Delivery-Date: Mon, 04 Apr 2016 14:45:12 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	RCVD_IN_DNSWL_MED,T_RP_MATCHES_RCVD,URIBL_BLACK autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 22BEA1E0AFB;
	Mon,  4 Apr 2016 14:45:10 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id E19E639F21;
	Mon,  4 Apr 2016 18:45:06 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id B8DD039EE5
 for <tor-talk@lists.torproject.org>; Mon,  4 Apr 2016 18:45:03 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 4CdyUad-Kig0 for <tor-talk@lists.torproject.org>;
 Mon,  4 Apr 2016 18:45:03 +0000 (UTC)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 43B5839DC1
 for <tor-talk@lists.torproject.org>; Mon,  4 Apr 2016 18:45:03 +0000 (UTC)
Received: from [192.168.178.66] ([93.219.160.204]) by mail.gmx.com (mrgmx002)
 with ESMTPSA (Nemesis) id 0M2ckv-1bfFiY0hTJ-00sOtK for
 <tor-talk@lists.torproject.org>; Mon, 04 Apr 2016 20:44:59 +0200
To: tor-talk@lists.torproject.org
From: TWN <twn0@gmx.de>
Message-ID: <5702B621.9020400@gmx.de>
Date: Mon, 4 Apr 2016 20:44:49 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Icedove/38.7.0
MIME-Version: 1.0
X-Provags-ID: V03:K0:6YIzdrut5cnTkSPyYVuMhtIGadszMgR8HITANYEeQzW1JZ6HT2l
 XWTFM9/W0rkef7+VCXNmIJUkkIWm1PyyFhpiCmWux52jQjJ+w7jiUC1ddWKte+rh4QLIhXD
 0xibxKeVNXR65fmbnfVvnJNlj4Qbao1T4Khl48HKOiUuXMp0eGk9odPHjI5AA+OLajiCh6N
 pP1mEcyLJHySin/BaoFWw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:aIQmBKnnhkk=:fKgd3YOkScGTnCmL20DyFs
 8oVSXiEMzOUdSkGWZS4+grphES/Dw0WgO+GvXRbP/fJfiw16y68420luyx4zeTFY2lXTC5zuB
 AxbH+CIX4033b2NqE3bMbFBFOeROnDKdjr2yloKJfQ/miyOGa0ivTTCoekEAVhxKrVP/LMtCu
 qRa7yysvl9Wp5ybWXUdtug9F8pyqWWHBDh5C6qiZadnrowY8Hn/gtxAtPdnCuhFJC12nXiUV5
 4vz7yPEB1kqYYtKBZw51vdmP7xrSBqjCXRNd6IpOl1ureSr7BL7wpefxIV9O5FOJlMesyR1YD
 +ZGhkS+uhhRaq+i6ZxOthY3nO/nZoStnrvpYAtlUK1RWdjaKYaseBLOG2IGO2HK7anNfNUJ7n
 JAJmUfsPWa7/W2QA1IaZuBEv8BmITSwbGjq1mYQbuQyLqmUWq8PC4K4wdon4Vvotw4M6u9rmO
 Nvxw4HffaaqMod5iAEIh7xAX6UxxSZvg5UHixGxRTMJ9sKYV9Xa4hjc5UGYp47AriL+bjeiQb
 H+nVfDVtnIrLlBlbXgef0xgHIYWTCazP4/8//fWZesMrCXTrSdnFPFGjKrBwSJUHzQO774WIY
 3Y9iEmzsH687AKzI8kJrVi3OcytgrSV5hSkOvY/2k9MrUkvHQf7gBZQ2TBlGDX9FrVC5yF0Ad
 yP5899Uw5LtQIvS/XWph/WjJCWHFbUD+2aT6mLoevjXmAtMnBAHAmdZTn0saj+SVVXi6tEkwK
 inbwGc7z69JHwCXhSXpkJ1wqbVOSaYbYFl0zLcKhOGMEUHkD0CQeansUWRmrj84I/sMkiMMUS
 it5C0Cg
Subject: [tor-talk] Tor Weekly News -- April 4th, 2016
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

========================================================================
Tor Weekly News                                          April 4th, 2016
========================================================================

Welcome to the 5th 2016 issue of the Tor Weekly News, bringing you a
collection of Tor-related news at least a couple times per month!

Contents
--------

   1. OONI Explorer released
   2. Tor Browser 5.5.4 and 6.0a4 released
   3. Tor 0.2.8.2-alpha released
   4. Tor statement on Apple and backdoors
   5. CloudFlare debate roundup
   6. Miscellaneous News

OONI Explorer released
----------------------

The Open Observatory of Network Interference (OONI) develops free
software to detect irregular internet conditions. There are currently 15
tests in the suite [1]; one measures DNS consistency, another measures
HTTP consistency, others check if Tor is blocked, and some try to detect
HTTP-aware middleboxes between the client and the server. Volunteers
around the world can run this software [2] and report the results back
to OONI, who makes the dataset freely available. Over the last three
years, more than 8.5 million network measurements from 93 countries have
been collected.

The newly released OONI Explorer [3] provides a browsable web interface
to the collected dataset. The Highlights page [4] presents a short
analysis of some interesting anomalies which might be worthy of further
research, and the blog post [5] has more details.

   [1]: https://github.com/TheTorProject/ooni-spec/tree/master/test-specs
   [2]: https://ooni.torproject.org/
   [3]: https://explorer.ooni.torproject.org/world/
   [4]: https://explorer.ooni.torproject.org/highlights/
   [5]: https://blog.torproject.org/blog/ooni-explorer-censorship-and-other-network-anomalies-around-world

Tor Browser 5.5.4 and 6.0a4 released
------------------------------------

The most recent ESR version of Firefox (38.7.1) disables the Graphite
font rendering library (there have been a number of recent
vulnerabilities in it). Graphite was previously disabled in Tor Browser
if you had the security slider set at "Medium-High" or "High," but now
it is disabled for everyone (stable [6], unstable [7], and
unstable-hardened [8]) so you won't see it mentioned.

   [6]: https://blog.torproject.org/blog/tor-browser-554-released
   [7]: https://blog.torproject.org/blog/tor-browser-60a4-released
   [8]: https://blog.torproject.org/blog/tor-browser-60a4-hardened-released

Tor 0.2.8.2-alpha released
--------------------------

There's a new alpha release [9] of "little t tor" that includes a bunch
of bugfixes and new features.

   [9]: https://blog.torproject.org/blog/tor-0282-alpha-released

Tor statement on Apple and backdoors
------------------------------------

Much has been written after Apple publicly denounced the FBI's request
to develop and sign an iOS update that would let the FBI unlock iPhones
in their possession. While Apple rejected this particular demand, the
saga has cast a light on the single point of failure that is Apple's
signing key. Tor's Leif Ryge wrote a piece [10] for Ars Technica
pointing out that many pieces of software are built with such single
points of failure (for example, a Debian system will accept as genuine
an update signed by any of several developer keys it knows about).

Tor put out a statement [11] in solidarity with Apple's position and to
review the ongoing efforts taken to eliminate single points of failure
(deterministic builds, for example, mean a compromised build machine
can't insert what would be a hard-to-detect backdoor during the build
process).

  [10]: http://arstechnica.com/security/2016/02/most-software-already-has-a-golden-key-backdoor-its-called-auto-update/
  [11]: https://blog.torproject.org/blog/statement-tor-project-software-integrity-and-apple

Cloudflare debate roundup
-------------------------

Tor Browser users are probably familiar with the CAPTCHAs CloudFlare
presents to users from IP addresses deemed to have a negative
reputation. There's a 58-point-long aggregation of thoughts from all
sides here [12]. Cloudflare put out a blog post [13] on March 30, and
Tor responded [14] on March 31.

  [12]: https://trac.torproject.org/projects/tor/ticket/18361#comment:144
  [13]: https://blog.cloudflare.com/the-trouble-with-tor/
  [14]: https://blog.torproject.org/blog/trouble-cloudflare

Miscellaneous News
------------------

There was a Tor presence at LibrePlanet 2016: David Goulet reports on
his discussion [15] with some activists in Mexico who depend on Tor to
stay safe from a surveillance-equipped triple threat of corporations,
government, and cartels. The Library Freedom Project ("a partnership
among librarians, technologists, attorneys, and privacy advocates which
aims to make real the promise of intellectual freedom in libraries") won
the FSF's Award for Projects of Social Benefit [16].

  [15]: https://lists.torproject.org/pipermail/tor-project/2016-March/000197.html
  [16]: https://twitter.com/libraryfreedom/status/711303975073619968

Wired has a piece [17] on the Autonomy Cube [18], the
Tor-Relay-as-sculpture from Trevor, Leif, and Jake presently installed
in four museums around the world.

  [17]: http://www.wired.com/2016/04/sculpture-lets-museums-amplify-tors-anonymity-network/
  [18]: http://paglen.com/index.php?l=work&s=cube

There was a mailing list discussion about building a router/gateway that
only allows Tor traffic. Lunar [19] and Rusty Bird [20] posted some
setups; both approaches basically creating a firewall whitelist of Tor
relay IPs from the consensus.

  [19]: https://lists.torproject.org/pipermail/tor-dev/2016-March/010538.html
  [20]: https://github.com/rustybird/corridor

Yawning developed and released a Firefox addon [21] that detects
CloudFlare CAPTCHAs and automatically tries to fetch the page from
archive.is.

  [21]: https://lists.torproject.org/pipermail/tor-dev/2016-March/010604.html

Nick posted some ideas [22] on improving design and modularity in Tor.

  [22]: https://lists.torproject.org/pipermail/tor-dev/2016-March/010646.html

A TV producer is looking to interview [23] an "ordinary" Tor user. "I
think they want someone in the US they can follow around who uses Tor
for what they consider an interesting use case that fits the idea, 'Tor
is for everyone!'"

  [23]: https://lists.torproject.org/pipermail/tor-project/2016-March/000205.html

The Logan Symposium posted their talk recordings [24]; they're all
really good, but the most Tor-related one is this discussion [25]
between the developers of a few Tor-enabled operating systems (Tails,
Qubes, and Subgraph).

  [24]: https://www.youtube.com/playlist?list=PLS_7b8Iu1oBGXgCt1y3-i8lUD4gFI2u7S
  [25]: https://www.youtube.com/watch?v=Nol8kKoB-co

Colophon
--------

This issue of Tor Weekly News has been assembled by jl. If you're
interested in contributing, see the wiki page [26] :)

  [26]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

