[TWN team] Recent changes to the wiki pages
Lunar
lunar at torproject.org
Tue Nov 12 13:20:11 UTC 2013
===========================================================================
=== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2013/19 ===
===========================================================================
version 38
Author: sqrt2
Date: 2013-11-12T12:48:27+00:00
review
--- version 37
+++ version 38
@@ -17,18 +17,20 @@
First beta release of Tor Browser Bundle 3.0
--------------------------------------------
-The Tor Browser Bundle [1] is Tor flagship product: an easy and
-straightforward way to browse the web with anonymity and privacy.
+The Tor Browser Bundle [1] is the Tor Project's flagship product: an
+easy and straightforward way to browse the web with anonymity and
+privacy.
With previous Tor Browser Bundles, users had to interact with two
different applications, Vidalia and the browser itself. Vidalia was
-responsible for handling and configuring tor and the browser had no
-knowledge of the connection status and other details. The result was
-confusing error messages, and mismatched user expectations.
+responsible for handling and configuring the tor daemon and the
+browser had no knowledge of the connection status and other details.
+The result was confusing error messages, and mismatched user
+expectations.
With the 3.0 series of Tor Browser Bundle, the browser is directly
responsible for configuring and handling the tor daemon. Users only see
-one single application. It's clearer than only the browser will go
+one single application. It's clearer that only the browser will go
through the Tor network. Starting and stopping the browser will take
care of starting and stopping tor, no extra steps are required.
@@ -52,17 +54,17 @@
A critique of website traffic fingerprinting attacks
----------------------------------------------------
-In a new blog post [5], Mike Perry took time to reflect on
+For a new blog post [5], Mike Perry took the time to reflect on
fingerprinting attacks on website traffic. These are attacks “where the
adversary attempts to recognize the encrypted traffic patterns of
specific web pages without using any other information. In the case of
Tor, this attack would take place between the user and the Guard node,
or at the Guard node itself.”
-Mike laid done three distinct types of adversary that could mount
-fingerprinting attacks: partial blocking of Tor, identification of
-visitors of a set of targeted pages, identification of all web pages
-visited by an user.
+In the post, Mike lays down three distinct types of adversary that could
+mount fingerprinting attacks: partial blocking of Tor, identification of
+visitors of a set of targeted pages, and identification of all web pages
+visited by a user.
In theory, such attacks could pose devastating threats to Tor users.
But in practice, “false positives matter” together with other factors
@@ -71,7 +73,7 @@
published between 2011 and 2013. Each of them are summarized together
with their shortcomings.
-Mike analyzes that “defense work has not been as conclusively studied as
+Mike concludes that “defense work has not been as conclusively studied as
these papers have claimed, and that defenses are actually easier than is
presently assumed by the current body of literature.” He encourages
researchers to re-evaluate existing defenses “such as HTTPOS [6], SPDY
@@ -96,7 +98,7 @@
been working on the new “bananaphone” pluggable transport for
obfsproxy [11]. The latter implements “reverse hash encoding“,
described by Leif Ryge as “a steganographic encoding scheme which
-transforms a stream of binary data into a stream of tokens (eg,
+transforms a stream of binary data into a stream of tokens (e.g.,
something resembling natural language text) such that the stream can be
decoded by concatenating the hashes of the tokens.”
@@ -151,9 +153,9 @@
[18] https://lists.torproject.org/pipermail/tor-talk/2013-November/031001.html
[19] http://i.imgur.com/PmuFz4n.jpg
[20] http://i.imgur.com/vYZSu6Q.png
- [21] http://oi42.tinypic.com/2h87eb9.jpg
-
-David Fifield released new Pluggable Transports Tor Browser Bundle [22]
+ [21] http://i.imgur.com/2yIMmcQ.png
+
+David Fifield released the new Pluggable Transports Tor Browser Bundle [22]
version 2.4.17-rc-1-pt2 based on Tor Browser Bundle 2.4.17-rc-1. The
only change from the previous release of the pluggable transport bundle
is a workaround [23] that restore working transports on Mac OS X
@@ -162,8 +164,8 @@
[22] https://blog.torproject.org/blog/pluggable-transports-bundles-2417-rc-1-pt2-firefox-17010esr
[23] https://bugs.torproject.org/10030#comment:20
-Tor Help Desk Roundup
----------------------
+Tor Help Desk Round-up
+----------------------
Recently users have been writing the help desk asking for assistance
verifying the signature on their Tor Browser Bundle package. These users
@@ -171,7 +173,7 @@
confusing. One person reported being unsure of how to open a terminal on
their computer. Another person did not know how to save the package
signature onto the Desktop. Yet another person reported they were able
-to verfy the signature only after discovering that their GnuPG program
+to verify the signature only after discovering that their GnuPG program
was named gpg2.exe rather than gpg.exe. A ticket on improving the
signature verification page has been opened [25].
version 37
Author: lunar
Date: 2013-11-12T12:10:28+00:00
FROZEN
--- version 36
+++ version 37
@@ -1,6 +1,8 @@
''20th issue of Tor Weekly News. Covering what's happening from November 6th, 2013 to November 12th, 2013. To be released on November 13th, 2013.''
'''Editor:''' Lunar
+
+'''Status:''' FROZEN! Only technical and language fixes are now accepted. New items should go on [wiki:TorWeeklyNews/2013/20 next week's edition]. Expected publication time 2013-11-13 12:00 UTC.
'''Subject:''' Tor Weekly News — November 13th, 2013
version 36
Author: lunar
Date: 2013-11-12T12:07:30+00:00
references and wordwrap
--- version 35
+++ version 36
@@ -9,179 +9,183 @@
Tor Weekly News November 13th, 2013
========================================================================
-Welcome to the twentieth issue of Tor Weekly News, the weekly newsletter that
-covers what is happening in the Tor community.
+Welcome to the twentieth issue of Tor Weekly News, the weekly newsletter
+that covers what is happening in the Tor community.
First beta release of Tor Browser Bundle 3.0
--------------------------------------------
-The Tor Browser Bundle [XXX] is Tor flagship product: an easy and
-straightforward way to browse the web with anonymity and privacy.
+The Tor Browser Bundle [1] is Tor flagship product: an easy and
+straightforward way to browse the web with anonymity and privacy.
With previous Tor Browser Bundles, users had to interact with two
-different applications, Vidalia and the browser itself. Vidalia was
+different applications, Vidalia and the browser itself. Vidalia was
responsible for handling and configuring tor and the browser had no
knowledge of the connection status and other details. The result was
confusing error messages, and mismatched user expectations.
-With the 3.0 series of Tor Browser Bundle, the browser is directly
-responsible for configuring and handling the tor daemon.
-Users only see one single application. It's clearer than only the
-browser will go through the Tor network. Starting and stopping the
-browser will take care of starting and stopping tor, no extra steps are
-required.
+With the 3.0 series of Tor Browser Bundle, the browser is directly
+responsible for configuring and handling the tor daemon. Users only see
+one single application. It's clearer than only the browser will go
+through the Tor network. Starting and stopping the browser will take
+care of starting and stopping tor, no extra steps are required.
Mike Perry, Kathleen Brade, Mark Smith, Geoerg Kopen, among others, are
working hard to perfect many other usability and technical improvements
that are part of Tor Browser Bundle 3.0 which has now reached the “beta”
stage.
-The new 3.0beta1 release [XXX] is based on Firefox 17.0.10esr for security
-updates [XXX], and contains several other small improvements and
+The new 3.0beta1 release [2] is based on Firefox 17.0.10esr for security
+updates [3], and contains several other small improvements and
corrections.
Current users of the 3.0 alpha series should update. Others should give
-it a try [XXX]!
-
- [XXX] https://www.torproject.org/projects/torbrowser.html
- [XXX] https://blog.torproject.org/blog/tor-browser-bundle-30beta1-released
- [XXX] https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.10
- [XXX] https://archive.torproject.org/tor-package-archive/torbrowser/3.0b1/
+it a try [4]!
+
+ [1] https://www.torproject.org/projects/torbrowser.html
+ [2] https://blog.torproject.org/blog/tor-browser-bundle-30beta1-released
+ [3] https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.10
+ [4] https://archive.torproject.org/tor-package-archive/torbrowser/3.0b1/
A critique of website traffic fingerprinting attacks
----------------------------------------------------
-In a new blog post [XXX], Mike Perry took time to reflect on
+In a new blog post [5], Mike Perry took time to reflect on
fingerprinting attacks on website traffic. These are attacks “where the
adversary attempts to recognize the encrypted traffic patterns of
specific web pages without using any other information. In the case of
Tor, this attack would take place between the user and the Guard node,
or at the Guard node itself.”
-Mike laid done three distinct types of adversary that could mount
-fingerprinting attacks: partial blocking of Tor, identification of
-visitors of a set of targeted pages, identification of all web pages
+Mike laid done three distinct types of adversary that could mount
+fingerprinting attacks: partial blocking of Tor, identification of
+visitors of a set of targeted pages, identification of all web pages
visited by an user.
In theory, such attacks could pose devastating threats to Tor users.
-But in practice, “false positives matter” together with other factors
-that affect the classification accuracy. Mike gives a comprehensive
-introduction to these issues before reviewing five research papers
+But in practice, “false positives matter” together with other factors
+that affect the classification accuracy. Mike gives a comprehensive
+introduction to these issues before reviewing five research papers
published between 2011 and 2013. Each of them are summarized together
with their shortcomings.
Mike analyzes that “defense work has not been as conclusively studied as
these papers have claimed, and that defenses are actually easier than is
presently assumed by the current body of literature.” He encourages
-researchers to re-evaluate existing defenses “such as HTTPOS [XXX], SPDY and
-pipeline randomization, and Guard node adaptive padding [XXX], Traffic
-Morphing [XXX]“, and to think about “the development of additional defenses”.
-Mikes ends his post by mentioning that some new defenses can also be
-dual purpose and help with end-to-end correlation attacks.
-
- [XXX] https://blog.torproject.org/blog/critique-website-traffic-fingerprinting-attacks
- [XXX] http://freehaven.net/anonbib/cache/LZCLCP_NDSS11.pdf
- [XXX] https://bugs.torproject.org/7028
- [XXX] http://freehaven.net/anonbib/cache/morphing09.pdf
+researchers to re-evaluate existing defenses “such as HTTPOS [6], SPDY
+and pipeline randomization, and Guard node adaptive padding [7], Traffic
+Morphing [8]“, and to think about “the development of additional
+defenses”. Mikes ends his post by mentioning that some new defenses can
+also be dual purpose and help with end-to-end correlation attacks.
+
+ [5] https://blog.torproject.org/blog/critique-website-traffic-fingerprinting-attacks
+ [6] http://freehaven.net/anonbib/cache/LZCLCP_NDSS11.pdf
+ [7] https://bugs.torproject.org/7028
+ [8] http://freehaven.net/anonbib/cache/morphing09.pdf
The “bananaphone” pluggable transport
-------------------------------------
-Pluggable transports [XXX] is how Tor traffic can be transformed from a
-client to a bridge in order to hide it from Deep Packet Inspection
+Pluggable transports [9] is how Tor traffic can be transformed from a
+client to a bridge in order to hide it from Deep Packet Inspection
filters.
-Improving upon the initial work of Leif Ryge [XXX], David Stainton has been
-working on the new “bananaphone” pluggable transport for obfsproxy [XXX].
-The latter implements “reverse hash encoding“, described by Leif Ryge as
-“a steganographic encoding scheme which transforms a stream of binary
-data into a stream of tokens (eg, something resembling natural language
-text) such that the stream can be decoded by concatenating the hashes of
-the tokens.”
+Improving upon the initial work of Leif Ryge [10], David Stainton has
+been working on the new “bananaphone” pluggable transport for
+obfsproxy [11]. The latter implements “reverse hash encoding“,
+described by Leif Ryge as “a steganographic encoding scheme which
+transforms a stream of binary data into a stream of tokens (eg,
+something resembling natural language text) such that the stream can be
+decoded by concatenating the hashes of the tokens.”
For a concrete example, that means that using Project Gutenberg’s Don
-Quixote [XXX] as corpus, one can encode “my little poney” into “lock
+Quixote [12] as corpus, one can encode “my little poney” into “lock
whisper: yellow tremendous, again suddenly breathing. master's faces;
fees, beheld convinced there calm” and back again!
-While it's probably not going to be the most compact pluggable
+While it's probably not going to be the most compact pluggable
transport, “bananaphone” looks like a promising project.
- [XXX] https://www.torproject.org/docs/pluggable-transports.html.en
- [XXX] https://github.com/leif/bananaphone
- [XXX] https://github.com/david415/obfsproxy/tree/david-bananaphone
- [XXX] http://www.gutenberg.org/cache/epub/29468/pg29468.txt
+ [9] https://www.torproject.org/docs/pluggable-transports.html.en
+ [10] https://github.com/leif/bananaphone
+ [11] https://github.com/david415/obfsproxy/tree/david-bananaphone
+ [12] http://www.gutenberg.org/cache/epub/29468/pg29468.txt
Miscellaneous news
------------------
Christian Grothoff, Matthias Wachs and Hellekin Wolf are working on
-getting special-use domain names for P2P networks reserved [XXX] according
-to RFC 6761 [XXX]: “the goal is to reserve .onion, .exit, .i2p, .gnu and
-.zkey (so that they don't become ordinary commercial TLDs at some point)”.
-
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-November/031001.html
- [XXX] https://tools.ietf.org/html/rfc6761
-
-The Tails team has released their report on Tails activity during the month of
-October [XXX]. Things are happening on many fronts, have a look!
-
- [XXX] https://lists.torproject.org/pipermail/tor-reports/2013-November/000383.html
-
-Andrea Shepard has been working on new scheduler code for Tor. Its goal is to
-remove the limitation that “we can only see one channel at a time when making
-scheduling decisions.” Balancing between circuits without opening new attack
-vectors is tricky, Andrea is asking for comments on potential heuristics [XXX].
-
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-November/005761.html
-
-Justin Findlay has recreated some of the website diagrams [XXX] in the
+getting special-use domain names for P2P networks reserved [13]
+according to RFC 6761 [14]: “the goal is to reserve .onion, .exit, .i2p,
+.gnu and .zkey (so that they don't become ordinary commercial TLDs at
+some point)”.
+
+ [13] https://lists.torproject.org/pipermail/tor-talk/2013-November/031001.html
+ [14] https://tools.ietf.org/html/rfc6761
+
+The Tails team has released their report on Tails activity during the
+month of October [15]. Things are happening on many fronts, have a look!
+
+ [15] https://lists.torproject.org/pipermail/tor-reports/2013-November/000383.html
+
+Andrea Shepard has been working on new scheduler code for Tor. Its goal
+is to remove the limitation that “we can only see one channel at a time
+when making scheduling decisions.” Balancing between circuits without
+opening new attack vectors is tricky, Andrea is asking for comments on
+potential heuristics [16].
+
+ [16] https://lists.torproject.org/pipermail/tor-dev/2013-November/005761.html
+
+Justin Findlay has recreated some of the website diagrams [17] in the
versatile SVG format.
- [XXX] https://lists.torproject.org/pipermail/tor-dev/2013-November/005762.html
-
-Roger asked the community [XXX] to create a “Tor, king of anonymity” graphic for his
-presentations. Griffin Boyce made a “queen of anonymity” picture [XXX], Lazlo Westerhof
-crowned the onion [XXX] and Matt Pagan [XXX] did the full Tor logo.
-
- [XXX] https://lists.torproject.org/pipermail/tor-talk/2013-November/031001.html
- [XXX] http://i.imgur.com/PmuFz4n.jpg
- [XXX] http://i.imgur.com/vYZSu6Q.png
- [XXX] http://oi42.tinypic.com/2h87eb9.jpg
-
-David Fifield released new Pluggable Transports Tor Browser Bundle [XXX] version 2.4.17-rc-1-pt2
-based on Tor Browser Bundle 2.4.17-rc-1. The only change from the previous release of the
-pluggable transport bundle is a workaround [XXX] that restore working transports on Mac OS X Mavericks.
-
- [XXX] https://blog.torproject.org/blog/pluggable-transports-bundles-2417-rc-1-pt2-firefox-17010esr
- [XXX] https://bugs.torproject.org/10030#comment:20
+ [17] https://lists.torproject.org/pipermail/tor-dev/2013-November/005762.html
+
+Roger asked the community [18] to create a “Tor, king of anonymity”
+graphic for his presentations. Griffin Boyce made a “queen of anonymity”
+picture [19], Lazlo Westerhof crowned the onion [20] and Matt Pagan [21]
+did the full Tor logo.
+
+ [18] https://lists.torproject.org/pipermail/tor-talk/2013-November/031001.html
+ [19] http://i.imgur.com/PmuFz4n.jpg
+ [20] http://i.imgur.com/vYZSu6Q.png
+ [21] http://oi42.tinypic.com/2h87eb9.jpg
+
+David Fifield released new Pluggable Transports Tor Browser Bundle [22]
+version 2.4.17-rc-1-pt2 based on Tor Browser Bundle 2.4.17-rc-1. The
+only change from the previous release of the pluggable transport bundle
+is a workaround [23] that restore working transports on Mac OS X
+Mavericks.
+
+ [22] https://blog.torproject.org/blog/pluggable-transports-bundles-2417-rc-1-pt2-firefox-17010esr
+ [23] https://bugs.torproject.org/10030#comment:20
Tor Help Desk Roundup
---------------------
-Recently users have been writing the help desk asking for assistance
-verifying the signature on their Tor Browser Bundle package. These
-users said they found the instructions on the official Tor Project
-page [XXX] confusing. One person reported being unsure of how to open
-a terminal on their computer. Another person did not know how to save
-the package signature onto the Desktop. Yet another person reported
-they were able to verfy the signature only after discovering that
-their GnuPG program was named gpg2.exe rather than gpg.exe. A ticket
-on improving the signature verification page has been opened [XXX].
+Recently users have been writing the help desk asking for assistance
+verifying the signature on their Tor Browser Bundle package. These users
+said they found the instructions on the official Tor Project page [24]
+confusing. One person reported being unsure of how to open a terminal on
+their computer. Another person did not know how to save the package
+signature onto the Desktop. Yet another person reported they were able
+to verfy the signature only after discovering that their GnuPG program
+was named gpg2.exe rather than gpg.exe. A ticket on improving the
+signature verification page has been opened [25].
One user mentioned wanting to use the Tor Browser Bundle as their
-default browser but being unable to do so because their online bank
-required Java. Java is disabled in the Tor Browser Bundle because it
-can bypass the browser proxy settings and leak the client's real IP
-address over the network.
-
- [XXX] https://torproject.org/docs/verifying-signatures.html
- [XXX] https://bugs.torproject.org/projects/10073
+default browser but being unable to do so because their online bank
+required Java. Java is disabled in the Tor Browser Bundle because it can
+bypass the browser proxy settings and leak the client's real IP address
+over the network.
+
+ [24] https://torproject.org/docs/verifying-signatures.html
+ [25] https://bugs.torproject.org/projects/10073
Upcoming events
---------------
-Nov 20 | Tor's New Offices — Open House
+Nov 20 | Tor's New Offices — Open House
| Cambridge, Massachusetts
| https://blog.torproject.org/events/tors-new-cambridge-offices-open-house
|
@@ -194,10 +198,9 @@
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
-important news. Please see the project page [XXX], write down your
-name and subscribe to the team mailing list [XXX] if you want to
-get involved!
-
- [XXX] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
- [XXX] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
+important news. Please see the project page [26], write down your name
+and subscribe to the team mailing list [27] if you want to get involved!
+
+ [26] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
+ [27] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
}}}
version 35
Author: lunar
Date: 2013-11-12T12:05:01+00:00
no adjective this week + credits
--- version 34
+++ version 35
@@ -10,7 +10,7 @@
========================================================================
Welcome to the twentieth issue of Tor Weekly News, the weekly newsletter that
-covers what is happening in the XXX Tor community.
+covers what is happening in the Tor community.
First beta release of Tor Browser Bundle 3.0
--------------------------------------------
@@ -189,8 +189,8 @@
| Hamburg, Germany
| https://events.ccc.de/congress/2013/
-This issue of Tor Weekly News has been assembled by XXX, XXX, and
-XXX.
+This issue of Tor Weekly News has been assembled by Lunar, dope457 and
+David Stainton.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
version 34
Author: lunar
Date: 2013-11-12T12:02:53+00:00
rewording
--- version 33
+++ version 34
@@ -149,12 +149,12 @@
[XXX] http://i.imgur.com/vYZSu6Q.png
[XXX] http://oi42.tinypic.com/2h87eb9.jpg
-David Fifield released new Pluggable Transports Tor Browser Bundles [XXX] version 2.4.17-rc-1-pt2
-based on Tor Browser Bundle 2.4.17-rc-1. The only change from pt1 is a workaround [XXX] that allows
-to run Pluggable Transports TBB on OS X Mavericks.
+David Fifield released new Pluggable Transports Tor Browser Bundle [XXX] version 2.4.17-rc-1-pt2
+based on Tor Browser Bundle 2.4.17-rc-1. The only change from the previous release of the
+pluggable transport bundle is a workaround [XXX] that restore working transports on Mac OS X Mavericks.
[XXX] https://blog.torproject.org/blog/pluggable-transports-bundles-2417-rc-1-pt2-firefox-17010esr
- [XXX] https://trac.torproject.org/projects/tor/ticket/10030#comment:20
+ [XXX] https://bugs.torproject.org/10030#comment:20
Tor Help Desk Roundup
---------------------
===========================================================================
=== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2013/20 ===
===========================================================================
version 1
Author: lunar
Date: 2013-11-12T12:13:27+00:00
add template
---
+++ version 1
@@ -0,0 +1,79 @@
+''21th issue of Tor Weekly News. Covering what's happening from November 12th, 2013 to November 19th, 2013. To be released on November 20th, 2013.''
+
+'''Editor:'''
+
+'''Subject:''' Tor Weekly News — November 20th, 2013
+
+{{{
+========================================================================
+Tor Weekly News November 20th, 2013
+========================================================================
+
+Welcome to the twenty-first issue of Tor Weekly News, the weekly newsletter that
+covers what is happening in the XXX Tor community.
+
+New Release of XXX
+------------------
+
+XXX: cite specific release date, numbers, and developers responsible
+
+XXX: details about release
+
+ [XXX]
+
+Monthly status reports for XXX month 2013
+-----------------------------------------
+
+The wave of regular monthly reports from Tor project members for the
+month of XXX has begun. XXX released his report first [XXX], followed
+by reports from name 2 [XXX], name 3 [XXX], and name 4 [XXX].
+
+ [XXX]
+ [XXX]
+ [XXX]
+ [XXX]
+
+Miscellaneous news
+------------------
+
+Item 1 with cited source [XXX].
+
+Item 2 with cited source [XXX].
+
+Item 3 with cited source [XXX].
+
+ [XXX]
+ [XXX]
+ [XXX]
+
+Vulnerabilities
+---------------
+
+XXX: Reported vulnerabilities [XXX].
+
+ [XXX] vulnerability report source
+
+Upcoming events
+---------------
+
+Jul XX-XX | Event XXX brief description
+ | Event City, Event Country
+ | Event website URL
+ |
+Jul XX-XX | Event XXX brief description
+ | Event City, Event Country
+ | Event website URL
+
+
+This issue of Tor Weekly News has been assembled by XXX, XXX, and
+XXX.
+
+Want to continue reading TWN? Please help us create this newsletter.
+We still need more volunteers to watch the Tor community and report
+important news. Please see the project page [XXX], write down your
+name and subscribe to the team mailing list [XXX] if you want to
+get involved!
+
+ [XXX] https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
+ [XXX] https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
+}}}
--
Your friendly TWN monitoring script
In case of malfunction, please reach out for lunar at torproject.org
or for the worst cases, tell weasel at torproject.org to kill me.
More information about the news-team
mailing list