[TWN team] Recent changes to the wiki pages
Lunar
lunar at torproject.org
Tue Feb 4 16:00:18 UTC 2014
===========================================================================
==== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2014/5 ====
===========================================================================
version 53
Author: beseemer
Date: 2014-02-04T15:11:25+00:00
language fixes
--- version 52
+++ version 53
@@ -18,7 +18,7 @@
News from the browser team front
--------------------------------
-Mike Perry has sent a detailed report [1] about what the growing Tor
+Mike Perry has a detailed report [1] about what the growing Tor
Browser team has been up to. Among the good news, new fingerprinting
defenses are getting close to be merged for “screen resolution, default
character sets, site permissions, and local service enumeration”. Some
@@ -30,22 +30,21 @@
Most censored users currently have to use a separate browser bundle
dubbed “pluggable transports bundle”. This has proven quite inconvenient
-for both users and those trying to support them. But finally, Mike
+for both users and those trying to support them. Mike
reports progress on “unifying the pluggable transport bundles with the
official bundles, so that both censored and uncensored users can use the
same bundles. […] The progress is sufficient that we are very likely to
be able to deploy a 3.6-beta1 release in February to test these unified
bundles.”
-Another important topic is how the privacy issues that have been
-identified by the Tor Project can benefit even more users in the future.
-The team has “continued the merge process with Mozilla, and have worked
-to ensure that every patch of ours is on their radar […]. Two patches,
-one for an API we require to manage the Tor subprocess, and another to
-give us a filter to remove potentially dangerous drag-and-drop events to
-the desktop have already been merged. Next steps will include filing
-more bugs, continual contact with their development team, and touching
-up patches as needed.”
+Another important topic is how the work done by the Tor Project can
+reach even more users. The team has “continued the merge process with
+Mozilla, and have worked to ensure that every patch of ours is on
+their radar […]. Two patches, one for an API we require to manage the
+Tor subprocess, and another to give us a filter to remove potentially
+dangerous drag-and-drop events to the desktop have already been
+merged. Next steps will include filing more bugs, continual contact
+with their development team, and touching up patches as needed.”
There are even more things to smile about in the report. Read it in full
for the whole picture.
@@ -55,26 +54,25 @@
Key revocation in next generation hidden services
-------------------------------------------------
-It looks like every public-key infrastructure [2] struggles on how to
-handle revocation. And hidden services are no different as the current
-design completely ignored the problem of preventing a stolen key from
-being reused by an attacker.
+It looks like every public-key infrastructure [2] struggles with how to
+handle key revocation. Hidden services are no different. The current
+design completely ignored preventing a stolen key from being reused by
+an attacker.
With the on-going effort to create a new protocol for hidden
-services [3], now seemed a good time for George Kadianakis to raise the
-issue [4]. Previously, there was little control for the hidden services
-operators over their secret key. As the new design enables offline
-management operations, enabling revocation procedures should just fit
-in.
+services [3], now seemed a good time for George Kadianakis to raise this
+issue [4]. Previously there was little control for the hidden services
+operators over their secret key. The new design enables offline
+management operations which include key revocation.
As George put it, currently well-known solutions “are always messy and
-don't work really well (look at SSL's OCSP [5] and CRLs [6]).” So how
+don't work really well (look at SSL's OCSP [5] and CRLs [6]).” So how can
“the legitimate Hidden Service can inform a client that its keys got
compromised”?
In his email, George describes two solutions, one relying on the
directory authorities, the other on hidden service directories. Both
-have drawbacks, so maybe there's the need for more research.
+have drawbacks, so perhaps further research is necessary.
In the same thread, Nick Hopper suggested [7] a scheme that uses
multiple hidden service directories to cross-certify their revocation
@@ -96,7 +94,7 @@
Mumble [8] is a “low-latency, high quality voice chat software primarily
intended for use while gaming”.
-It has proven to be a reliable solution to do voice chat among multiple
+It's proven to be a reliable solution for voice chat among multiple
parties over Tor. Matt and Colin have worked on a documentation on how
to setup both the client and the server side [9] for Tor users.
@@ -106,7 +104,7 @@
resolver [10].
The changes that need to be made to the Mumble code are less trivial
-than one can think. Matt describe the issue in more details in his call
+than one would think. Matt describe the issue in more details in his call
for help [11]. Have a look if you are up to some C++/Qt hacking.
[8]: http://mumble.sourceforge.net/
@@ -192,7 +190,7 @@
[34]: https://lists.torproject.org/pipermail/tor-talk/2014-February/032010.html
[35]: https://lists.torproject.org/pipermail/tor-talk/2014-January/031623.html
-Andrew Lewman reported on his trip to Washington DC [36] where he met
+Andrew Lewman reports on his trip to Washington DC [36] where he met
Spitfire Strategies to learn about “Tor's brand, media presence, and
ideas for the future”. For a short excerpt: “It's interesting to get
critiques on all our past media appearances; what was good and what
@@ -273,7 +271,7 @@
qbi, George Kadianakis, Colin, Sandeep and Karsten Loesing.
TWN is a community newsletter. It can't rest upon a single pair of
-shoulders at all time, especially when those shoulders stand behind a
+shoulders at all times, especially when those shoulders stand behind a
booth for two days straight. So if you want to continue reading TWN, we
really need your help! Please see the project page [48] and say “hi” on
the the team mailing list [49].
version 52
Author: lunar
Date: 2014-02-04T14:38:20+00:00
FREEZE *phew*
--- version 51
+++ version 52
@@ -1,6 +1,9 @@
''31st issue of Tor Weekly News. Covering what's happening from January 28th, 2014 to February 4th, 2014. To be released on February 5th, 2014.''
'''Editor:''' Lunar
+
+'''Status:''' FROZEN. Only technical and language fixes are accepted.
+New items should go in [wiki:TorWeeklyNews/2014/6 next week's edition].
'''Subject:''' Tor Weekly News — February 4th, 2014
@@ -15,235 +18,240 @@
News from the browser team front
--------------------------------
-Mike Perry has sent a detailed report [XXX] about what the growing
-Tor Browser team has been up to. Among the good news, new fingerprinting
+Mike Perry has sent a detailed report [1] about what the growing Tor
+Browser team has been up to. Among the good news, new fingerprinting
defenses are getting close to be merged for “screen resolution, default
character sets, site permissions, and local service enumeration”. Some
other changes that will reduce the attack surface include “disabling
-addon update requests for addons that should not update, a potential
-fix for a disk leak in the browser's video cache, […], and a potential
-fix to prevent the Flash plugin from being loaded into the browser
-at all until the user actually requests to use it.”
+addon update requests for addons that should not update, a potential fix
+for a disk leak in the browser's video cache, […], and a potential fix
+to prevent the Flash plugin from being loaded into the browser at all
+until the user actually requests to use it.”
Most censored users currently have to use a separate browser bundle
dubbed “pluggable transports bundle”. This has proven quite inconvenient
-for both users and those trying to support them. But finally, Mike reports
-progress on “unifying the pluggable transport bundles with the official bundles,
-so that both censored and uncensored users can use the same bundles. […] The
-progress is sufficient that we are very likely to be able to deploy a
-3.6-beta1 release in February to test these unified bundles.”
+for both users and those trying to support them. But finally, Mike
+reports progress on “unifying the pluggable transport bundles with the
+official bundles, so that both censored and uncensored users can use the
+same bundles. […] The progress is sufficient that we are very likely to
+be able to deploy a 3.6-beta1 release in February to test these unified
+bundles.”
Another important topic is how the privacy issues that have been
identified by the Tor Project can benefit even more users in the future.
The team has “continued the merge process with Mozilla, and have worked
-to ensure that every patch of ours is on their radar […]. Two patches,
-one for an API we require to manage the Tor subprocess, and another
-to give us a filter to remove potentially dangerous drag-and-drop events
-to the desktop have already been merged. Next steps will include filing
+to ensure that every patch of ours is on their radar […]. Two patches,
+one for an API we require to manage the Tor subprocess, and another to
+give us a filter to remove potentially dangerous drag-and-drop events to
+the desktop have already been merged. Next steps will include filing
more bugs, continual contact with their development team, and touching
up patches as needed.”
There are even more things to smile about in the report. Read it in full
for the whole picture.
- [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000438.html
+ [1]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000438.html
Key revocation in next generation hidden services
-------------------------------------------------
-It looks like every public-key infrastructure [XXX] struggles on how to handle
-revocation. And hidden services are no different as the current design
-completely ignored the problem of preventing a stolen key from being
-reused by an attacker.
+It looks like every public-key infrastructure [2] struggles on how to
+handle revocation. And hidden services are no different as the current
+design completely ignored the problem of preventing a stolen key from
+being reused by an attacker.
With the on-going effort to create a new protocol for hidden
-services [XXX], now seemed a good time for George Kadianakis
-to raise the issue [XXX]. Previously, there was little control for the
-hidden services operators over their secret key. As the new design
-enables offline management operations, enabling revocation procedures
-should just fit in.
-
-As George put it, currently well-known solutions “are always
-messy and don't work really well (look at SSL's OCSP [XXX] and
-CRLs [XXX]).” So how “the legitimate Hidden Service can inform a
-client that its keys got compromised”?
+services [3], now seemed a good time for George Kadianakis to raise the
+issue [4]. Previously, there was little control for the hidden services
+operators over their secret key. As the new design enables offline
+management operations, enabling revocation procedures should just fit
+in.
+
+As George put it, currently well-known solutions “are always messy and
+don't work really well (look at SSL's OCSP [5] and CRLs [6]).” So how
+“the legitimate Hidden Service can inform a client that its keys got
+compromised”?
In his email, George describes two solutions, one relying on the
-directory authorities, the other on hidden service directories.
-Both have drawbacks, so maybe there's the need for more research.
-
-In the same thread, Nick Hopper suggested [XXX] a scheme that uses multiple
-hidden service directories to cross-certify their revocation lists.
-This gives more confidence to the user, since the adversary now has to
-compromise multiple hidden service directories.
+directory authorities, the other on hidden service directories. Both
+have drawbacks, so maybe there's the need for more research.
+
+In the same thread, Nick Hopper suggested [7] a scheme that uses
+multiple hidden service directories to cross-certify their revocation
+lists. This gives more confidence to the user, since the adversary now
+has to compromise multiple hidden service directories.
Please join the discussion if you have ideas to share!
- [XXX]: https://en.wikipedia.org/wiki/Public-key_infrastructure
- [XXX]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/224-rend-spec-ng.txt
- [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006146.html
- [XXX]: https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
- [XXX]: https://en.wikipedia.org/wiki/Certificate_revocation_list
- [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006149.html
+ [2]: https://en.wikipedia.org/wiki/Public-key_infrastructure
+ [3]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/224-rend-spec-ng.txt
+ [4]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006146.html
+ [5]: https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
+ [6]: https://en.wikipedia.org/wiki/Certificate_revocation_list
+ [7]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006149.html
Help needed to remove DNS leaks from Mumble
-------------------------------------------
-Mumble [XXX] is a “low-latency, high quality voice chat software
-primarily intended for use while gaming”.
+Mumble [8] is a “low-latency, high quality voice chat software primarily
+intended for use while gaming”.
It has proven to be a reliable solution to do voice chat among multiple
-parties over Tor. Matt and Colin have worked on a documentation on how to setup both the
-client and the server side [XXX] for Tor users.
+parties over Tor. Matt and Colin have worked on a documentation on how
+to setup both the client and the server side [9] for Tor users.
But the client is currently only safely usable on Linux system with
torsocks and on Tails. On other operating systems, the Mumble client
will unfortunately leak the address of the server to the local DNS
-resolver [XXX].
+resolver [10].
The changes that need to be made to the Mumble code are less trivial
than one can think. Matt describe the issue in more details in his call
-for help [XXX]. Have a look if you are up to some C++/Qt hacking.
-
- [XXX]: http://mumble.sourceforge.net/
- [XXX]: https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/Mumble
- [XXX]: https://github.com/mumble-voip/mumble/issues/1033
- [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006158.html
+for help [11]. Have a look if you are up to some C++/Qt hacking.
+
+ [8]: http://mumble.sourceforge.net/
+ [9]: https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/Mumble
+ [10]: https://github.com/mumble-voip/mumble/issues/1033
+ [11]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006158.html
Monthly status reports for January 2014
---------------------------------------
The wave of regular monthly reports from Tor project members for the
-month of January has begun. Damian Johnson released his report first [XXX],
-followed by reports from Philipp Winter [XXX], Sherief Alaa [XXX], the Tor Browser team from Mike Perry [XXX],
-Colin C. [XXX], the help desk [XXX], Matt [XXX]. Lunar [XXX], George Kadianakis [XXX],
-and Pearl Crescent [XXX].
-
- [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-January/000435.html
- [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-January/000436.html
- [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000437.html
- [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000438.html
- [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000439.html
- [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000440.html
- [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000441.html
- [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000442.html
- [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000443.html
- [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000445.html
+month of January has begun. Damian Johnson released his report
+first [12], followed by reports from Philipp Winter [13], Sherief
+Alaa [14], the Tor Browser team from Mike Perry [15], Colin C. [16], the
+help desk [17], Matt [18]. Lunar [19], George Kadianakis [20], and Pearl
+Crescent [21].
+
+ [12]: https://lists.torproject.org/pipermail/tor-reports/2014-January/000435.html
+ [13]: https://lists.torproject.org/pipermail/tor-reports/2014-January/000436.html
+ [14]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000437.html
+ [15]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000438.html
+ [16]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000439.html
+ [17]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000440.html
+ [18]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000441.html
+ [19]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000442.html
+ [20]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000443.html
+ [21]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000445.html
Miscellaneous news
------------------
-Nick Mathewson came up [XXX] with a Python script [XXX] to convert the new MaxMind
-GeoIP2 binary database to the format used by Tor for its geolocation database.
-
- [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006157.html
- [XXX]: https://github.com/nmathewson/mmdb-convert
-
-Thanks to John Ricketts from Quintex Alliance Consulting [XXX] for providing
-another mirror for the Tor Project's website and software.
-
- [XXX]: https://lists.torproject.org/pipermail/tor-mirrors/2014-February/000464.html
-
-Abhiram Chintangal and Oliver Baumann are reporting [XXX] progress on their
-rewrite [XXX] of the Tor Weather service.
-
- [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006142.html
- [XXX]: https://github.com/baumanno/tor-weather-rewrite
-
-Andreas Jonsson gave an update [XXX] on how Mozilla is moving to a multi-process
-model for Firefox [XXX] and how this should positively affect the possibility
-of sandboxing the Tor Browser in the future.
-
- [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-January/031959.html
- [XXX]: https://bugzilla.mozilla.org/show_bug.cgi?id=925570
-
-As planned [XXX], to help “developers to analyze the directory protocol and for
-researchers to understand what information is available to clients to
-make path selection decisions”, Karsten Loesing has made [XXX]
+Nick Mathewson came up [22] with a Python script [23] to convert the new
+MaxMind GeoIP2 binary database to the format used by Tor for its
+geolocation database.
+
+ [22]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006157.html
+ [23]: https://github.com/nmathewson/mmdb-convert
+
+Thanks to John Ricketts from Quintex Alliance Consulting [24] for
+providing another mirror for the Tor Project's website and software.
+
+ [24]: https://lists.torproject.org/pipermail/tor-mirrors/2014-February/000464.html
+
+Abhiram Chintangal and Oliver Baumann are reporting [25] progress on
+their rewrite [26] of the Tor Weather service.
+
+ [25]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006142.html
+ [26]: https://github.com/baumanno/tor-weather-rewrite
+
+Andreas Jonsson gave an update [27] on how Mozilla is moving to a
+multi-process model for Firefox [28] and how this should positively
+affect the possibility of sandboxing the Tor Browser in the future.
+
+ [27]: https://lists.torproject.org/pipermail/tor-talk/2014-January/031959.html
+ [28]: https://bugzilla.mozilla.org/show_bug.cgi?id=925570
+
+As planned [29], to help “developers to analyze the directory protocol
+and for researchers to understand what information is available to
+clients to make path selection decisions”, Karsten Loesing has made [30]
microdescriptor archives available on the metrics website.
- [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006061.html
- [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006141.html
-
-Christian has deployed [XXX] a test platform [XXX] for the JavaScript-less
-version of Globe, a tool to retrieve information about the Tor network and its
-relays.
-
- [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-February/032012.html
- [XXX]: https://globe-node.herokuapp.com/
-
-In an answer to Shadowman's questions about pluggable transports, George Kadianakis
-wrote a detailed reply on how Tor manages pluggable transports [XXX], both on the
-server side an on the client side.
-
- [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-January/031984.html
-
-Arthur D. Edelstein has advertised a GreaseMonkey script [XXX] to enable Tor Browser
-to access YouTube videos without having JavaScript enabled. Please be aware of the
-security risks that GreaseMonkey might introduce [XXX] before using such a solution.
-
- [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-February/032010.html
- [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-January/031623.html
-
-Andrew Lewman reported on his trip to Washington DC [XXX] where he met Spitfire Strategies
-to learn about “Tor's brand, media presence, and ideas for the future”. For a
-short excerpt: “It's interesting to get critiques on all our past
-media appearances; what was good and what could be better. Overall,
-the team there are doing a great job.”
-
- [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-January/000434.html
-
-Lunar accounted [XXX] for Tor's presence at FOSDEM, one of the largest free
-software event in Europe. The project had a small booth [XXX] shared with
-Mozilla and there was even a relay operator meetup [XXX].
-
- [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000443.html
- [XXX]: https://twitter.com/anthraxx42/status/429600652399247361
- [XXX]: https://twitter.com/FrennVunDerEnn/status/429636610603233280
-
-Yan Zhu has released [XXX] the first version of HTTPS Everywhere for
-Firefox Mobile. A good news for users of the upcoming Orfox [XXX].
-
- [XXX]: https://lists.eff.org/pipermail/https-everywhere/2014-February/001964.html
- [XXX]: https://github.com/guardianproject/Orfox
+ [29]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006061.html
+ [30]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006141.html
+
+Christian has deployed [31] a test platform [32] for the JavaScript-less
+version of Globe, a tool to retrieve information about the Tor network
+and its relays.
+
+ [31]: https://lists.torproject.org/pipermail/tor-talk/2014-February/032012.html
+ [32]: https://globe-node.herokuapp.com/
+
+In an answer to Shadowman's questions about pluggable transports, George
+Kadianakis wrote a detailed reply on how Tor manages pluggable
+transports [33], both on the server side an on the client side.
+
+ [33]: https://lists.torproject.org/pipermail/tor-talk/2014-January/031984.html
+
+Arthur D. Edelstein has advertised a GreaseMonkey script [34] to enable
+Tor Browser to access YouTube videos without having JavaScript enabled.
+Please be aware of the security risks that GreaseMonkey might
+introduce [35] before using such a solution.
+
+ [34]: https://lists.torproject.org/pipermail/tor-talk/2014-February/032010.html
+ [35]: https://lists.torproject.org/pipermail/tor-talk/2014-January/031623.html
+
+Andrew Lewman reported on his trip to Washington DC [36] where he met
+Spitfire Strategies to learn about “Tor's brand, media presence, and
+ideas for the future”. For a short excerpt: “It's interesting to get
+critiques on all our past media appearances; what was good and what
+could be better. Overall, the team there are doing a great job.”
+
+ [36]: https://lists.torproject.org/pipermail/tor-reports/2014-January/000434.html
+
+Lunar accounted [37] for Tor's presence at FOSDEM, one of the largest
+free software event in Europe. The project had a small booth [38] shared
+with Mozilla and there was even a relay operator meetup [39].
+
+ [37]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000443.html
+ [38]: https://twitter.com/anthraxx42/status/429600652399247361
+ [39]: https://twitter.com/FrennVunDerEnn/status/429636610603233280
+
+Yan Zhu has released [40] the first version of HTTPS Everywhere for
+Firefox Mobile. A good news for users of the upcoming Orfox [41].
+
+ [40]: https://lists.eff.org/pipermail/https-everywhere/2014-February/001964.html
+ [41]: https://github.com/guardianproject/Orfox
Tor help desk roundup
---------------------
-The help desk has now received multiple emails from users that say the
+The help desk has now received multiple emails from users that say the
captcha on bridges.torproject.org was too hard for them.
-Users often want to know if Tor can make them appear to be coming from a
-particular country. Although doing so can reduce one's anonymity, it is
-documented on our FAQ page [XXX].
+Users often want to know if Tor can make them appear to be coming from a
+particular country. Although doing so can reduce one's anonymity, it is
+documented on our FAQ page [42].
Orbot users have noticed that installing Orbot to their SD storage can
-cause Orbot to stop functioning correctly. Installing Orbot to the internal
-storage has resolved issues for a few users.
-
- [XXX]: https://www.torproject.org/docs/faq#ChooseEntryExit
+cause Orbot to stop functioning correctly. Installing Orbot to the
+internal storage has resolved issues for a few users.
+
+ [42]: https://www.torproject.org/docs/faq#ChooseEntryExit
News from Tor StackExchange
---------------------------
-Rhin is looking for hidden services hosting services. Jens
-pointed him to ahmia.fi [XXX] but it looks like no there are no gratis hidden
+Rhin is looking for hidden services hosting services. Jens pointed him
+to ahmia.fi [43] but it looks like no there are no gratis hidden
services hosters currently available.
- [XXX]: https://tor.stackexchange.com/q/1402/88
-
-Vijay kudal wanted to know how to change the current circuit within shell
-scripts [XXX]. Jens Kubieziel gave an answer using expect and hexdump [XXX].
-
- [XXX]: https://tor.stackexchange.com/q/1438/1041
- [XXX]: https://tor.stackexchange.com/a/1453/88
-
-Roya saw check.torproject.org replying contradictory information with Atlas
-about the exit node being used. It seems to be a bug in check occuring when
-multiple nodes are using the same IP address [XXX].
-
- [XXX]: https://tor.stackexchange.com/q/1439/88
- [XXX]: https://bugs.torproject.org/10499#comment:4
+ [43]: https://tor.stackexchange.com/q/1402/88
+
+Vijay kudal wanted to know how to change the current circuit within
+shell scripts [44]. Jens Kubieziel gave an answer using expect and
+hexdump [45].
+
+ [44]: https://tor.stackexchange.com/q/1438/1041
+ [45]: https://tor.stackexchange.com/a/1453/88
+
+Roya saw check.torproject.org replying contradictory information [46]
+with Atlas about the exit node being used. It seems to be a bug in check
+occuring when multiple nodes are using the same IP address [47].
+
+ [46]: https://tor.stackexchange.com/q/1439/88
+ [47]: https://bugs.torproject.org/10499#comment:4
Upcoming events
---------------
@@ -265,11 +273,11 @@
qbi, George Kadianakis, Colin, Sandeep and Karsten Loesing.
TWN is a community newsletter. It can't rest upon a single pair of
-shoulders at all time, especially when those shoulders stand behind
-a booth for two days straight. So if you want to continue reading
-TWN, we really need your help! Please see the project page [XXX]
-and say “hi” on the the team mailing list [XXX].
-
- [XXX]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
- [XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
-}}}+shoulders at all time, especially when those shoulders stand behind a
+booth for two days straight. So if you want to continue reading TWN, we
+really need your help! Please see the project page [48] and say “hi” on
+the the team mailing list [49].
+
+ [48]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
+ [49]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
+}}}
version 51
Author: lunar
Date: 2014-02-04T14:35:09+00:00
credits
--- version 50
+++ version 51
@@ -261,8 +261,8 @@
| http://privacysos.org/party
-This issue of Tor Weekly News has been assembled by XXX, XXX, and
-Matt Pagan.
+This issue of Tor Weekly News has been assembled by Lunar, Matt Pagan,
+qbi, George Kadianakis, Colin, Sandeep and Karsten Loesing.
TWN is a community newsletter. It can't rest upon a single pair of
shoulders at all time, especially when those shoulders stand behind
version 50
Author: lunar
Date: 2014-02-04T14:31:56+00:00
reword some of Tor SE report
--- version 49
+++ version 50
@@ -223,29 +223,27 @@
[XXX]: https://www.torproject.org/docs/faq#ChooseEntryExit
-
News from Tor StackExchange
---------------------------
-Rhin looked for some hidden services which offers hosting possibilities. Jens
-pointed him to ahmia.fi where he can look for different offers [XXX].
-
- [XXX]: http://tor.stackexchange.com/q/1402/88
-
-There were some questions where users wanted to change the current circuit
-with telnet or some shell scripts. The answers list how to do this using expect
-or hexdump plus telnet [XXX] [XXX]. Roya reminded that there is also a
-possibility inside the Tor Browser [XXX].
-
- [XXX]: http://tor.stackexchange.com/a/1450/88
- [XXX]: http://tor.stackexchange.com/a/1453/88
- [XXX]: http://tor.stackexchange.com/a/1440/88
-
-Roya saw that the check site and Atlas deliver different information about
-the exit node[XXX]. This seems to be a bug in TorDNSEL[XXX].
-
- [XXX]: http://tor.stackexchange.com/q/1439/88
- [XXX]: https://trac.torproject.org/projects/tor/ticket/10499
+Rhin is looking for hidden services hosting services. Jens
+pointed him to ahmia.fi [XXX] but it looks like no there are no gratis hidden
+services hosters currently available.
+
+ [XXX]: https://tor.stackexchange.com/q/1402/88
+
+Vijay kudal wanted to know how to change the current circuit within shell
+scripts [XXX]. Jens Kubieziel gave an answer using expect and hexdump [XXX].
+
+ [XXX]: https://tor.stackexchange.com/q/1438/1041
+ [XXX]: https://tor.stackexchange.com/a/1453/88
+
+Roya saw check.torproject.org replying contradictory information with Atlas
+about the exit node being used. It seems to be a bug in check occuring when
+multiple nodes are using the same IP address [XXX].
+
+ [XXX]: https://tor.stackexchange.com/q/1439/88
+ [XXX]: https://bugs.torproject.org/10499#comment:4
Upcoming events
---------------
version 49
Author: lunar
Date: 2014-02-04T14:19:36+00:00
write about HTTPS Everywhere for FF mobile
--- version 48
+++ version 49
@@ -200,6 +200,12 @@
[XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000443.html
[XXX]: https://twitter.com/anthraxx42/status/429600652399247361
[XXX]: https://twitter.com/FrennVunDerEnn/status/429636610603233280
+
+Yan Zhu has released [XXX] the first version of HTTPS Everywhere for
+Firefox Mobile. A good news for users of the upcoming Orfox [XXX].
+
+ [XXX]: https://lists.eff.org/pipermail/https-everywhere/2014-February/001964.html
+ [XXX]: https://github.com/guardianproject/Orfox
Tor help desk roundup
---------------------
@@ -268,8 +274,4 @@
[XXX]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
[XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
-}}}
-
-Possible items:
-
- * HTTPS Everywhere for Android https://lists.eff.org/pipermail/https-everywhere/2014-February/001964.html
+}}}
version 48
Author: lunar
Date: 2014-02-04T14:17:21+00:00
write about fosdem
--- version 47
+++ version 48
@@ -192,6 +192,14 @@
the team there are doing a great job.”
[XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-January/000434.html
+
+Lunar accounted [XXX] for Tor's presence at FOSDEM, one of the largest free
+software event in Europe. The project had a small booth [XXX] shared with
+Mozilla and there was even a relay operator meetup [XXX].
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-February/000443.html
+ [XXX]: https://twitter.com/anthraxx42/status/429600652399247361
+ [XXX]: https://twitter.com/FrennVunDerEnn/status/429636610603233280
Tor help desk roundup
---------------------
@@ -264,5 +272,4 @@
Possible items:
- * FOSDEM: https://twitter.com/anthraxx42/status/429600652399247361 https://lists.torproject.org/pipermail/tor-reports/2014-February/000443.html https://twitter.com/FrennVunDerEnn/status/429636610603233280
* HTTPS Everywhere for Android https://lists.eff.org/pipermail/https-everywhere/2014-February/001964.html
version 47
Author: lunar
Date: 2014-02-04T14:11:21+00:00
write about PT and Tor
--- version 46
+++ version 47
@@ -171,6 +171,12 @@
[XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-February/032012.html
[XXX]: https://globe-node.herokuapp.com/
+
+In an answer to Shadowman's questions about pluggable transports, George Kadianakis
+wrote a detailed reply on how Tor manages pluggable transports [XXX], both on the
+server side an on the client side.
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-January/031984.html
Arthur D. Edelstein has advertised a GreaseMonkey script [XXX] to enable Tor Browser
to access YouTube videos without having JavaScript enabled. Please be aware of the
@@ -258,6 +264,5 @@
Possible items:
- * integrate PTs in other projets https://lists.torproject.org/pipermail/tor-talk/2014-January/031984.html
* FOSDEM: https://twitter.com/anthraxx42/status/429600652399247361 https://lists.torproject.org/pipermail/tor-reports/2014-February/000443.html https://twitter.com/FrennVunDerEnn/status/429636610603233280
* HTTPS Everywhere for Android https://lists.eff.org/pipermail/https-everywhere/2014-February/001964.html
version 46
Author: lunar
Date: 2014-02-04T14:08:25+00:00
rewrite TWN call for help for this week
--- version 45
+++ version 46
@@ -246,11 +246,11 @@
This issue of Tor Weekly News has been assembled by XXX, XXX, and
Matt Pagan.
-Want to continue reading TWN? Please help us create this newsletter.
-We still need more volunteers to watch the Tor community and report
-important news. Please see the project page [XXX], write down your
-name and subscribe to the team mailing list [XXX] if you want to
-get involved!
+TWN is a community newsletter. It can't rest upon a single pair of
+shoulders at all time, especially when those shoulders stand behind
+a booth for two days straight. So if you want to continue reading
+TWN, we really need your help! Please see the project page [XXX]
+and say “hi” on the the team mailing list [XXX].
[XXX]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
[XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
version 45
Author: lunar
Date: 2014-02-04T14:04:03+00:00
write about globe
--- version 44
+++ version 45
@@ -164,6 +164,13 @@
[XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006061.html
[XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006141.html
+
+Christian has deployed [XXX] a test platform [XXX] for the JavaScript-less
+version of Globe, a tool to retrieve information about the Tor network and its
+relays.
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-February/032012.html
+ [XXX]: https://globe-node.herokuapp.com/
Arthur D. Edelstein has advertised a GreaseMonkey script [XXX] to enable Tor Browser
to access YouTube videos without having JavaScript enabled. Please be aware of the
@@ -253,5 +260,4 @@
* integrate PTs in other projets https://lists.torproject.org/pipermail/tor-talk/2014-January/031984.html
* FOSDEM: https://twitter.com/anthraxx42/status/429600652399247361 https://lists.torproject.org/pipermail/tor-reports/2014-February/000443.html https://twitter.com/FrennVunDerEnn/status/429636610603233280
- * JavaScript-less version of Globe to test https://lists.torproject.org/pipermail/tor-talk/2014-February/032012.html ; Looking up bridges in Globe et al. by fingerprint https://lists.torproject.org/pipermail/tor-dev/2014-February/006165.html
* HTTPS Everywhere for Android https://lists.eff.org/pipermail/https-everywhere/2014-February/001964.html
version 44
Author: asn
Date: 2014-02-04T13:49:34+00:00
add a paragraph about nick hopper's idea
--- version 43
+++ version 44
@@ -71,6 +71,12 @@
In his email, George describes two solutions, one relying on the
directory authorities, the other on hidden service directories.
Both have drawbacks, so maybe there's the need for more research.
+
+In the same thread, Nick Hopper suggested [XXX] a scheme that uses multiple
+hidden service directories to cross-certify their revocation lists.
+This gives more confidence to the user, since the adversary now has to
+compromise multiple hidden service directories.
+
Please join the discussion if you have ideas to share!
[XXX]: https://en.wikipedia.org/wiki/Public-key_infrastructure
@@ -78,6 +84,7 @@
[XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006146.html
[XXX]: https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
[XXX]: https://en.wikipedia.org/wiki/Certificate_revocation_list
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006149.html
Help needed to remove DNS leaks from Mumble
-------------------------------------------
version 43
Author: lunar
Date: 2014-02-04T13:34:55+00:00
write about DC trip
--- version 42
+++ version 43
@@ -164,6 +164,14 @@
[XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-February/032010.html
[XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-January/031623.html
+
+Andrew Lewman reported on his trip to Washington DC [XXX] where he met Spitfire Strategies
+to learn about “Tor's brand, media presence, and ideas for the future”. For a
+short excerpt: “It's interesting to get critiques on all our past
+media appearances; what was good and what could be better. Overall,
+the team there are doing a great job.”
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-January/000434.html
Tor help desk roundup
---------------------
@@ -236,7 +244,6 @@
Possible items:
- * DC Trip Report 24-26 January 2014 https://lists.torproject.org/pipermail/tor-reports/2014-January/000434.html
* integrate PTs in other projets https://lists.torproject.org/pipermail/tor-talk/2014-January/031984.html
* FOSDEM: https://twitter.com/anthraxx42/status/429600652399247361 https://lists.torproject.org/pipermail/tor-reports/2014-February/000443.html https://twitter.com/FrennVunDerEnn/status/429636610603233280
* JavaScript-less version of Globe to test https://lists.torproject.org/pipermail/tor-talk/2014-February/032012.html ; Looking up bridges in Globe et al. by fingerprint https://lists.torproject.org/pipermail/tor-dev/2014-February/006165.html
version 42
Author: lunar
Date: 2014-02-04T13:30:05+00:00
write about YT + greasemonkey
--- version 41
+++ version 42
@@ -157,6 +157,13 @@
[XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006061.html
[XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006141.html
+
+Arthur D. Edelstein has advertised a GreaseMonkey script [XXX] to enable Tor Browser
+to access YouTube videos without having JavaScript enabled. Please be aware of the
+security risks that GreaseMonkey might introduce [XXX] before using such a solution.
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-February/032010.html
+ [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-January/031623.html
Tor help desk roundup
---------------------
@@ -231,7 +238,6 @@
* DC Trip Report 24-26 January 2014 https://lists.torproject.org/pipermail/tor-reports/2014-January/000434.html
* integrate PTs in other projets https://lists.torproject.org/pipermail/tor-talk/2014-January/031984.html
- * YouTube Unscripted https://lists.torproject.org/pipermail/tor-talk/2014-February/032010.html XXX add warning about GreaseMonkey, find previous discussion regarding Greasemonkey + Youtube on tor-talk
* FOSDEM: https://twitter.com/anthraxx42/status/429600652399247361 https://lists.torproject.org/pipermail/tor-reports/2014-February/000443.html https://twitter.com/FrennVunDerEnn/status/429636610603233280
* JavaScript-less version of Globe to test https://lists.torproject.org/pipermail/tor-talk/2014-February/032012.html ; Looking up bridges in Globe et al. by fingerprint https://lists.torproject.org/pipermail/tor-dev/2014-February/006165.html
* HTTPS Everywhere for Android https://lists.eff.org/pipermail/https-everywhere/2014-February/001964.html
version 41
Author: lunar
Date: 2014-02-04T13:24:24+00:00
write about new mirror
--- version 40
+++ version 41
@@ -131,6 +131,11 @@
[XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006157.html
[XXX]: https://github.com/nmathewson/mmdb-convert
+
+Thanks to John Ricketts from Quintex Alliance Consulting [XXX] for providing
+another mirror for the Tor Project's website and software.
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-mirrors/2014-February/000464.html
Abhiram Chintangal and Oliver Baumann are reporting [XXX] progress on their
rewrite [XXX] of the Tor Weather service.
@@ -228,6 +233,5 @@
* integrate PTs in other projets https://lists.torproject.org/pipermail/tor-talk/2014-January/031984.html
* YouTube Unscripted https://lists.torproject.org/pipermail/tor-talk/2014-February/032010.html XXX add warning about GreaseMonkey, find previous discussion regarding Greasemonkey + Youtube on tor-talk
* FOSDEM: https://twitter.com/anthraxx42/status/429600652399247361 https://lists.torproject.org/pipermail/tor-reports/2014-February/000443.html https://twitter.com/FrennVunDerEnn/status/429636610603233280
- * New mirror: John Ricketts from Quintex Alliance Consulting https://lists.torproject.org/pipermail/tor-mirrors/2014-February/000464.html
* JavaScript-less version of Globe to test https://lists.torproject.org/pipermail/tor-talk/2014-February/032012.html ; Looking up bridges in Globe et al. by fingerprint https://lists.torproject.org/pipermail/tor-dev/2014-February/006165.html
* HTTPS Everywhere for Android https://lists.eff.org/pipermail/https-everywhere/2014-February/001964.html
version 40
Author: lunar
Date: 2014-02-04T13:19:52+00:00
finish feature about hs key revocation
--- version 39
+++ version 40
@@ -63,15 +63,19 @@
enables offline management operations, enabling revocation procedures
should just fit in.
-XXX
-put it, currently solutions “are always messy and don't work really
-well (look at SSL's OCSP [XXX] and CRLs [XXX]).”
-
+As George put it, currently well-known solutions “are always
+messy and don't work really well (look at SSL's OCSP [XXX] and
+CRLs [XXX]).” So how “the legitimate Hidden Service can inform a
+client that its keys got compromised”?
+
+In his email, George describes two solutions, one relying on the
+directory authorities, the other on hidden service directories.
+Both have drawbacks, so maybe there's the need for more research.
+Please join the discussion if you have ideas to share!
[XXX]: https://en.wikipedia.org/wiki/Public-key_infrastructure
[XXX]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/224-rend-spec-ng.txt
[XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-January/006146.html
-
[XXX]: https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
[XXX]: https://en.wikipedia.org/wiki/Certificate_revocation_list
@@ -221,7 +225,6 @@
Possible items:
* DC Trip Report 24-26 January 2014 https://lists.torproject.org/pipermail/tor-reports/2014-January/000434.html
- * Key revocation in Next Generation Hidden Services https://lists.torproject.org/pipermail/tor-dev/2014-January/006146.html
* integrate PTs in other projets https://lists.torproject.org/pipermail/tor-talk/2014-January/031984.html
* YouTube Unscripted https://lists.torproject.org/pipermail/tor-talk/2014-February/032010.html XXX add warning about GreaseMonkey, find previous discussion regarding Greasemonkey + Youtube on tor-talk
* FOSDEM: https://twitter.com/anthraxx42/status/429600652399247361 https://lists.torproject.org/pipermail/tor-reports/2014-February/000443.html https://twitter.com/FrennVunDerEnn/status/429636610603233280
version 39
Author: qbi
Date: 2014-02-04T12:50:06+00:00
some news from Tor.SE
--- version 38
+++ version 39
@@ -164,6 +164,30 @@
storage has resolved issues for a few users.
[XXX]: https://www.torproject.org/docs/faq#ChooseEntryExit
+
+
+News from Tor StackExchange
+---------------------------
+
+Rhin looked for some hidden services which offers hosting possibilities. Jens
+pointed him to ahmia.fi where he can look for different offers [XXX].
+
+ [XXX]: http://tor.stackexchange.com/q/1402/88
+
+There were some questions where users wanted to change the current circuit
+with telnet or some shell scripts. The answers list how to do this using expect
+or hexdump plus telnet [XXX] [XXX]. Roya reminded that there is also a
+possibility inside the Tor Browser [XXX].
+
+ [XXX]: http://tor.stackexchange.com/a/1450/88
+ [XXX]: http://tor.stackexchange.com/a/1453/88
+ [XXX]: http://tor.stackexchange.com/a/1440/88
+
+Roya saw that the check site and Atlas deliver different information about
+the exit node[XXX]. This seems to be a bug in TorDNSEL[XXX].
+
+ [XXX]: http://tor.stackexchange.com/q/1439/88
+ [XXX]: https://trac.torproject.org/projects/tor/ticket/10499
Upcoming events
---------------
===========================================================================
==== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2014/6 ====
===========================================================================
version 1
Author: lunar
Date: 2014-02-04T14:39:40+00:00
import template
---
+++ version 1
@@ -0,0 +1,84 @@
+''32nd issue of Tor Weekly News. Covering what's happening from February 4th, 2014 to February 11th, 2014. To be released on February 12th, 2014.''
+
+'''Editor:'''
+
+'''Subject:''' Tor Weekly News — February 12th, 2014
+
+{{{
+========================================================================
+Tor Weekly News February 12th, 2014
+========================================================================
+
+Welcome to the sixth issue of Tor Weekly News in 2014, the weekly
+newsletter that covers what is happening in the XXX Tor community.
+
+New Release of XXX
+------------------
+
+XXX: cite specific release date, numbers, and developers responsible
+
+XXX: details about release
+
+ [XXX]:
+
+Monthly status reports for XXX month 2014
+-----------------------------------------
+
+The wave of regular monthly reports from Tor project members for the
+month of XXX has begun. XXX released his report first [XXX], followed
+by reports from name 2 [XXX], name 3 [XXX], and name 4 [XXX].
+
+ [XXX]:
+ [XXX]:
+ [XXX]:
+ [XXX]:
+
+Miscellaneous news
+------------------
+
+Item 1 with cited source [XXX].
+
+Item 2 with cited source [XXX].
+
+Item 3 with cited source [XXX].
+
+ [XXX]:
+ [XXX]:
+ [XXX]:
+
+Tor help desk roundup
+---------------------
+
+Summary of some questions sent to the Tor help desk.
+
+Vulnerabilities
+---------------
+
+XXX: Reported vulnerabilities [XXX].
+
+ [XXX]: vulnerability report source
+
+Upcoming events
+---------------
+
+Jul XX-XX | Event XXX brief description
+ | Event City, Event Country
+ | Event website URL
+ |
+Jul XX-XX | Event XXX brief description
+ | Event City, Event Country
+ | Event website URL
+
+
+This issue of Tor Weekly News has been assembled by XXX, XXX, and
+XXX.
+
+Want to continue reading TWN? Please help us create this newsletter.
+We still need more volunteers to watch the Tor community and report
+important news. Please see the project page [XXX], write down your
+name and subscribe to the team mailing list [XXX] if you want to
+get involved!
+
+ [XXX]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
+ [XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
+}}}
--
Your friendly TWN monitoring script
In case of malfunction, please reach out for lunar at torproject.org
or for the worst cases, tell weasel at torproject.org to kill me.
More information about the news-team
mailing list