[TWN team] Recent changes to the wiki pages

Lunar lunar at torproject.org
Mon Nov 11 15:20:11 UTC 2013 

===========================================================================
=== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2013/19 ===
===========================================================================

version 29
Author: lunar
Date:   2013-11-11T14:44:03+00:00

   add missing quote

--- version 28
+++ version 29
@@ -100,7 +100,7 @@
 the tokens.”
 
 For a concrete example, that means that using Project Gutenberg’s Don
-Quixote [XXX] as corpus, one can encoding “my little poney” into lock
+Quixote [XXX] as corpus, one can encoding “my little poney” into “lock
 whisper: yellow tremendous, again suddenly breathing. master's faces;
 fees, beheld convinced there calm” and back again!
 

version 28
Author: lunar
Date:   2013-11-11T14:34:30+00:00

   write about bananaphone

--- version 27
+++ version 28
@@ -84,6 +84,34 @@
  [XXX] https://bugs.torproject.org/7028
  [XXX] http://freehaven.net/anonbib/cache/morphing09.pdf
 
+The “bananaphone” pluggable transport
+-------------------------------------
+
+Pluggable transports [XXX] is how Tor traffic can be transformed from a
+client to a bridge in order to hide it from Deep Packet Inspection 
+filters.
+
+Improving upon the initial work of Leif Ryge [XXX], David Stainton has been
+working on new “bananaphone” pluggable transport for obfsproxy [XXX]. 
+The latter implements “reverse hash encoding“, described by Leif Ryge as 
+“a steganographic encoding scheme which transforms a stream of binary
+data into a stream of tokens (eg, something resembling natural language
+text) such that the stream can be decoded by concatenating the hashes of
+the tokens.”
+
+For a concrete example, that means that using Project Gutenberg’s Don
+Quixote [XXX] as corpus, one can encoding “my little poney” into lock
+whisper: yellow tremendous, again suddenly breathing. master's faces;
+fees, beheld convinced there calm” and back again!
+
+While it's probably not going to be the most compact pluggable 
+transport, “bananaphone” looks like a promising project.
+
+ [XXX] https://www.torproject.org/docs/pluggable-transports.html.en
+ [XXX] https://github.com/leif/bananaphone
+ [XXX] https://github.com/david415/obfsproxy/tree/david-bananaphone-managed
+ [XXX] http://www.gutenberg.org/cache/epub/29468/pg29468.txt
+
 Miscellaneous news
 ------------------
 
@@ -159,8 +187,4 @@
 
   [XXX] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
   [XXX] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
-}}}
-
-Possible items:
-
- * bananaphone PT https://lists.torproject.org/pipermail/tor-dev/2013-October/005694.html https://github.com/david415/obfsproxy/tree/david-bananaphone-nacl-hammertime https://github.com/leif/bananaphone+}}}
version 27
Author: lunar
Date:   2013-11-11T14:16:06+00:00

   i'll take care of editing

--- version 26
+++ version 27
@@ -1,6 +1,6 @@
 ''20th issue of Tor Weekly News. Covering what's happening from November 6th, 2013 to November 12th, 2013. To be released on November 13th, 2013.''
 
-'''Editor:''' 
+'''Editor:''' Lunar
 
 '''Subject:''' Tor Weekly News — November 13th, 2013
 

version 26
Author: lunar
Date:   2013-11-11T14:15:51+00:00

   caps

--- version 25
+++ version 26
@@ -48,7 +48,7 @@
  [XXX] https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.10
  [XXX] https://archive.torproject.org/tor-package-archive/torbrowser/3.0b1/
 
-A Critique of Website Traffic Fingerprinting Attacks
+A critique of website traffic fingerprinting attacks
 ----------------------------------------------------
 
 In a new blog post [XXX], Mike Perry took time to reflect on 

version 25
Author: lunar
Date:   2013-11-11T14:15:22+00:00

   more misc items

--- version 24
+++ version 25
@@ -107,6 +107,20 @@
 
  [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-November/005761.html
 
+Justin Findlay has recreated some of the website diagrams [XXX] in the
+versatile SVG format.
+
+ [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-November/005762.html
+
+Roger asked the community [XXX] to create a “Tor, king of anonymity” graphic for his
+presentations. Griffin Boyce made a “queen of anonymity” picture [XXX], Lazlo Westerhof
+crowned the onion [XXX] and Matt Pagan [XXX] did the full Tor logo.
+
+ [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-November/031001.html
+ [XXX] http://i.imgur.com/PmuFz4n.jpg
+ [XXX] http://i.imgur.com/vYZSu6Q.png
+ [XXX] http://oi42.tinypic.com/2h87eb9.jpg
+
 Tor Help Desk Roundup
 ---------------------
 
@@ -149,6 +163,4 @@
 
 Possible items:
 
- * bananaphone PT https://lists.torproject.org/pipermail/tor-dev/2013-October/005694.html https://github.com/david415/obfsproxy/tree/david-bananaphone-nacl-hammertime https://github.com/leif/bananaphone
- * recreated website png diagrams as svg https://lists.torproject.org/pipermail/tor-dev/2013-November/005762.html
- * Request for "Tor, king of anonymity" graphic https://lists.torproject.org/pipermail/tor-talk/2013-November/031001.html ; queen by Griffin Boyce http://i.imgur.com/PmuFz4n.jpg ; Lazlo Westerhof https://imgur.com/vYZSu6Q ; and Matt Pagan http://oi42.tinypic.com/2h87eb9.jpg+ * bananaphone PT https://lists.torproject.org/pipermail/tor-dev/2013-October/005694.html https://github.com/david415/obfsproxy/tree/david-bananaphone-nacl-hammertime https://github.com/leif/bananaphone
version 24
Author: lunar
Date:   2013-11-11T14:04:09+00:00

   nitpicks

--- version 23
+++ version 24
@@ -113,20 +113,20 @@
 Recently users have been writing the help desk asking for assistance 
 verifying the signature on their Tor Browser Bundle package. These 
 users said they found the instructions on the official Tor Project 
-page[XXX] confusing. One person reported being unsure of how to open 
+page [XXX] confusing. One person reported being unsure of how to open 
 a terminal on their computer. Another person did not know how to save 
 the package signature onto the Desktop. Yet another person reported 
 they were able to verfy the signature only after discovering that 
 their GnuPG program was named gpg2.exe rather than gpg.exe. A ticket 
-on improving the signature verification page has been opened[XXX].
+on improving the signature verification page has been opened [XXX].
 
  [XXX] https://torproject.org/docs/verifying-signatures.html
- [XXX] https://trac.torproject.org/projects/tor/ticket/10073
+ [XXX] https://bugs.torproject.org/projects/10073
 
 Upcoming events
 ---------------
 
-Nov 20    | Tor's New Offices - Open House 
+Nov 20    | Tor's New Offices — Open House 
           | Cambridge, Massachusetts
           | https://blog.torproject.org/events/tors-new-cambridge-offices-open-house
           |

version 23
Author: lunar
Date:   2013-11-11T14:02:45+00:00

   fix 20th

--- version 22
+++ version 23
@@ -1,4 +1,4 @@
-''Twelfth issue of Tor Weekly News. Covering what's happening from November 6th, 2013 to November 12th, 2013. To be released on November 13th, 2013.''
+''20th issue of Tor Weekly News. Covering what's happening from November 6th, 2013 to November 12th, 2013. To be released on November 13th, 2013.''
 
 '''Editor:''' 
 
@@ -9,7 +9,7 @@
 Tor Weekly News                                      November 13th, 2013
 ========================================================================
 
-Welcome to the Xth issue of Tor Weekly News, the weekly newsletter that
+Welcome to the twentieth issue of Tor Weekly News, the weekly newsletter that
 covers what is happening in the XXX Tor community.
 
 First beta release of Tor Browser Bundle 3.0

version 22
Author: lunar
Date:   2013-11-11T14:00:33+00:00

   remove cruft

--- version 21
+++ version 22
@@ -84,18 +84,6 @@
  [XXX] https://bugs.torproject.org/7028
  [XXX] http://freehaven.net/anonbib/cache/morphing09.pdf
 
-Monthly status reports for XXX month 2013
------------------------------------------
-
-The wave of regular monthly reports from Tor project members for the
-month of XXX has begun. XXX released his report first [XXX], followed
-by reports from name 2 [XXX], name 3 [XXX], and name 4 [XXX].
-
- [XXX]
- [XXX]
- [XXX]
- [XXX]
-
 Miscellaneous news
 ------------------
 
@@ -132,16 +120,8 @@
 their GnuPG program was named gpg2.exe rather than gpg.exe. A ticket 
 on improving the signature verification page has been opened[XXX].
 
-[XXX]: https://torproject.org/docs/verifying-signatures.html
-[XXX]: https://trac.torproject.org/projects/tor/ticket/10073
-
-
-Vulnerabilities
----------------
-
-XXX: Reported vulnerabilities [XXX].
-
- [XXX] vulnerability report source
+ [XXX] https://torproject.org/docs/verifying-signatures.html
+ [XXX] https://trac.torproject.org/projects/tor/ticket/10073
 
 Upcoming events
 ---------------

version 21
Author: lunar
Date:   2013-11-11T13:58:36+00:00

   write about mike's blog post

--- version 20
+++ version 21
@@ -47,6 +47,42 @@
  [XXX] https://blog.torproject.org/blog/tor-browser-bundle-30beta1-released
  [XXX] https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.10
  [XXX] https://archive.torproject.org/tor-package-archive/torbrowser/3.0b1/
+
+A Critique of Website Traffic Fingerprinting Attacks
+----------------------------------------------------
+
+In a new blog post [XXX], Mike Perry took time to reflect on 
+fingerprinting attacks on website traffic. These are attacks “where the
+adversary attempts to recognize the encrypted traffic patterns of
+specific web pages without using any other information. In the case of
+Tor, this attack would take place between the user and the Guard node,
+or at the Guard node itself.”
+
+Mike laid done three distinct types of adversary that could mount 
+fingerprinting attacks: partial blocking of Tor, identification of 
+visitors of a set of targeted pages, identification of all web pages 
+visited by an user.
+
+In theory, such attacks could pose devastating threats to Tor users.
+But in practice, “false positives matter” together with other factors 
+that affect the classification accuracy. Mike gives a comprehensive 
+introduction to these issues before reviewing five research papers 
+published between 2011 and 2013. Each of them are summarized together
+with their shortcomings.
+
+Mike analyzes that “defense work has not been as conclusively studied as
+these papers have claimed, and that defenses are actually easier than is
+presently assumed by the current body of literature.” He encourages
+researchers to re-evaluate existing defenses “such as HTTPOS [XXX], SPDY and
+pipeline randomization, and Guard node adaptive padding [XXX], Traffic
+Morphing [XXX]“, and to think about “the development of additional defenses”.
+Mikes ends his post by mentioning that some new defenses can also be 
+dual purpose and help with end-to-end correlation attacks.
+
+ [XXX] https://blog.torproject.org/blog/critique-website-traffic-fingerprinting-attacks
+ [XXX] http://freehaven.net/anonbib/cache/LZCLCP_NDSS11.pdf
+ [XXX] https://bugs.torproject.org/7028
+ [XXX] http://freehaven.net/anonbib/cache/morphing09.pdf
 
 Monthly status reports for XXX month 2013
 -----------------------------------------
@@ -134,6 +170,5 @@
 Possible items:
 
  * bananaphone PT https://lists.torproject.org/pipermail/tor-dev/2013-October/005694.html https://github.com/david415/obfsproxy/tree/david-bananaphone-nacl-hammertime https://github.com/leif/bananaphone
- * A Critique of Website Traffic Fingerprinting Attacks https://blog.torproject.org/blog/critique-website-traffic-fingerprinting-attacks
  * recreated website png diagrams as svg https://lists.torproject.org/pipermail/tor-dev/2013-November/005762.html
  * Request for "Tor, king of anonymity" graphic https://lists.torproject.org/pipermail/tor-talk/2013-November/031001.html ; queen by Griffin Boyce http://i.imgur.com/PmuFz4n.jpg ; Lazlo Westerhof https://imgur.com/vYZSu6Q ; and Matt Pagan http://oi42.tinypic.com/2h87eb9.jpg
version 20
Author: lunar
Date:   2013-11-11T13:24:14+00:00

   add links to graphics

--- version 19
+++ version 20
@@ -136,4 +136,4 @@
  * bananaphone PT https://lists.torproject.org/pipermail/tor-dev/2013-October/005694.html https://github.com/david415/obfsproxy/tree/david-bananaphone-nacl-hammertime https://github.com/leif/bananaphone
  * A Critique of Website Traffic Fingerprinting Attacks https://blog.torproject.org/blog/critique-website-traffic-fingerprinting-attacks
  * recreated website png diagrams as svg https://lists.torproject.org/pipermail/tor-dev/2013-November/005762.html
- * Request for "Tor, king of anonymity" graphic https://lists.torproject.org/pipermail/tor-talk/2013-November/031001.html+ * Request for "Tor, king of anonymity" graphic https://lists.torproject.org/pipermail/tor-talk/2013-November/031001.html ; queen by Griffin Boyce http://i.imgur.com/PmuFz4n.jpg ; Lazlo Westerhof https://imgur.com/vYZSu6Q ; and Matt Pagan http://oi42.tinypic.com/2h87eb9.jpg


-- 
Your friendly TWN monitoring script

      In case of malfunction, please reach out for lunar at torproject.org
          or for the worst cases, tell weasel at torproject.org to kill me.

More information about the news-team mailing list