[TWN team] Recent changes to the wiki pages
Lunar
lunar at torproject.org
Tue Dec 16 23:20:05 UTC 2014
===========================================================================
=== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2014/50 ===
===========================================================================
version 10
Author: harmony
Date: 2014-12-16T22:46:06+00:00
decapitalize
--- version 9
+++ version 10
@@ -107,7 +107,7 @@
[XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
TheCthulhu announced that his mirrors of two Tor network tools are now
-available over Tor Hidden Services [XXX]. Globe [XXX] can be accessed
+available over Tor hidden services [XXX]. Globe [XXX] can be accessed
via http://globe223ezvh6bps.onion and Atlas [XXX] via
http://atlas777hhh7mcs7.onion. The mirrors provided by the Cthulhu run
on their own instance of Onionoo, so in the event that the primary sites
version 9
Author: harmony
Date: 2014-12-16T22:40:19+00:00
credits
--- version 8
+++ version 9
@@ -196,8 +196,8 @@
| https://mailman.boum.org/pipermail/tails-dev/2014-December/007626.html
-This issue of Tor Weekly News has been assembled by XXX, XXX, and
-XXX.
+This issue of Tor Weekly News has been assembled by Harmony, TheCthulhu,
+Matt Pagan, and Karsten Loesing.
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
version 8
Author: harmony
Date: 2014-12-16T22:38:41+00:00
add misc
--- version 7
+++ version 8
@@ -64,24 +64,98 @@
Miscellaneous news
------------------
-TheCthulhu has now announced that two of his mirrors are now available
-over Tor Hidden Services [XXX]. Globe can be accessed via
-http://globe223ezvh6bps.onion and Atlas via
+George Kadianakis, Karsten Loesing, Aaron Johnson, and David Goulet
+requested feedback [XXX] on the design and code they have developed for
+the Tor branch [XXX] that will enable the collection of statistics on
+Tor hidden services, hoping to answer the questions “Approximately how
+many hidden services are there?” and “Approximately how much traffic in
+the Tor network is going to hidden services?”: “Our plan is that in
+approximately a week we will ask volunteers to run the branch. Then in a
+month from now we will use those stats to write a blog post about the
+approximate size of Tor hidden services network and the approximate
+traffic it’s pushing.” Please join in with your comments on the relevant
+ticket [XXX]!
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-December/007968.html
+ [XXX]: https://gitweb.torproject.org/karsten/tor.git/log/?h=task-13192-5
+ [XXX]: https://bugs.torproject.org/13192
+
+Philipp Winter announced [XXX] an early version of “zoossh”, which as
+the name implies is a speedy parser written in Go that will help to
+“detect sybils and other anomalies in the Tor network” by examining
+Tor’s archive of network data. While it is not quite ready for use, “I
+wanted folks to know that I’m working on that and I’m always happy to
+get feedback and patches.”
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-December/007973.html
+
+Yawning Angel announced [XXX] the existence of “basket”, a “stab at
+designing something that significantly increases Tor’s resistance to
+upcoming/future attacks”, combining post-quantum cryptographic
+primitives with “defenses against website fingerprinting (and possibly
+end-to-end correlation) attacks”. You can read full details of the
+cryptographic and other features of “basket” in Yawning’s post, which is
+replete with warnings against using the software at this stage: “It’s
+almost at the point where brave members of the general public should be
+aware that it exists as a potential option in the privacy toolbox…[but]
+seriously, unless you are a developer or researcher, you REALLY SHOULD
+NOT use ‘basket’.” If you are gifted or foolhardy enough to ignore
+Yawning’s advice and test “basket” for yourself, please let the tor-dev
+mailing list [XXX] know what you find.
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-December/007977.html
+ [XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
+
+TheCthulhu announced that his mirrors of two Tor network tools are now
+available over Tor Hidden Services [XXX]. Globe [XXX] can be accessed
+via http://globe223ezvh6bps.onion and Atlas [XXX] via
http://atlas777hhh7mcs7.onion. The mirrors provided by the Cthulhu run
-on their own instance of Onionoo therefore in the event the primary
-sites hosted by Tor Project are offline, both of these new mirrors
-should still be available for use either through the new hidden
-services or through their regular clearnet access. [XXX] [XXX]
-
-Item 2 with cited source [XXX].
-
-Item 3 with cited source [XXX].
+on their own instance of Onionoo, so in the event that the primary sites
+hosted by Tor Project are offline, both of these new mirrors should
+still be available for use either through the new hidden services or
+through regular clearnet access.
[XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-December/035982.html
[XXX]: https://globe.thecthulhu.com
[XXX]: https://atlas.thecthulhu.com
- [XXX]:
- [XXX]:
+
+The Tails team published a signed list of SHA256 hashes for every
+version of Tails (and its predecessor, amnesia) that it had either
+built or verified at the time of release.
+
+ [XXX]: https://mailman.boum.org/pipermail/tails-dev/2014-December/007632.html
+
+Vlad Tsyrklevich raised the issue of the discoverability risk posed to
+Tor bridges by the default setting of their ORPorts to 443 or 9001.
+Using data from Onionoo and internet-wide scans, Vlad found that “there
+are 4267 bridges, of which 1819 serve their ORPort on port 443 and 383
+serve on port 9001. That’s 52% of tor bridges. There are 1926
+pluggable-transports enabled bridges, 316 with ORPort 443 and 33 with
+ORPort 9001. That’s 18% of Tor bridges…I realized I was also discovering
+a fair amount of private bridges not included in the Onionoo data set.”
+Vlad recommended that operators be warned to change their ORPorts away
+from the default; Aaron Johnson suggested [XXX] possible alternative
+solutions, and Philipp Winter remarked [XXX] that while bridges on port
+443 “would easily fall prey to Internet-wide scanning”, “they would
+still be useful for users behind captive portals” and other adversaries
+that restrict connections to a limited range of ports.
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-December/007957.html
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-December/007959.html
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-December/007963.html
+
+Alden Page announced [XXX] that development will soon begin on a
+free-software tool to counteract “stylometry” attacks, which attempt to
+deanonymize the author of a piece of text based on their writing style
+alone. “I hope you will all agree that this poses a significant threat
+to the preservation of the anonymity of Tor users”, wrote Alden. “In the
+spirit of meeting the needs of the privacy community, I am interested in
+hearing what potential users might have to say about the design of such
+a tool.” Please see Alden’s post for further discussion of stylometry
+attacks and the proposed countermeasures, and feel free to respond with
+your comments or questions.
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-December/035989.html
Tor help desk roundup
---------------------
@@ -94,28 +168,6 @@
Browser in Kali Linux, create a new user account just for using Tor
Browser. Unpack Tor Browser and chown -R your whole Tor Browser
directory. Run Tor Browser as your created Tor Browser user account.
-
-
-News from Tor StackExchange
----------------------------
-
-Text with cited source [XXX].
-
- [XXX]:
-
-Easy development tasks to get involved with
--------------------------------------------
-
-Text with cited source [XXX].
-
- [XXX]:
-
-This week in Tor history
-------------------------
-
-Text with cited source [XXX].
-
- [XXX]:
Upcoming events
---------------
@@ -156,12 +208,3 @@
[XXX]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
[XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
}}}
-
-Possible items:
- * https://lists.torproject.org/pipermail/tor-dev/2014-December/007968.html George et al. are asking the community to review their proposal and code to get better hidden-service statistics;
- * Historical Tails hashes https://mailman.boum.org/pipermail/tails-dev/2014-December/007632.html
- * Basket https://lists.torproject.org/pipermail/tor-dev/2014-December/007977.html
- * Developing an open-source, user-friendly tool for avoiding stylometry https://lists.torproject.org/pipermail/tor-talk/2014-December/035989.html
- * A Tor document parser implemented in Go https://lists.torproject.org/pipermail/tor-dev/2014-December/007973.html
- * Internet-wide scanning for bridges https://lists.torproject.org/pipermail/tor-dev/2014-December/007957.html
- * Torrent distribution https://lists.torproject.org/pipermail/tor-dev/2014-December/007940.html
--
Your friendly TWN monitoring script
In case of malfunction, please reach out for lunar at torproject.org
or for the worst cases, tell weasel at torproject.org to kill me.
More information about the news-team
mailing list