[TWN team] Recent changes to the wiki pages
Lunar
lunar at torproject.org
Tue Feb 11 00:00:08 UTC 2014
===========================================================================
==== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2014/6 ====
===========================================================================
version 35
Author: lunar
Date: 2014-02-10T23:14:41+00:00
misc
--- version 34
+++ version 35
@@ -10,7 +10,7 @@
========================================================================
Welcome to the sixth issue of Tor Weekly News in 2014, the weekly
-newsletter that covers what is happening in the XXX Tor community.
+newsletter that covers what is happening in the Tor community.
Tails 0.22.1 is out
-------------------
@@ -200,6 +200,7 @@
This issue of Tor Weekly News has been assembled by XXX, Matt Pagan, and
XXX.
+
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [XXX], write down your
version 34
Author: lunar
Date: 2014-02-10T23:13:53+00:00
write about experimental flashproxy bundles
--- version 33
+++ version 34
@@ -132,6 +132,14 @@
activities open to the larger Tor community.
[XXX]: https://trac.torproject.org/projects/tor/wiki/org/meetings/2014WinterDevMeeting
+
+David Fifield is looking for testers [XXX] for experimental 3.5.2 bundles with
+tor-fw-helper. “tor-fw-helper is a tool that uses UPnP or NAT-PMP to forward a port
+automatically.” Something that flashproxy [XXX] requires. David is “interested in
+finding out how likely it is to work”.
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-qa/2014-February/000324.html
+ [XXX]: https://crypto.stanford.edu/flashproxy/
David Goulet gave us an update on the development of Torsocks 2.x [XXX]. He hopes
to perform a “full on release” after the Tor developers meeting.
@@ -204,4 +212,3 @@
Possible items:
- * Experimental 3.5.2 bundles with tor-fw-helper https://lists.torproject.org/pipermail/tor-qa/2014-February/000324.html
version 33
Author: lunar
Date: 2014-02-10T23:08:14+00:00
reword the help desk roundup
--- version 32
+++ version 33
@@ -158,21 +158,19 @@
Tor help desk roundup
---------------------
-Users sometimes want to know if there are any legal risks to running
-a non-exit relay. Running a bridge relay or a non-exit relay is the
-best way to grow the Tor network without exposing oneself to additional
-legal scrutiny. Those who wish to run an exit relay should read some
-of our published resources for exit relay operators[XXX][XXX]. Exit
-relay operators will often need to be prepared to respond to abuse
-complaints, whereas non-exit and bridge relay operators will not.
-
-Users continue to express interest in a Windows 64-bit
-Tor Browser Bundle. The status of that project can be
-followed in this ticket[XXX].
+Tor supporters can be curious about the legal risks involved in running
+a Tor relay. The Tor Project is not aware of any country where running
+Tor is reprehensible. Running a bridge relay or a non-exit relay is the
+best way to grow the Tor network without being exposed to additional
+legal scrutiny. Running an exit relay should be decided only after carefully
+reviewing the best practices [XXX]. Unlike non-exit and bridge operators, exit
+relay operators need to be prepared to respond to abuse complaints.
+
+Users continue to express interest in a Windows 64-bit Tor Browser Bundle.
+Work to provide this new variant is on-going [XXX].
[XXX]: https://blog.torproject.org/running-exit-node
- [XXX]: http://blog.torproject.org/blog/five-years-exit-node-operator
- [XXX]: https://trac.torproject.org/projects/tor/ticket/10026
+ [XXX]: https://bugs.torproject.org/10026
Upcoming events
---------------
version 32
Author: lunar
Date: 2014-02-10T22:52:52+00:00
write about SKKU43
--- version 31
+++ version 32
@@ -145,6 +145,15 @@
[XXX]: https://lists.torproject.org/pipermail/tor-relays/2014-February/003865.html
[XXX]: http://datarepo.cs.illinois.edu/relay_scoreboard.html
+
+One relay started to act funny regarding its advertised bandwidth. Roger Dingledine
+quickly reported his worries [XXX] to the tor-talk mailing list.
+A couple of hours later Hyoung-Kee Choi reported that one of the student from
+his research group had made a mistake while experimenting on the Tor bandwidth
+scanner. Directory authorities are now restricting its usage in the consensus.
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-February/032094.html
+ [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-February/032096.html
Tor help desk roundup
---------------------
@@ -197,5 +206,4 @@
Possible items:
- * relay gone wild https://lists.torproject.org/pipermail/tor-talk/2014-February/032096.html
* Experimental 3.5.2 bundles with tor-fw-helper https://lists.torproject.org/pipermail/tor-qa/2014-February/000324.html
version 31
Author: lunar
Date: 2014-02-10T22:39:45+00:00
write about TBB 3.5.2
--- version 30
+++ version 31
@@ -45,6 +45,23 @@
[XXX]: https://tails.boum.org/news/version_0.22.1/
[XXX]: https://tails.boum.org/security/Numerous_security_holes_in_0.22/
[XXX]: https://tails.boum.org/doc/first_steps/upgrade/
+
+Tor Browser Bundle 3.5.2 is released
+------------------------------------
+
+The Tor Browser team delivers a new Tor Browser Bundle [XXX]. Version
+3.5.2 brings Tor users important security fixes from Firefox [XXX] and
+contains fixes to the “new identity” feature, window size rounding, and
+the welcome screen with right-to-left language, among others.
+
+The curious can take a pick at the changelog [XXX] for more details.
+Every Tor users is encouraged to upgrade as soon possible. Jump to the
+download page [XXX]!
+
+ [XXX]: https://blog.torproject.org/blog/tor-browser-352-released
+ [XXX]: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox24.3
+ [XXX]: https://gitweb.torproject.org/builders/tor-browser-bundle.git/blob/refs/heads/master:/Bundle-Data/Docs/ChangeLog.txt
+ [XXX]: https://www.torproject.org/download/download-easy.html
Call to bridge operators to deploy ScrambleSuit
-----------------------------------------------
@@ -182,4 +199,3 @@
* relay gone wild https://lists.torproject.org/pipermail/tor-talk/2014-February/032096.html
* Experimental 3.5.2 bundles with tor-fw-helper https://lists.torproject.org/pipermail/tor-qa/2014-February/000324.html
- * TBB 3.5.2 https://blog.torproject.org/blog/tor-browser-352-released
version 30
Author: lunar
Date: 2014-02-10T22:16:28+00:00
write more about scramblesuit
--- version 29
+++ version 30
@@ -46,20 +46,44 @@
[XXX]: https://tails.boum.org/security/Numerous_security_holes_in_0.22/
[XXX]: https://tails.boum.org/doc/first_steps/upgrade/
+Call to bridge operators to deploy ScrambleSuit
+-----------------------------------------------
-Call to Bridge operators to use ScrambleSuit
---------------------------------------------
+In the beginning there was Tor. Then censors started to filter every
+known relay address. So bridges [XXX] were invented as a way to access
+the Tor network through unlisted relays. Then DPI systems started to
+filter Tor based on its traffic signature. So pluggable transports were
+designed [XXX] and obfsucation protocols to prevent bridges detection.
-With the recent integration of ScrambleSuit [XXX] into obfsproxy as a
-pluggable transport, bridge operators are called [XXX] to update to
-obfsproxy 0.2.6 and replace obfs2 with ScrambleSuit. ScrambleSuit helps
-protect against deep packet inspection, flow analysis and active probing
-attacks [XXX].
+Currently, obfsuscation is achieved through “obfs2” and “obfs3”. obfs2
+is being phased out as it is flawed and can be recognized by deep packet
+inspection. obfs3 is unfortunately still vulnerable to active attackers.
+As an obfs3 bridge is open to anyone, an attacker looking at an
+unclassified connection can figure out if it's Tor simply by trying to
+connect to its ends.
+ScrambleSuit [XXX] comes to the rescue. On top of making the traffic
+undistinguishable, it requires sharing a secret between the bridge and
+the client. A censor looking at the connection would not have this
+secret, therefore unable to connect to the bridge.
+
+obfsproxy 0.2.6 was released last week [XXX] and adds ScrambleSuit
+to the set of available pluggable transports. Bridge operators are
+now called [XXX] to update their software and configuration. At least
+Tor 0.2.5.1-alpha is required. The latest version of obfsproxy can be
+installed from source [XXX], pip [XXX] and Debian unstable [XXX].
+
+It is very important to get enough bridges ready before offering
+ScrambleSuit to Tor users who need it. Please help!
+
+ [XXX]: https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/125-bridges.txt
+ [XXX]: https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/180-pluggable-transport.txt
[XXX]: http://www.cs.kau.se/philwint/scramblesuit/
+ [XXX]: https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/commit/a3b43d475c4172355e787de1d6761d6d1fc2cae6
[XXX]: https://lists.torproject.org/pipermail/tor-relays/2014-February/003886.html
- [XXX]: http://www.cs.kau.se/philwint/pdf/wpes2013.pdf
-
+ [XXX]: https://gitweb.torproject.org/pluggable-transports/obfsproxy.git
+ [XXX]: https://pypi.python.org/pypi/obfsproxy
+ [XXX]: https://lists.torproject.org/pipermail/tor-relays/2014-February/003894.html
More status status reports for January 2014
-------------------------------------------
@@ -158,4 +182,4 @@
* relay gone wild https://lists.torproject.org/pipermail/tor-talk/2014-February/032096.html
* Experimental 3.5.2 bundles with tor-fw-helper https://lists.torproject.org/pipermail/tor-qa/2014-February/000324.html
- * TBB 3.5.2 https://blog.torproject.org/blog/tor-browser-352-released+ * TBB 3.5.2 https://blog.torproject.org/blog/tor-browser-352-released
--
Your friendly TWN monitoring script
In case of malfunction, please reach out for lunar at torproject.org
or for the worst cases, tell weasel at torproject.org to kill me.
More information about the news-team
mailing list