Delivery-Date: Wed, 23 Jul 2014 09:28:28 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 1DE841E0D89
	for <archiver@seul.org>; Wed, 23 Jul 2014 09:28:26 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 0BED230733;
	Wed, 23 Jul 2014 13:28:13 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 6BAD230156;
 Wed, 23 Jul 2014 13:23:31 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id nTnhxCd8DxW8; Wed, 23 Jul 2014 13:23:31 +0000 (UTC)
Received: from mail.potager.org (quatre.potager.org [91.194.60.100])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.potager.org",
 Issuer "StartCom Class 2 Primary Intermediate Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 1F859300D5;
 Wed, 23 Jul 2014 13:23:31 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1]) with ESMTPSA id BF061C2B916
Date: Wed, 23 Jul 2014 15:23:12 +0200
From: Lunar <lunar@torproject.org>
To: tor-news@lists.torproject.org, tor-talk@lists.torproject.org
Message-ID: <20140723132312.GB27357@loar>
Mail-Followup-To: tor-news@lists.torproject.org, tor-talk@lists.torproject.org
MIME-Version: 1.0
User-Agent: Mutt/1.5.23 (2014-03-12)
Subject: [tor-talk] =?utf-8?q?Tor_Weekly_News_=E2=80=94_July_23rd=2C_2014?=
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1266463765082594792=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============1266463765082594792==
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="f2QGlHpHGjS2mn6Y"
Content-Disposition: inline


--f2QGlHpHGjS2mn6Y
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Tor Weekly News                                          July 23rd, 2014
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Welcome to the twenty-ninth issue of Tor Weekly News in 2014, the
weekly newsletter that covers what is happening in the Tor community.

Tails 1.1 is out!
-----------------

Tails, the Debian-based live system that protects its users=E2=80=99
communications by ensuring they are all sent through the Tor network,
has been updated. This new 1.1 release=C2=A0[1] reminds Tails users of the
distribution=E2=80=99s roots in Debian=C2=A0[2]: Tails is now based on the =
current
stable version of Debian, dubbed =E2=80=9CWheezy=E2=80=9D.

This means that almost all software components have been updated. One
noticeable example is the desktop environment. The user experience of
the GNOME=C2=A03 in fallback mode should be similar to previous Tails
versions, but things will look a bit differently than they used to.

One of the most keenly-awaited features of this new version is the
support for UEFI firmware. Mac users now have only to press the Alt
key=C2=A0[3] while booting their computer to start Tails from a DVD or USB
stick. The same goes for owners of computers displaying =E2=80=9CWindows 8=
=E2=80=9D
stickers. And, talking of Windows 8, the camouflage mode=C2=A0[4] has been
updated to look more like it, instead of the now discontinued XP.

This new release also contains security fixes=C2=A0[5], and minor tweaks ov=
er
the previous versions.

Because of the newly-introduced support for UEFI and the amount of
upgraded software, incremental upgrades will not be offered for
Tails=C2=A01.1. A full upgrade is needed through the Tails Installer. The
safest method for upgrading Tails sticks is to go through a freshly
burned DVD. Be sure to have a look at the list of known issues=C2=A0[6] to
learn about other oddities that might happen in the process.

   [1]:=C2=A0https://tails.boum.org/news/version_1.1/
   [2]:=C2=A0https://tails.boum.org/contribute/relationship_with_upstream/
   [3]:=C2=A0https://tails.boum.org/doc/first_steps/start_tails/#usb-mac
   [4]:=C2=A0https://tails.boum.org/doc/first_steps/startup_options/windows=
_camouflage/
   [5]:=C2=A0https://tails.boum.org/security/Numerous_security_holes_in_1.0=
=2E1
   [6]:=C2=A0https://tails.boum.org/news/version_1.1/#index2h1

PETS 2014
---------

The fourteenth Privacy Enhancing Technologies Symposium was held in
Amsterdam, Netherlands, July 16-18, 2014. A wide range of research in
privacy enhancing technologies was presented, with many of relevance to
Tor. Keynotes were given by Martin Ortlieb, Senior User Experience
Researcher in Privacy at Google, and William Binney, a former NSA
employee.

Some papers focusing on Tor include:

- =E2=80=9CSpoiled Onions: Exposing Malicious Tor Exit Relays=E2=80=9D by P=
hilipp
  Winter, Richard K=C3=B6wer, Martin Mulazzani, Markus Huber, Sebastian
  Schrittwieser, Stefan Lindskog, and Edgar Weippl=C2=A0[7]
- =E2=80=9COne Fast Guard for Life (or 9 months)=E2=80=9D by Roger Dingledi=
ne, Nicholas
  Hopper, George Kadianakis, and Nick Mathewson=C2=A0[8]
- =E2=80=9CFrom Onions to Shallots: Rewarding Tor Relays with TEARS=E2=80=
=9D by Rob
  Jansen, Andrew Miller, Paul Syverson, and Bryan Ford=C2=A0[9]
- =E2=80=9CA TorPath to TorCoin: Proof-of-Bandwidth Altcoins for Compensati=
ng
  Relays=E2=80=9D by Mainak Ghosh, Miles Richardson, Bryan Ford, and Rob
  Jansen=C2=A0[10]
- =E2=80=9CMeasuring the Leakage of Onion at the Root, A measurement of Tor=
=E2=80=99s
  .onion pseudo-top-level domain in the global domain name system=E2=80=9D =
by
  Matthew Thomas and Aziz Mohaisen=C2=A0[11]

Also announced at PETS was the 2014 PET Award for Outstanding Research
in Privacy Enhancing Technologies, for =E2=80=9CA Scanner Darkly: Protecting
User Privacy From Perceptual Applications=E2=80=9D by Suman Jana, Arvind
Narayanan=E2=80=A0, and Vitaly Shmatikov=C2=A0[12]. The winner of the best =
student
paper at PETS was =E2=80=9CI Know Why You Went to the Clinic: Risks and
Realization of HTTPS Traffic Analysis=E2=80=9D by Brad Miller, Ling Huang, =
A. D.
Joseph and J. D. Tygar=C2=A0[13].

Prior to PETS, there was a Tor meet-up which Moritz Bartl reported as a
great success=C2=A0[14]. Hopefully there will also be such an event at the
2015 PETS, to be held in Philadelphia, US, in the week of June 29, 2015.

   [7]:=C2=A0https://petsymposium.org/2014/papers/Winter.pdf
   [8]:=C2=A0https://petsymposium.org/2014/papers/Dingledine.pdf
   [9]:=C2=A0https://petsymposium.org/2014/papers/Jansen.pdf
  [10]:=C2=A0https://petsymposium.org/2014/papers/Ghosh.pdf
  [11]:=C2=A0https://petsymposium.org/2014/papers/Thomas.pdf
  [12]:=C2=A0https://freedom-to-tinker.com/blog/shmat/a-scanner-darkly-prot=
ecting-user-privacy-from-perceptual-applications/
  [13]:=C2=A0https://petsymposium.org/2014/papers/Miller.pdf
  [14]:=C2=A0https://lists.torproject.org/pipermail/tor-talk/2014-July/0339=
36.html

Miscellaneous news
------------------

txtorcon=C2=A0[15], the Tor control protocol implementation for the Twisted
framework=C2=A0[16], received a new minor release=C2=A0[17]. Version 0.10.1=
 fixes
=E2=80=9Ca couple bugs introduced along with the endpoints feature in 0.10.=
0=E2=80=9D.

  [15]:=C2=A0https://pypi.python.org/pypi/txtorcon
  [16]:=C2=A0https://twistedmatrix.com/
  [17]:=C2=A0https://lists.torproject.org/pipermail/tor-dev/2014-July/00716=
6.html

Roger Dingledine posted=C2=A0[18] an official reaction to the cancellation =
of
a proposed talk at the upcoming Blackhat2014 conference dealing with
possible deanonymization attacks on Tor users and hidden services.

  [18]:=C2=A0https://blog.torproject.org/blog/recent-black-hat-2014-talk-ca=
ncellation

Tor ships with a sample webpage=C2=A0[19] that can be used by exit node
operators to identify their system as such to anyone wishing to identify
the source of Tor traffic. Operators most often copy and adapt this
template to the local situation. Mick Morgan discovered than his version
was out of sync=C2=A0[20] and contained broken links. =E2=80=9CIf other ope=
rators are
similarly using a page based on the old template, they may wish to
update=E2=80=9D, Mick advised.

  [19]:=C2=A0https://gitweb.torproject.org/tor.git/blob_plain/HEAD:/contrib=
/operator-tools/tor-exit-notice.html
  [20]:=C2=A0https://lists.torproject.org/pipermail/tor-relays/2014-July/00=
4982.html

Michael Rogers, one of the developers of Briar=C2=A0[21], announced=C2=A0[2=
2] a
new mailing list=C2=A0[23] for discussing peer-to-peer-based communication
systems based on Tor hidden services. As Briar and other systems might
be =E2=80=9Crunning into similar issues=E2=80=9D, a shared place to discuss=
 them seemed
worthwhile.

  [21]:=C2=A0https://briarproject.org/
  [22]:=C2=A0https://lists.torproject.org/pipermail/tor-dev/2014-July/00716=
1.html
  [23]:=C2=A0https://fulpool.org/cgi-bin/mailman/listinfo/hidden-services

Karsten Loesing and Philipp Winter are looking for front-end web
developers=C2=A0[24]: =E2=80=9CWe are looking for somebody to fork and exte=
nd one of
the two main Tor network status websites Atlas=C2=A0[25] or Globe=C2=A0[26]=
=E2=80=9D
writes Karsten. Both websites currently need love and new maintainers.
Please reach out if you want to help!

  [24]:=C2=A0https://blog.torproject.org/blog/looking-front-end-web-develop=
ers-network-status-websites-atlas-and-globe
  [25]:=C2=A0https://atlas.torproject.org/
  [26]:=C2=A0https://globe.torproject.org/

The database which holds Tor bridges, usually called BridgeDB=C2=A0[27], is
able to give out bridge addresses through email. This feature was
recently extended to make the email autoresponder support more bridge
types, which required introducing new keywords that must be used in the
initial request. Matthew Finkel is looking for feedback=C2=A0[28] on the
current set of commands and how they could be improved.

  [27]:=C2=A0https://gitweb.torproject.org/bridgedb.git
  [28]:=C2=A0https://lists.torproject.org/pipermail/tor-dev/2014-July/00716=
4.html

Lunar wrote a detailed report=C2=A0[29] on his week at the Libre Software
Meeting in Montpellier, France. The report covers the booth jointly held
with Nos Oignons=C2=A0[30], his talk in the security track, and several
contacts made with other free software projects.

  [29]:=C2=A0https://lists.torproject.org/pipermail/tor-reports/2014-July/0=
00593.html
  [30]:=C2=A0https://nos-oignons.net/

Here=E2=80=99s another round of reports from Google Summer of Code students=
: the
mid-term: Amogh Pradeep on Orbot and Orfox improvements=C2=A0[31], Israel
Leiva on the GetTor revamp=C2=A0[32], Quinn Jarrell on the pluggable
transport combiner=C2=A0[33], Juha Nurmi on the ahmia.fi project=C2=A0[34],=
 Marc
Juarez on website fingerprinting defenses=C2=A0[35], and Daniel Mart=C3=AD =
on
incremental updates to consensus documents=C2=A0[36].

  [31]:=C2=A0https://lists.torproject.org/pipermail/tor-dev/2014-July/00715=
2.html
  [32]:=C2=A0https://lists.torproject.org/pipermail/tor-dev/2014-July/00715=
6.html
  [33]:=C2=A0https://lists.torproject.org/pipermail/tor-dev/2014-July/00715=
7.html
  [34]:=C2=A0https://lists.torproject.org/pipermail/tor-reports/2014-July/0=
00594.html
  [35]:=C2=A0https://lists.torproject.org/pipermail/tor-reports/2014-July/0=
00595.html
  [36]:=C2=A0https://lists.torproject.org/pipermail/tor-dev/2014-July/00716=
3.html

Tim Retout announced=C2=A0[37] that apt-transport-tor=C2=A0[38] 0.2.1 has e=
ntered
Debian unstable. This package enables APT to download Debian packages
through Tor.

  [37]:=C2=A0http://retout.co.uk/blog/2014/07/21/apt-transport-tor
  [38]:=C2=A0https://tracker.debian.org/pkg/apt-transport-tor

Atlas=C2=A0[39] can now also be used to search for Tor bridges. In the past,
Atlas was only able to search for relays. This was made possible thanks
to a patch=C2=A0[40] developed by Dmitry Eremin-Solenikov.

  [39]:=C2=A0https://atlas.torproject.org/
  [40]:=C2=A0https://bugs.torproject.org/6320

Thanks to Tim Semeijn=C2=A0[41] and Tobias Bauer=C2=A0[42] for setting up n=
ew
mirrors of the Tor Project=E2=80=99s website and its software.

  [41]:=C2=A0https://lists.torproject.org/pipermail/tor-mirrors/2014-July/0=
00642.html
  [42]:=C2=A0https://lists.torproject.org/pipermail/tor-mirrors/2014-July/0=
00646.html

Tor help desk roundup
---------------------

Some Linux users have experienced missing dependency errors when trying
to install Tor Browser from their operating system=E2=80=99s software
repositories. Tor Browser should only be installed from the Tor
Project=E2=80=99s website, and never from a software repository. In other w=
ords,
using apt-get or yum to install Tor Browser is discouraged. Downloading
and verifying Tor Browser from the Tor Project website allows users to
keep up with important security updates as they are released.

News from Tor StackExchange
---------------------------

user3224 wants to log in to its Google, Microsoft etc. accounts and
wonders if they will know the real name and other personal
information=C2=A0[43]. Roya and mirimir explained that if someone logs into
an already personalized account Tor can=E2=80=99t anonymize this user. Inst=
ead
it might be wise to use Tor to register a pseudonym and also use an
anonymous operating system like Tails or Whonix.

  [43]:=C2=A0https://tor.stackexchange.com/q/3603/88

escapologybb has set up a Raspberry Pi. It serves as SOCKS proxy for the
internal network. While everyone can use it, escapologybb asks what the
security implications are and if this lowers the overall anonymity=C2=A0[44=
].
If you know a good answer please share your knowledge with the users of
Tor StackExchange.

  [44]:=C2=A0https://tor.stackexchange.com/q/3596/88

Upcoming events
---------------

 Aug. 3 19:00 UTC  | Tails contributors meeting
                   | #tails-dev @ irc.indymedia.org=C2=A0/=C2=A0h7gf2ha3hef=
oj5ls.onion
                   | https://mailman.boum.org/pipermail/tails-project/2014-=
July/000000.html
                   |
 August 18         | Roger @ FOCI =E2=80=9914
                   | San Diego, California, USA
                   | https://www.usenix.org/conference/foci14
                   |
 August 20-22      | Roger @ USENIX Security Symposium =E2=80=9914
                   | San Diego, California, USA
                   | https://www.usenix.org/conference/usenixsecurity14


This issue of Tor Weekly News has been assembled by Lunar, Steven
Murdoch, harmony, Philipp Winter, Matt Pagan, qbi, and Karsten Loesing.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page=C2=A0[45], write down your
name and subscribe to the team mailing list=C2=A0[46] if you want to
get involved!

  [45]:=C2=A0https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
  [46]:=C2=A0https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team

--f2QGlHpHGjS2mn6Y
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJTz7dAAAoJEEgU3sIrMHw803QQANIE1H9/0JCJ1hCb+c8W4vqv
eaJ+YePKqtoCaSyIw5uKUj8ICX5L02WK6P/uNJQhZvQV7fGFwP0YMMCUHbxnt4FK
1aG+NApiWv/ej5/OExMkdIgKgkrp5fK7fcKd3N9WgKfWMJ1nH4LmoBssZthLiPl6
hBEwIJwK19gsAjwJI+CYqxHFyklsWteK9T0HxpeRiwF6soc1/POAjIct8BD5zlX1
dYZLZ9TYahK3eo0Bavv2ofpDy/0O7NeRwnUk/Ul6/Kvo51Aw/Usb9Hxa2NqZQGZ5
6HAHWyrudlb0tk5zrFb7oNIBv87cs2keDaSKgUvx5TIbfeoif+vY6UtpqWChoHvA
dIDRGl/6j8+ardKehyUW+NTy7l4nZ87CKdz26gaP8nCAQHPcwPRRpfZX/CgPHTmv
Kw4oziFv8PvUSv6WPgOG2SPqYg3jtGqR61v43HtfRDsU8QwWJsiZXt4NPu3JtkN6
LPwY3+mWdCME1blxkiJe6hwNssNee/Goxgiao0lQloFNPx27WC8e3QA8idmpJU9d
C0sxqZaqfR2FIGlTh9hLNwxKlO9CHyqEO7gYlKTU7aZBXT039MQvNPKwQ1TwSSwl
Hr1igneudFQnv1KUtbY5Kr/bE7qfPisYvwj07Za7ugoCTFUvfjHjazAw8EjNhNA0
81AHvnu4PRlaq//YwW+I
=2k0V
-----END PGP SIGNATURE-----

--f2QGlHpHGjS2mn6Y--

--===============1266463765082594792==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============1266463765082594792==--

