Delivery-Date: Wed, 13 Aug 2014 08:02:51 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 671D01E0328;
	Wed, 13 Aug 2014 08:02:48 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 60E6C3016B;
	Wed, 13 Aug 2014 12:02:44 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id A50952EBE2;
 Wed, 13 Aug 2014 12:02:40 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id RHnRSymYA1c8; Wed, 13 Aug 2014 12:02:40 +0000 (UTC)
Received: from mail.poivron.org (poivron.org [91.194.60.101])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.poivron.org",
 Issuer "StartCom Class 2 Primary Intermediate Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 52F18283FB;
 Wed, 13 Aug 2014 12:02:40 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1]) with ESMTPSA id C15E6C0045E
Date: Wed, 13 Aug 2014 12:02:26 +0000
From: Lunar <lunar@torproject.org>
To: tor-news@lists.torproject.org, tor-talk@lists.torproject.org
Message-ID: <20140813120226.GH11973@localhost.localdomain>
Mail-Followup-To: tor-news@lists.torproject.org, tor-talk@lists.torproject.org
MIME-Version: 1.0
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: [tor-talk] =?utf-8?q?Tor_Weekly_News_=E2=80=94_August_13th=2C_201?=
	=?utf-8?q?4?=
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============2392661893344653085=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============2392661893344653085==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="6BvahUXLYAruDZOj"
Content-Disposition: inline


--6BvahUXLYAruDZOj
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Tor Weekly News                                        August 13th, 2014
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Welcome to the thirty-second issue of Tor Weekly News in 2014, the
weekly newsletter that covers what is happening in the Tor community.

Torsocks 2.0 is now considered stable
-------------------------------------

Torsocks=C2=A0[1] is a wrapper program that will force an application=E2=80=
=99s
network connections to go through the Tor network. David Goulet
released=C2=A0[2] version 2.0.0, blessing the new codebase as stable after
more than a year of efforts=C2=A0[3].

David=E2=80=99s original email highlighted several reasons for a complete
rewrite of torsocks. Among the issues were maintainability, error
handling, thread safety, and a lack of proper compatibility layer for
multiple architectures. The new implementation addresses all these
issues while staying about the same size as the previous version (4,000
lines of C according to sloccount), and test coverage has been vastly
extended.

Torsocks comes in handy when a piece of software does not natively
support the use of a SOCKS proxy. In most cases, the new version may be
safer, as torsocks will prevent DNS requests and non-torified
connections from happening.

Integrators and power users should watch their steps while migrating to
the new version. The configuration file format has changed, and some
applications might behave differently as more system calls are now
restricted.

  [1]: https://gitweb.torproject.org/torsocks.git/blob/HEAD:/README.md
  [2]: https://lists.torproject.org/pipermail/tor-dev/2014-August/007330.ht=
ml
  [3]: https://lists.torproject.org/pipermail/tor-dev/2013-June/004959.html

Next generation Hidden Services and Introduction Points
-------------------------------------------------------

When Tor clients need to connect to a Hidden Service, the first step is
to create a circuit to its =E2=80=9CIntroduction Point=E2=80=9D. There, the=
 Tor client
serving the Hidden Service will be waiting through another circuit to
agree on a =E2=80=9CRendezvous Point=E2=80=9D and pursue the communication =
through
circuits connecting to this freshly selected Tor node.

This general design is not subject to any changes in the revision of
hidden services=C2=A0[4] currently being worked on. But there are still some
questions left unanswered regarding the best way to select Introduction
Points. George Kadianakis summarized=C2=A0[5] them as: =E2=80=9CHow many IP=
s should
an HS have? Which relays can be IPs? What=E2=80=99s the lifetime of an IP?=
=E2=80=9D

For each of these questions, George collected possible answers and
assessed whether or not they could respond to several attacks identified
in the past. Anyone interested should help with the research needed and
join the discussion.

In the meantime, Michael Rogers is also trying to find ways=C2=A0[6] to
improve hidden service performance in mobile contexts. One way to do so
would be to =E2=80=9Ckeep the set of introduction points as stable as possi=
ble=E2=80=9D.
However, a naive approach to doing so would ease the job of attackers
trying to locate a hidden service. The idea would be to always use the
same guard and middle node for a given introduction point, but this
might also open the doors to new attacks. Michael suggests experimenting
with the recently published Java research framework=C2=A0[7] to gain a bett=
er
understanding of the implications.

  [4]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/224-r=
end-spec-ng.txt
  [5]: https://lists.torproject.org/pipermail/tor-dev/2014-August/007335.ht=
ml
  [6]: https://fulpool.org/pipermail/hidden-services/2014-August/000019.html
  [7]: https://github.com/drgowen/tor-research-framework

More status reports for July 2014
---------------------------------

The wave of regular monthly reports from Tor project members for the
month of July continued, with submissions from Andrew Lewman=C2=A0[8],
Colin C.=C2=A0[9], and Damian Johnson=C2=A0[10].

Roger Dingledine sent out the report for SponsorF=C2=A0[11]. Arturo Filast=
=C3=B2
described what the OONI team=C2=A0[12] was up to. The Tails team covered
their activity for June and July=C2=A0[13].

  [8]: https://lists.torproject.org/pipermail/tor-reports/2014-August/00061=
5.html
  [9]: https://lists.torproject.org/pipermail/tor-reports/2014-August/00061=
6.html
 [10]: https://lists.torproject.org/pipermail/tor-reports/2014-August/00061=
7.html
 [11]: https://lists.torproject.org/pipermail/tor-reports/2014-August/00061=
9.html
 [12]: https://lists.torproject.org/pipermail/tor-reports/2014-August/00062=
1.html
 [13]: https://tails.boum.org/news/report_2014_06-07/

Miscellaneous news
------------------

Two Tor Browser releases are at QA stage: 4.0-alpha-1=C2=A0[14] including
meek and a new directory layout, and 3.6.4=C2=A0[15] for security fixes.

 [14]: https://lists.torproject.org/pipermail/tor-qa/2014-August/000436.html
 [15]: https://lists.torproject.org/pipermail/tor-qa/2014-August/000439.html

The recent serious attack against Tor hidden services=C2=A0[16] was also a
Sybil attack: a large number of malicious nodes joined the network at
once. This led to a renewal of interest in detecting Sybil attacks
against the Tor network more quickly. Karsten Loesing published some
code=C2=A0[17] computing similarity metrics, and David Fifield has explored
visualizations=C2=A0[18] of the consensus that made the recent attack
visible.

 [16]: https://blog.torproject.org/blog/tor-security-advisory-relay-early-t=
raffic-confirmation-attack
 [17]: https://github.com/kloesing/SAD
 [18]: https://bugs.torproject.org/12813

Gareth Owen sent out an update=C2=A0[19] about the Java Tor Research
Framework. This prompted a discussion with George Kadianakis and Tim
about the best way to perform fuzz testing=C2=A0[20] on Tor. Have a look if
you want to comment on Tim=E2=80=99s approaches=C2=A0[21].

 [19]: https://lists.torproject.org/pipermail/tor-dev/2014-August/007328.ht=
ml
 [20]: https://en.wikipedia.org/wiki/Fuzz_testing
 [21]: https://lists.torproject.org/pipermail/tor-dev/2014-August/007334.ht=
ml

Thanks to Daniel Thill=C2=A0[22] for running a mirror of the Tor Project
website!

 [22]: https://lists.torproject.org/pipermail/tor-mirrors/2014-August/00065=
1.html

ban mentioned=C2=A0[23] a new service collecting donations for the Tor
network. OnionTip=C2=A0[24], set up by Donncha O=E2=80=99Cearbhaill, will c=
ollect
bitcoins and redistribute them to relay operators who put a bitcoin
address in their contact information. As the redistribution is currently
done according to the consensus weight, Sebastian Hahn warned=C2=A0[25] that
this might encourage people to =E2=80=9Ccheat the consensus weight=E2=80=9D=
 because that
now means =E2=80=9Cmore money from oniontip=E2=80=9D.

 [23]: https://lists.torproject.org/pipermail/tor-relays/2014-August/005073=
=2Ehtml=20
 [24]: https://oniontip.com/
 [25]: https://lists.torproject.org/pipermail/tor-relays/2014-August/005077=
=2Ehtml

Juha Nurmi sent another update=C2=A0[26] on the ahmia.fi GSoC project.

 [26]: https://lists.torproject.org/pipermail/tor-reports/2014-August/00062=
0.html

News from Tor StackExchange
---------------------------

arvee wants to redirect some TCP connections through Tor on OS X=C2=A0[28];
Redsocks=C2=A0[27] should help to route packets for port 443 over Tor.
mirimir explained that given the user's pf configuration, the setting
=E2=80=9CSocksPort 8888=E2=80=9D was probably missing.

 [27]: https://tor.stackexchange.com/q/3802/88
 [28]: http://darkk.net.ru/redsocks/

meee asked a question and offered a bounty for an answer: the circuit
handshake entry in Tor=E2=80=99s log file contains some numbers, and meee w=
ants
to know what their meaning is=C2=A0[29]: =E2=80=9CCircuit handshake stats s=
ince last
time: 1833867/1833868 TAP, 159257/159257 NTor.=E2=80=9D

 [29]: https://tor.stackexchange.com/q/3213/88

Easy development tasks to get involved with
-------------------------------------------

The bridge distributor BridgeDB=C2=A0[30] usually gives out bridges by
responding to user requests via HTTPS and email. A while ago, BridgeDB
also gave out bridges to a very small number of people who would then
redistribute bridges using their social network. We would like to resume
sending bridges to these people, but only if BridgeDB can be made to
send them via GnuPG-encrypted emails=C2=A0[31]. If you=E2=80=99d like to di=
ve into
the BridgeDB code and add support for GnuPG-encrypted emails, please
take a look at the ticket and give it a try.

 [30]: https://bridges.torproject.org/
 [31]: https://bugs.torproject.org/9332

Upcoming events
---------------

 Aug. 13 13:30 UTC | little-t tor development meeting
                   | https://lists.torproject.org/pipermail/tor-dev/2014-Au=
gust/007314.html
                   | #tor-dev, irc.oftc.net
                   |
 Aug. 13 16:00 UTC | Pluggable transport online meeting
                   | https://lists.torproject.org/pipermail/tor-dev/2014-Au=
gust/007317.html
                   | #tor-dev, irc.oftc.net
                   |
 Aug. 18 18:00 UTC | Tor Browser online meeting
                   | #tor-dev, irc.oftc.net
                   | https://lists.torproject.org/pipermail/tbb-dev/2014-Au=
gust/000100.html
                   |
 August 18         | Roger @ FOCI =E2=80=9914
                   | San Diego, California, USA
                   | https://www.usenix.org/conference/foci14
                   |
 August 20-22      | Roger @ USENIX Security Symposium =E2=80=9914
                   | San Diego, California, USA
                   | https://www.usenix.org/conference/usenixsecurity14


This issue of Tor Weekly News has been assembled by Lunar, qbi,
Karsten Loesing, harmony, and Philipp Winter.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page=C2=A0[32], write down your
name and subscribe to the team mailing list=C2=A0[33] if you want to
get involved!

 [32]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
 [33]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team

--6BvahUXLYAruDZOj
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJT61PKAAoJEEAsIlA9Nuk2RR0P/R5TGGfNnER46G1q+lIJCgJe
aplA0Fwm6MhgRMVYWWwEd73yq0dLFMEB1fUxldrjO7WM0VwSeXf348YUGpjzzc4t
KKARMCXPVv+ur79qg2lKJdgK/67eBGtp4vVPY74rZVhLBMthc44zf2oLbJKWCk36
Bp91dIQNsbt3aaDnsz3FQaQJDL8y5CCpa6I4cFpcNYBLbEevDFF0fp/rzF8aJq6g
5Xu5VNNbMGuAose0NdSLcLeDH9a8YLhrADQ3v3WDwL/Mc0L9eoCwJ4k9f90GWHwV
uCDdwQb9+dgG5WG+Hb4XYJDDRALMDWH0E4HvcpRGi2OVvOpkpHUUaJWeheby7o/c
fIX2NY45pcovaNrrK+BXNc+DI82IEvjiX90S7Cz6DKnQ++bsoE2pYOZYDG4H7VtK
7IYiOQ6ONwNtVWyHpWu9GkSQcI+DfrtTXgl7cQX8eMrweWRp5ghfFsKIJntVJKQg
Ch4eiK4Gd7raLdtzu/ochCnjy51Du7ZGw4FALEc4XJsl1uLzFlrfHU9aCeemaLnK
AFeJGdEC+rGkpfxhfDqUPjo+TDFGB0lngKHSSSSIGhDP4dhIOXEHY3YsUJ9ymmZF
xB5y1YcE16mYaRvJ+euq12qpaVkwDtmCCxTNuQcIipwn+y0GxSZH3R5pCOMiH7TM
jEJGiJMlxZGHwv3GvCYi
=LwKT
-----END PGP SIGNATURE-----

--6BvahUXLYAruDZOj--

--===============2392661893344653085==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============2392661893344653085==--

