Delivery-Date: Wed, 16 Jul 2014 09:12:05 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id EEF101E045A
	for <archiver@seul.org>; Wed, 16 Jul 2014 09:12:02 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id F0CA92FC5B;
	Wed, 16 Jul 2014 13:12:01 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id B431C2FBB4;
 Wed, 16 Jul 2014 13:09:51 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id p2SRdGE56c7v; Wed, 16 Jul 2014 13:09:51 +0000 (UTC)
Received: from mail.potager.org (quatre.potager.org [91.194.60.100])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.potager.org",
 Issuer "StartCom Class 2 Primary Intermediate Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 686222FBB2;
 Wed, 16 Jul 2014 13:09:51 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1]) with ESMTPSA id BCD36C2B866
Date: Wed, 16 Jul 2014 15:09:46 +0200
From: Lunar <lunar@torproject.org>
To: tor-news@lists.torproject.org, tor-talk@lists.torproject.org
Message-ID: <20140716130946.GD6184@loar>
Mail-Followup-To: tor-news@lists.torproject.org, tor-talk@lists.torproject.org
MIME-Version: 1.0
User-Agent: Mutt/1.5.23 (2014-03-12)
Subject: [tor-talk] =?utf-8?q?Tor_Weekly_News_=E2=80=94_July_16th=2C_2014?=
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============2022095434826238321=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============2022095434826238321==
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="gE7i1rD7pdK0Ng3j"
Content-Disposition: inline


--gE7i1rD7pdK0Ng3j
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Tor Weekly News                                          July 16th, 2014
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Welcome to the sixteenth issue of Tor Weekly News in 2014, the weekly
newsletter that covers what is happening in the Tor community.

Roundup of research on incentives for running Tor relays
---------------------------------------------------------

As an hors-d=E2=80=99=C5=93uvre to the now on-going the Privacy Enhancing T=
echnology
Symposium=C2=A0[1], Rob Jansen wrote a long blog post=C2=A0covering the las=
t five
years of research on incentives for running Tor relays=C2=A0[2].

Rob introduces the topic by describing the current =E2=80=9Cvolunteer resou=
rce
model=E2=80=9D and mentions that =E2=80=9Chas succeeded so far: Tor now con=
sists of over
5000 relays transferring between 4 and 5 GiB/s in aggregate=E2=80=9D. Rob l=
ists
several possible reasons why volunteers run relays right now. They are
all intrinsic motivations: current operators run relays because they
really want to.

Is only relying on volunteers going to limit the growth of the Tor
network in the future? There are already not-for-profit
organizations=C2=A0[3] operating relays based on donations, but growing them
too much would also be problematic. Another area being explored are
extrinsic motivations: making Tor clients faster when someone runs a
relay or giving a financial reward=C2=A0=E2=80=94 in a currency or another=
=C2=A0=E2=80=94 for the
service. Some can legitimately ask if they are suitable for Tor at
all=C2=A0[4] and Rob raises plenty of legitimate concerns on how they would
interact with the current set of volunteers.

The problem keeps interesting researchers, and Rob details no less than
six schemes: the oldest are PAR=C2=A0[5] and Gold Star=C2=A0[6] which intro=
duced
anonymity problems, BRAIDS=C2=A0[7] where double spending of rewards is
prevented without leaking timing information, LIRA=C2=A0[8] which focused on
scalability, TEARS=C2=A0[9] where a publicly auditable e-cash protocol redu=
ce
the reliance on trusted parties, and finally, the (not ideally
named=C2=A0[10]) TorCoin=C2=A0[11] which introduces the idea of a crypto-cu=
rrency
based on =E2=80=9Cproof-of-bandwidth=E2=80=9D.

Rob details the novel ideas and drawbacks of each schemes, so be sure to
read the original blog post for more details. After this roundup, Rob
highlights that =E2=80=9Crecent research has made great improvements in the=
 area
of Tor incentives=E2=80=9D. But that=E2=80=99s for the technical side as =
=E2=80=9Cit is unclear
how to make headway on the social issues=E2=80=9D.

=E2=80=9CTor has some choices to make in terms of how to grow the network a=
nd
how to position the community during that growth process=E2=80=9D concludes=
 Rob.
So let=E2=80=99s have that conversation.

   [1]:=C2=A0https://petsymposium.org/2014/
   [2]:=C2=A0https://blog.torproject.org/blog/tor-incentives-research-round=
up-goldstar-par-braids-lira-tears-and-torcoin
   [3]:=C2=A0https://www.torservers.net/
   [4]:=C2=A0http://p2pfoundation.net/Intrinsic_vs._Extrinsic_Motivation#Wh=
y_Extrinsic_Motivation_Doesn.27t_Work
   [5]:=C2=A0http://cs.gmu.edu/~astavrou/research/Par_PET_2008.pdf
   [6]:=C2=A0http://freehaven.net/anonbib/papers/incentives-fc10.pdf
   [7]:=C2=A0http://www.robgjansen.com/publications/braids-ccs2010.pdf
   [8]:=C2=A0http://www.robgjansen.com/publications/lira-ndss2013.pdf
   [9]:=C2=A0http://www.robgjansen.com/publications/tears-hotpets2014.pdf
  [10]:=C2=A0https://www.torproject.org/docs/trademark-faq#researchpapers
  [11]:=C2=A0http://www.robgjansen.com/publications/torpath-hotpets2014.pdf

Defending against guard discovery attacks with layered rotation time
--------------------------------------------------------------------

Guard nodes are a key component of a Tor client=E2=80=99s anonymity. Once an
attacker gains knowledge of which guard node is being used by a
particular client, putting the guard node under monitoring is likely the
last step before finding a client=E2=80=99s IP address.

George Kadianakis has restarted the discussion=C2=A0[12] on how to slow down
guard discovery of hidden services=C2=A0[13] by exploring the idea of
=E2=80=9Ckeeping our middle nodes more static=E2=80=9D. The idea is to slow=
 down the
attacks based on repeated circuit destruction by reusing the same
=E2=80=9Cmiddle nodes for 3-4 days instead of choosing new ones for every
circuit=E2=80=9D. Introducing this new behavior will slow down the attack, =
but
George asks =E2=80=9Care there any serious negative implications?=E2=80=9D

The idea is not new, as Paul Syverson pointed out=C2=A0[14]: =E2=80=9CLasse=
 and I
suggested and explored the idea of layered guards when we introduced
guards=E2=80=9D. He adds =E2=80=9Cthere are lots of possibilities here=E2=
=80=9D.

George worries that middle nodes would then =E2=80=9Calways see your traffic
coming through your guard (assuming a single guard per client)=E2=80=9D. Ian
Goldberg added=C2=A0[15] =E2=80=9Cthe exit will now know that circuits comi=
ng from
the same middle are more likely to be the same client=E2=80=9D. Restricting=
 the
change to only hidden services and not every client means that it will
be =E2=80=9Ceasy for an entry guard to learn whether a client has static mi=
ddle
nodes or not=E2=80=9D.

As George puts it the latest message in the thread=C2=A0[16]: =E2=80=9CAs a=
lways,
more research is needed=E2=80=A6=E2=80=9D Please help!

  [12]:=C2=A0https://lists.torproject.org/pipermail/tor-dev/2014-July/00712=
2.html
  [13]:=C2=A0https://bugs.torproject.org/9001
  [14]:=C2=A0https://lists.torproject.org/pipermail/tor-dev/2014-July/00712=
5.html
  [15]:=C2=A0https://lists.torproject.org/pipermail/tor-dev/2014-July/00712=
3.html
  [16]:=C2=A0https://lists.torproject.org/pipermail/tor-dev/2014-July/00712=
6.html

More monthly status reports for June 2014
-----------------------------------------

The wave of regular monthly reports from Tor project members for the
month of June continued, with submissions from Michael Schloh von
Bennewitz=C2=A0[17] and Andrew Lewman=C2=A0[18].

Arturo Filast=C3=B2 reported on behalf of the OONI team=C2=A0[19], while Ro=
ger
Dingledine submitted the SponsorF report=C2=A0[20]

  [17]:=C2=A0https://lists.torproject.org/pipermail/tor-reports/2014-July/0=
00587.html
  [18]:=C2=A0https://lists.torproject.org/pipermail/tor-reports/2014-July/0=
00588.html
  [19]:=C2=A0https://lists.torproject.org/pipermail/tor-reports/2014-July/0=
00586.html
  [20]:=C2=A0https://lists.torproject.org/pipermail/tor-reports/2014-July/0=
00589.html

Miscellaneous news
------------------

The various roadmaps that came out of the 2014 summer dev. meeting=C2=A0[21]
have been transcribed=C2=A0[22] in a joint effort by George Kadianakis,
Yawning Angel, Karsten Loesing, and an anonymous person. Most items will
probably be matched with a ticket soon.

  [21]:=C2=A0https://trac.torproject.org/projects/tor/wiki/org/meetings/201=
4SummerDevMeeting
  [22]:=C2=A0https://trac.torproject.org/projects/tor/wiki/org/meetings/201=
4SummerDevMeeting/Roadmaps

The Tor Project is hiring a financial controller=C2=A0[23]. This is a part
time position, approximately 20 hours per week, at the office in
Cambridge, Massachusetts.

  [23]:=C2=A0https://www.torproject.org/about/jobs-controller.html

The Tails developers announced the creation of two new mailing lists.
=E2=80=9CIf you are a designer, UX/UI expert or beginner=E2=80=9D=C2=A0[24]=
 interested in the
theory and practice of designing user interfaces for Tails, the tails-ux
list=C2=A0[25] is for you, while the tails-project list=C2=A0[26] is dedica=
ted to
=E2=80=9Cthe =E2=80=98life=E2=80=99 of the project=E2=80=9C=C2=A0[27]; howe=
ver, =E2=80=9Ctechnical questions should
stay on tails-dev=E2=80=9D.

  [24]:=C2=A0https://mailman.boum.org/pipermail/tails-dev/2014-July/006330.=
html
  [25]:=C2=A0https://mailman.boum.org/listinfo/tails-ux
  [26]:=C2=A0https://mailman.boum.org/listinfo/tails-project
  [27]:=C2=A0https://mailman.boum.org/pipermail/tails-dev/2014-July/006329.=
html

Alan kicked of the aforementioned tails-ux mailing list announcing
progress=C2=A0[28] on Tails initial login screen. The new set of mockups is
visible on the corresponding blueprint=C2=A0[29].

  [28]:=C2=A0https://mailman.boum.org/pipermail/tails-ux/2014-July/000000.h=
tml
  [29]:=C2=A0https://tails.boum.org/blueprint/tails-greeter:_revamp_UI/

More mockups! Nima Fatemi produced=C2=A0[30] some for a possible
browser-based Tor control panel, incorporating features that were lost
with the removal of Vidalia from the Tor Browser, such as the world map
with Tor circuit visualizations. =E2=80=9CHow would you perfect that image?=
=C2=A0[31]
What=E2=80=99s missing?=E2=80=9D, asked Nima, hoping =E2=80=9Cto inspire pe=
ople to start hacking
on it=E2=80=9D.

  [30]:=C2=A0https://lists.torproject.org/pipermail/tor-dev/2014-July/00711=
5.html
  [31]:=C2=A0https://people.torproject.org/~nima/ux/about-tor.png

Meanwhile, Sean Robinson had been working=C2=A0[32] on a new graphical Tor
controller called Syboa=C2=A0[33]. Sean=E2=80=99s =E2=80=9Cprimary motivati=
on for Syboa was
to replace TorK, so it looks=C2=A0[34] more like TorK than Vidalia=E2=80=9D=
=2E Sean
announces that he will not have time for further development soon but
that he would answer questions.

  [32]:=C2=A0https://lists.torproject.org/pipermail/tor-dev/2014-July/00713=
6.html
  [33]:=C2=A0https://gitorious.org/syboa/syboa
  [34]:=C2=A0https://gitorious.org/syboa/syboa/source/7082a82:docs/screensh=
ot-basic.png

Juha Nurmi submitted=C2=A0[35] the weekly status report for the ahmia.fi GS=
oC
project.

  [35]:=C2=A0https://lists.torproject.org/pipermail/tor-reports/2014-July/0=
00590.html

Thanks to the University of Edinburgh=E2=80=99s School of Informatics=C2=A0=
[36],
funcube.fr=C2=A0[37], Stefano Fenoglio=C2=A0[38], IP-Connect=C2=A0[39], Jus=
tin
Ramos=C2=A0[40], Jacob Henner from Anatomical Networks=C2=A0[41], and
Hackabit.nl=C2=A0[42] for running mirrors of the Tor Project website!

  [36]:=C2=A0https://lists.torproject.org/pipermail/tor-mirrors/2014-July/0=
00623.html
  [37]:=C2=A0https://lists.torproject.org/pipermail/tor-mirrors/2014-July/0=
00624.html
  [38]:=C2=A0https://lists.torproject.org/pipermail/tor-mirrors/2014-July/0=
00627.html
  [39]:=C2=A0https://lists.torproject.org/pipermail/tor-mirrors/2014-July/0=
00632.html
  [40]:=C2=A0https://lists.torproject.org/pipermail/tor-mirrors/2014-July/0=
00633.html
  [41]:=C2=A0https://lists.torproject.org/pipermail/tor-mirrors/2014-July/0=
00634.html
  [42]:=C2=A0https://lists.torproject.org/pipermail/tor-mirrors/2014-July/0=
00638.html

Tor help desk roundup
---------------------

Users often ask about for assistance setting up Tor Cloud instances.
Sina Rabbani is taking over the maintenance of Tor Cloud and is working
on updating the packages and documentation. Until new documentation on
using the up-to-date images and Amazon Web Services interface lands,
users not already familiar with AWS may want to use a different virtual
server provider to host their bridges.

Easy development tasks to get involved with
-------------------------------------------

The setup scripts of the Flashproxy and Obfsproxy pluggable transports
attempt to download and build the M2Crypto library if they are not
already installed. We=C2=B4d really want to avoid this and have the setup
script fail if not all libraries are present for building Flashproxy.
The ticket that describes this bug also outlines a possible workaround
that disables all downloads during the setup process=C2=A0[43]. If you know=
 a
bit about setuptools and want to turn this description into a patch and
test it, please give it a try.

  [43]:=C2=A0https://bugs.torproject.org/10847#comment:4

Upcoming events
---------------

 July 15-19        | 14th Privacy Enhancing Technologies Symposium
                   | Amsterdam, The Netherlands
                   | https://petsymposium.org/2014/
                   |
 August 20-22      | Roger @ USENIX Security Symposium =E2=80=9914
                   | San Diego, California, USA
                   | https://www.usenix.org/conference/usenixsecurity14


This issue of Tor Weekly News has been assembled by Lunar, harmony,
Matt Pagan, Karsten Loesing, and George Kadianakis.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page=C2=A0[44], write down your
name and subscribe to the team mailing list=C2=A0[45] if you want to
get involved!

  [44]:=C2=A0https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
  [45]:=C2=A0https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team

--gE7i1rD7pdK0Ng3j
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCAAGBQJTxnmaAAoJEEgU3sIrMHw8yjMQAJucLySy5CSwU6pPNvUP11Q1
ax6eHdSFE4ExAiUDgr9DHhCMaQSRCxqHVZxPXVc08wjuh8Se0Tys833lteFj3ICy
10AE9fbyjpTfaXlAtgMD2axHEfTFbU9DOH08I1uCwK6NVYD2HySQBt1vFsRHtfCx
j7w1g4aNgwnunysabQ84H8j9Csat/ghRhS3i0+YFyC1UY0si6iIz9oPrnFRxeNr6
5ykKU5nRe0Vav0c8+s8QaAY0Cp4eeWKjLzRRi+YgzalgIFrFmxK19XdO0jS+jZ3U
zxy58Q6AbdpNfuDDdIabp7yVhc9jiL4UtpYsCseEKkE+MmvNBeSq+2Hq70CBMXkc
r1f2EvBbYZm957NCLKDbyiBRH5KCQk0ZY5M0KFetPQTByDTtlgYskRelq3QlC0ZS
eX+Dk2ameh4Nh/cN0ls8Glx7SCJ7M5QcZBakqWRiV5hKvmEQkjKQg6c/UwE2SrZg
EitoFuU+w7oDrZDJAWMKkZTgLZBtP6aLA0nXbULUIFkV/Nebs/ruv2RGIOgHW9Fu
W8p0wViVqdKAMYBMo8AbZwE3ZUOuFf7MpXrS4aYxpKMuN72X/3TPrIQQlgeAZFwB
v0ijVZQ+MB3ZHlU8wRwYneAXVzDa7K+Zy67wJFSnYhaQqFeDx+fU2oORXnQFy8ZF
VO9HIK16xkU+fy42BjZJ
=55sf
-----END PGP SIGNATURE-----

--gE7i1rD7pdK0Ng3j--

--===============2022095434826238321==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============2022095434826238321==--

