Tor Weekly News — April 15th, 2015
Welcome to the fifteenth issue in 2015 of Tor Weekly News, the weekly newsletter that covers what’s happening in the Tor community.
Tor Browser 4.0.8 is out
Mike Perry announced a new stable release by the Tor Browser team. This version is exactly the same as 4.0.7, which was briefly advertised to users last week but then withdrawn because a bug would have caused it to endlessly recommend updating.
This release includes Tor 0.2.5.12, which fixes the recent onion service and client crash bugs.
There is no corresponding Tor Browser alpha update; that series will become the new stable release in a couple of weeks.
Download your copy of Tor Browser 4.0.8 from the project page, or over the in-browser update system.
Hidden services that aren’t hidden
As the name implies, Tor hidden services (also known as “onion services”) are location-hidden and anonymous, just like regular Tor clients. There may be instances, however, in which a potential hidden service operator doesn’t much care about being hidden: they are more interested in the other unique properties of hidden services, like free end-to-end encryption and authentication, or they want to prevent their users from accidentally sending information non-anonymously. For example, even though everyone knows who Facebook are and where to find them, their users still have things to gain from using their .onion address.
At the moment, these kinds of services are still forced to use the regular hidden service protocol, meaning they connect to rendezvous points over a Tor circuit. Hiding someone who doesn’t want to be hidden is an inefficient use of network resources, and needlessly slows down connections to the service in question, so Tor developers have been discussing the possibility of enabling “direct onion services”, which sacrifice anonymity for improved performance.
George Kadianakis requested feedback on a draft of a Tor proposal for this feature. One of the major questions still to be resolved is how to ensure that nobody enables this option by mistake, or fails to understand the implications for their service’s anonymity. Possible solutions include choosing a better name, making the configuration file option sound more ominous, or even requiring the operator to compile Tor themselves with a special flag.
See George’s proposal for more use-cases and full details of the concept, and feel free to comment on the tor-dev list thread.
Tor Summer of Privacy — entry closing soon!
If you’d like to participate in the first-ever Tor Summer of Privacy, you still have the chance — but be quick, as the application period closes on Friday.
Competition for places is already strong, so make it as easy as possible for your entry to be chosen: look at previous applications for an idea of what Tor developers like to see, drum up interest from potential mentors on the tor-dev mailing list or IRC channel, link to your best code samples, and show the community that you can take the initiative in moving your project forward. Good luck!
More monthly status reports for March 2015
A few more Tor developers submitted monthly reports for March: Isis Lovecruft (for work on BridgeDB and pluggable transports), Arlo Breault (reporting on Tor Messenger and Tor Check), Karsten Loesing (for projects including hidden service statistics, translation coordination, and Tor network tools), and Colin C. (for work on support, documentation, and localization).
The Tails team published its March report. Take a look for updates on development, funding, and outreach; summaries of ongoing discussions; Tails in the media; and much more besides.
Miscellaneous news
Nathan Freitas announced the third release candidate for Orbot v15. This version supports the x86 processor architecture, so devices such as the Galaxy Tab 3 and the Asus Zenphone/Padphone are now officially Tor-compatible. See Nathan’s announcement for the full changelog.
Giovanni Pellerano announced GlobalLeaks 2.60.65, featuring lots of bugfixes, improved localization (including eight new languages), and more.
David Fifield located and fixed a problem with meek’s Microsoft Azure backend that was causing it to run much more slowly than the other two options. “If you tried meek-azure before, but it was too slow, give it another try!”
Thanks to John Penner for running a mirror of the Tor Project’s website and software!
This issue of Tor Weekly News has been assembled by Harmony, the Tails team, and other contributors.
Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing list if you want to get involved!
Comments
Comments are closed.