, please let me know.”
After several television appearances over the past few years, Tor made its literary debut last month in the fourth installment of the late Stieg Larsson’s Millennium series. A warm Tor community welcome to Lisbeth Salander — though a subscription to Tor Weekly News might clear up some of her misconceptions…
This issue of Tor Weekly News has been assembled by Harmony.
Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing list if you want to get involved!