Tor 0.2.7.6 is released

by nickm | December 11, 2015

Here comes another stable release!

Tor version 0.2.7.6 fixes a major bug in entry guard selection, as well as a minor bug in hidden service reliability. (For more information on the guard bug, see Roger's preliminary analysis.
You can download the source from the usual place on the website. Packages should be up within a few days.

Changes in version 0.2.7.6 - 2015-12-10

  • Major bugfixes (guard selection):
    • Actually look at the Guard flag when selecting a new directory guard. When we implemented the directory guard design, we accidentally started treating all relays as if they have the Guard flag during guard selection, leading to weaker anonymity and worse performance. Fixes bug 17772; bugfix on 0.2.4.8-alpha. Discovered by Mohsen Imani.
  • Minor features (geoip):
    • Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2 Country database.
  • Minor bugfixes (compilation):
    • When checking for net/pfvar.h, include netinet/in.h if possible. This fixes transparent proxy detection on OpenBSD. Fixes bug 17551; bugfix on 0.1.2.1-alpha. Patch from "rubiate".
    • Fix a compilation warning with Clang 3.6: Do not check the presence of an address which can never be NULL. Fixes bug 17781.
  • Minor bugfixes (correctness):
    • When displaying an IPv6 exit policy, include the mask bits correctly even when the number is greater than 31. Fixes bug 16056; bugfix on 0.2.4.7-alpha. Patch from "gturner".
    • The wrong list was used when looking up expired intro points in a rend service object, causing what we think could be reachability issues for hidden services, and triggering a BUG log. Fixes bug 16702; bugfix on 0.2.7.2-alpha.
    • Fix undefined behavior in the tor_cert_checksig function. Fixes bug 17722; bugfix on 0.2.7.2-alpha.

Comments

Please note that the comment area below has been archived.

December 11, 2015

Permalink

前北邮校长方滨兴等人在《计算机研究与发展》上发表论文《匿名通信系统不可观测性度量方法》(PDF),报告他们能通过观察Tor混淆插件的流量模式将其识别出来。为了躲避深度包检查,研究人员开发出了协议混淆工具,Tor匿名网络开发的传输层协议混淆插件包括obfsprox(obfsproxy3和obfsproxy4),meek和fte等。研究人员从Tor官网下载软件,对传输流量进行一番研究后很快发现Tor的混淆插件容易受到时间分析攻击。他们发现,meek、网桥和HTTPS的流量数据包内部时间间隔基本相同,但meek的数据包在0.5-2秒附近有一个明显的抖动,原因是meek客户端为了与云平台保持长连接而自动在空闲时发送一个心跳包,心跳包是随机在0.1秒-5秒之间选择一个值。他们还观察到了其它两个数据模式:网桥模式下数据包大小在600B附近比较集中,原因也与Tor的数据包设计有关;meek模式下客户端到服务数据包大小在200B左右,服务器到客户端400B左右。

请tor开发人员关注方滨兴等流氓对混淆插件流量特征的研究!!

BUPT former president Bin-Xing Fang et al., Published "anonymous communication systems unobservability measure" in the "Computer Research and Development" (PDF), reported that they can observe traffic patterns Tor confuse widget will identify it. In order to avoid deep packet inspection, the researchers developed a protocol obfuscation tool, Tor anonymity network developed transport layer protocols confuse plug-ins include obfsprox (obfsproxy3 and obfsproxy4), meek and fte like. Researchers from Tor official website to download software, transport traffic soon after some research found that confusion Tor plugin vulnerable time analysis attacks. They found that, meek, bridges and HTTPS traffic packets inside the interval basically the same, but the meek packets in 0.5 seconds, has a near significant jitter, because the meek client in order to maintain a long connection with the cloud platform automatically when they are free to send a heartbeat packet, heartbeat packets are randomly between 0.1 seconds to 5 seconds to select a value. They also observed the other two data modes: bridge mode packet size are concentrated in the vicinity of 600B, reasons and Tor packet design related; under meek mode client-service packet size at around 200B, server to client end around 400B.

Please tor developers and other interested parties Bin Xing rogue plug-flow characteristics of the confusion of research !!

translated by https google translate

December 11, 2015

Permalink

The research paper referred to by the OP's post above in Mandarin Chinese has been referenced by an earlier post here: https://ocewjwkdco.tudasnich.de/comment/reply/1098/137900

The official name of the research paper in English is "Towards measuring unobservability in anonymous communication systems", Journal of Computer Research and Development, 2015, 52(10): 2373-2381.

The PDF version can be downloaded from: http://crad.ict.ac.cn/CN/abstract/abstract3031.shtml# The file size is about 6861 KB.

Thanks, we have seen that paper. It doesn't mean that the censors in China have the capability to do the kind of traffic analysis they describe (yet), but it's something for us to keep in mind for the future. obfs4 and ScrambleSuit in fact are already capable of obfuscating their traffic patterns, but the capability hasn't been turned on yet because it hasn't been needed.

Another recent paper along these lines is "Seeing through Network-Protocol Obfuscation". They built detectors for various pluggable transports, but what I like the most about it is they paid attention to false positives.

December 12, 2015

Permalink

Meanwhile for 90% of Tor users (windows) we are stuck at tor-win32-0.2.6.10

Let's hope Shari Steele's first job is to organise how the Tor team release new versions.

In China you can use meek-amazon, meek-azure, or a custom obfs4 bridge from https://bridges.torproject.org/ or bridges@torproject.org.

meek-amazon and meek-azure are slow, because they are too expensive to run at their full capacity. But you can make it fast by running your own copy on a CDN. Here are some guides for doing it:

December 12, 2015

Permalink

It is stable. Update your relay asap.

Downloadpage however may still declare diffrent.

December 12, 2015

Permalink

For over a month, I've had the same entry guard; however a few days ago I began to experience connection problems, and I saw that it switched to a different guard node; then today it changed to another one.

I vaguely remember something about you guys changing the behavior, making the first hop become more static, so this changing of entry guard nodes worried me.

* Is this related to what 0.2.7.6 should fix?

* Until a stable release, should I assume that I am vulnerable?

Thanks nickm

There are some different scenarios where your Tor-Browser will switch to a different guard node. Thats not bad at all; Reducing the rotation-turns is just a allover plus for Tor-anonymity. Dont worry at that point. You sould not assuse that youre vulnerable.

Indeed, cloudflare is very bad for Tor, on the cloudflare blog you can read the following lie: CloudFlare does not actively block visitors who use the Tor network. Why? Due to the behaviour of some individuals using the Tor network...
I don't even try to solve the impossible captchas.
The only thing cloudflare cares about is money.

December 14, 2015

Permalink

Hello, can someone please help me - I have a simple question. I've been getting a lot of "One more step Please complete the security check to access" pages lately, as have many others from what I read.

Will the captcha give me real IP away, if I enter it?

Would be really grateful.

Thanks.

It means the site you've been visited runs by "Cloudflare"

Cloudflare has been blocked TOR IPs so you can't reach that site.

You have to enable your cookie and javascript to bypass Captcha. It's a great security risk.

December 15, 2015

Permalink

Well it's Tuesday and still no windows version :(

Come on Shari Steele, please get these guys in line and organise timely and simultaneous releases for all OS's.

The last 2 releases have been premature or partially released. This lack of preparedness makes Tor look unprofessional :(

We all love Tor, please make it look professional.

December 17, 2015

Permalink

Boykott cloudflake by using another proxie like

www.webproxy.ca and other free webpoxies (make a macro for adding the proxie-url)

(-) https may not work in some cases.

Hope that helps.

March 29, 2016

Permalink

I LOVE TOR PROJECT, I LOVE USA, I LOVE ALL WORLD ! ! ! THANKS ALL PROGRAMMERS & POLITIC'S THANKS ! ! ! GALACTIC LOVE YOUR ! ^_^

May 23, 2016

Permalink

can anyone explain how in the world can the same (version-wise) tor-win32-0.2.7.6.zip I downloaded on various dates (dec 2015 vs may 2016) from here, i.e. the official tor site, contain different binaries? sha1 dec 2015: 049D664E1CBEBD078928760564B70D86016B2C39, sha1 may 2016: 5A52C71714CD6747CD99B451B5A3400F174A96C3. wtf?

My guess would be library updates (e.g. openssl).

Both of those "windows expert bundles" were built deterministically, as part of the Tor Browser build. So you can repeat the process for each of them, using the libraries available at the time.

(If you want a windows binary that doesn't change, you should fetch the official source tarball, and build it yourself.)