[TWN team] Recent changes to the wiki pages

Mon Jun 16 21:20:11 UTC 2014

===========================================================================
=== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2014/24 ===
===========================================================================

version 30
Author: lunar
Date:   2014-06-16T20:34:30+00:00

   write about txtorcon

--- version 29
+++ version 30
@@ -138,6 +138,15 @@
 
  [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-June/033229.html
  [XXX]: https://people.torproject.org/~dcf/pt-bundle/3.6.2-meek-1/
+
+meejah announced [XXX] a new release of txtorcon — a Twisted-based
+asynchronous Tor control protocol implementation. Version 0.10.0 adds 
+support for Twisted's endpoint strings. meejah explains: “this means that
+ANY Twisted program that uses endpoints can accept ‘onion:’ strings to
+bring up a hidden services easily […]. Typically, no code changes to
+the application should be needed […].”
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-June/007006.html
 
 The Tails team reported [XXX] progress on code, documentation, infrastructure, discussions,
 funding, and outreach matters for May. The report also mentions Tails’ position regarding
@@ -242,5 +251,3 @@
 }}}
 
 Possible items:
-
- * txtorcon 0.10.0 https://lists.torproject.org/pipermail/tor-dev/2014-June/007006.html

version 29
Author: lunar
Date:   2014-06-16T20:25:10+00:00

   more trimming

--- version 28
+++ version 29
@@ -69,11 +69,6 @@
 while “the other is secure in the covert adversary setting in that
 misbehaving servers can be identified” but more computationally
 expensive.
-
-Section 4.2.1 gives a possible extension to create per-country access
-statitics of censored websites. The scheme might also be extensible to
-collect data like network load or circuit latency, but how to run more
-than one query on the database is left as future work.
 
 Tariq mentions that implementations of the two variants of PrivEx
 described in the tech report have been created and should soon be

version 28
Author: lunar
Date:   2014-06-16T20:15:14+00:00

   trim down privex

--- version 27
+++ version 28
@@ -37,31 +37,10 @@
 cases in a way that does not endanger its users is far from being a
 trivial problem.
 
-In the paper named Enforced Community Standards for Research on Users of
-the Tor Anonymity Network [XXX], published at the 2nd Workshop on Ethics
-in Computer Security Research in 2011, Christopher Soghoian accounted
-the following story: “In 2008, McCoy et al. published the results of a
-study, which sought to determine the kind of traffic flowing over the
-Tor anonymity network.  In order to gather this data, the researchers
-setup a Tor exit node server […].  During a four day period in December
-2007, the researchers logged and stored the first 150 bytes of each
-network packet that went through their server their network. […] The
-researchers did not receive a warm welcome after presenting their work
-at the Privacy Enhancing Technologies Symposium. Several outspoken
-members of the academic privacy community were in the audience, as well
-as core developers of the Tor project, many of whom reacted harshly to
-the news that the researchers had monitored traffic on the network. As
-one example, when questioned by an audience member after the
-presentation, the researchers admitted that they had retained a copy of
-the logged Tor traffic, and further, that it was not held on an
-encrypted storage device. This disclosure was met with boos from the
-audience, even after the researchers stressed that the data was kept in
-a ‘secure’ location.”
-
-Preventing such inconsiderate spying on Tor network users is one of the
-motivation for the Tor Project to provide and research properly
-anonymized statistics through the Metrics [XXX] and CollecTor [XXX]
-portals.
+There has been some cases of inconsiderate spying of Tor network users
+in the past [XXX]. This is one of the motivation for the Tor Project to
+provide and research properly anonymized statistics through the
+Metrics [XXX] and CollecTor [XXX] portals.
 
 Tariq Elahi, George Danezis, and Ian Goldberg are working on new
 solutions to tackle the problem of collecting statistics from Tor exits

version 27
Author: lunar
Date:   2014-06-16T20:10:12+00:00

   add missing link

--- version 26
+++ version 27
@@ -187,6 +187,7 @@
 from certain countries [XXX].
 
  [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000563.html
+ [XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
  [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-June/033254.html
  [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-June/033255.html
 

version 26
Author: harmony
Date:   2014-06-16T20:07:56+00:00

   write more misc

--- version 25
+++ version 26
@@ -171,6 +171,15 @@
 
  [XXX]: https://tails.boum.org/news/report_2014_05/
 
+Following up on his earlier promise [XXX], Karsten Loesing shut
+down [XXX] the Tor Metrics portal’s relay-search service, and in doing so
+reduced the size of the metrics database from 95 gigabytes to a mere 3.
+“If the metrics website shows you funny numbers in the next couple of days,
+please let me know”, wrote Karsten.
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2013-December/005948.html
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-June/007007.html
+
 Andrew Lewman reported [XXX] on his activities for May. Sebastian G. subsequently
 opened two discussions on the tor-talk mailing list [XXX]: one regarding the
 challenges of integrating Tor into millions of products [XXX] and another on
@@ -189,6 +198,21 @@
  [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006988.html
  [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000562.html
  [XXX]: https://lists.eff.org/pipermail/https-everywhere/2014-June/002128.html
+
+The Tails developers suggested [XXX] that Tails translation teams using
+git, rather than the online Transifex platform, should begin signing
+their email pull requests with OpenPGP keys, to ensure that the process
+is not open to exploitation.
+
+ [XXX]: https://mailman.boum.org/pipermail/tails-l10n/2014-June/001293.html
+
+Drupal.org, the main website for the development community around the
+free and open-source web platform Drupal, subscribes to a blacklist that
+includes Tor exit nodes, making it difficult for Tor users to interact
+with the site. AohRveTPV explained the problem [XXX], and asked for “ideas
+on how to actually achieve better Drupal.org support for Tor users”.
+
+ [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-June/033250.html
 
 Tor help desk roundup
 ---------------------
@@ -244,7 +268,4 @@
 
 Possible items:
 
- * Signed pull requests for Tails translators? https://mailman.boum.org/pipermail/tails-l10n/2014-June/001292.html
- * Drupal.org Tor support https://lists.torproject.org/pipermail/tor-talk/2014-June/033250.html
- * txtorcon 0.10.0 https://lists.torproject.org/pipermail/tor-dev/2014-June/007006.html
- * Relay-search service shut down https://lists.torproject.org/pipermail/tor-dev/2014-June/007007.html
+ * txtorcon 0.10.0 https://lists.torproject.org/pipermail/tor-dev/2014-June/007006.html

version 25
Author: lunar
Date:   2014-06-16T20:03:41+00:00

   write about privex

--- version 24
+++ version 25
@@ -27,6 +27,100 @@
  [XXX]: https://tails.boum.org/news/version_1.0.1/
  [XXX]: https://mailman.boum.org/pipermail/tails-dev/2014-May/005917.html
  [XXX]: https://tails.boum.org/security/Numerous_security_holes_in_1.0/index
+
+Collecting statistics from Tor exits in a privacy-sensitive manner
+------------------------------------------------------------------
+
+Optimizing the Tor network to better support the most common use cases
+could make a real difference in its perceived usability. Unfortunately,
+Tor is an anonymity network. Understanding what are the most common use
+cases in a way that does not endanger its users is far from being a
+trivial problem.
+
+In the paper named Enforced Community Standards for Research on Users of
+the Tor Anonymity Network [XXX], published at the 2nd Workshop on Ethics
+in Computer Security Research in 2011, Christopher Soghoian accounted
+the following story: “In 2008, McCoy et al. published the results of a
+study, which sought to determine the kind of traffic flowing over the
+Tor anonymity network.  In order to gather this data, the researchers
+setup a Tor exit node server […].  During a four day period in December
+2007, the researchers logged and stored the first 150 bytes of each
+network packet that went through their server their network. […] The
+researchers did not receive a warm welcome after presenting their work
+at the Privacy Enhancing Technologies Symposium. Several outspoken
+members of the academic privacy community were in the audience, as well
+as core developers of the Tor project, many of whom reacted harshly to
+the news that the researchers had monitored traffic on the network. As
+one example, when questioned by an audience member after the
+presentation, the researchers admitted that they had retained a copy of
+the logged Tor traffic, and further, that it was not held on an
+encrypted storage device. This disclosure was met with boos from the
+audience, even after the researchers stressed that the data was kept in
+a ‘secure’ location.”
+
+Preventing such inconsiderate spying on Tor network users is one of the
+motivation for the Tor Project to provide and research properly
+anonymized statistics through the Metrics [XXX] and CollecTor [XXX]
+portals.
+
+Tariq Elahi, George Danezis, and Ian Goldberg are working on new
+solutions to tackle the problem of collecting statistics from Tor exits
+in a privacy-sensitive manner. Tariq announced [XXX] the PrivEx system
+which “preserves the security and privacy properties of anonymous
+communication networks, even in the face of adversaries that can
+compromise data collection nodes or coerce operators to reveal
+cryptographic secrets and keys”.
+
+The introduction of the detailed tech [XXX] report gives a general description
+of the solution: “PrivEx collects aggregated statistics to provide
+insights about user behaviour trends by recording aggregate usage of the
+anonymity network. To further reduce the risk of inadvertent
+disclosures, it collects only information about destinations that appear
+in a list of known censored websites. The aggregate statistics are
+themselves collected and collated in a privacy-friendly manner using
+secure multiparty computation primitives, enhanced and tuned to resist a
+variety of compulsion attacks and compromises. Finally, the granularity
+of the statistics is reduced […] to foil correlation attacks.”
+
+PrivEx threat model is described in section 3 and matches the current
+mode of operation of the Tor network, relying on a set of mostly honest
+collectors while being able to cope with a limited amount of malicious
+nodes. Two variants are described: one “is secure in the
+honest-but-curious setting but can be disrupted by a misbehaving actor”
+while “the other is secure in the covert adversary setting in that
+misbehaving servers can be identified” but more computationally
+expensive.
+
+Section 4.2.1 gives a possible extension to create per-country access
+statitics of censored websites. The scheme might also be extensible to
+collect data like network load or circuit latency, but how to run more
+than one query on the database is left as future work.
+
+Tariq mentions that implementations of the two variants of PrivEx
+described in the tech report have been created and should soon be
+released to the community. The researchers expect to “start by rolling
+out our own PrivEx-enabled exits in the Tor network and begin collecting
+destination visit statistics” around the “June-August timeframe”. The
+section 6 contains an analysis of the overhead in both CPU and bandwidth
+of the two PrivEx variants and the requirements seem reasonable.
+
+Given how privacy matters to the Tor community and all network users,
+the researchers wants “a measure of confidence that collecting data with
+PrivEx is inherently good and is being done in a responsible and
+intelligent manner”. They are therefore asking the “community at large”
+to review the design of the proposal and its implementation once
+released.
+
+If no fundamental flaws is discovered in the process, the Tor community
+might finally be able to enjoy better network statistics in a mid-term
+future.
+
+ [XXX]: http://www.ifca.ai/pub/fc11/wecsr11/soghoian.pdf
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006999.html
+ [XXX]: https://metrics.torproject.org/
+ [XXX]: https://collector.torproject.org/
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006999.html
+ [XXX]: http://cacr.uwaterloo.ca/techreports/2014/cacr2014-08.pdf
 
 Upcoming developments in pluggable transports
 ---------------------------------------------
@@ -150,7 +244,6 @@
 
 Possible items:
 
- * PrivEX - Privacy https://lists.torproject.org/pipermail/tor-dev/2014-June/006999.html
  * Signed pull requests for Tails translators? https://mailman.boum.org/pipermail/tails-l10n/2014-June/001292.html
  * Drupal.org Tor support https://lists.torproject.org/pipermail/tor-talk/2014-June/033250.html
  * txtorcon 0.10.0 https://lists.torproject.org/pipermail/tor-dev/2014-June/007006.html

version 24
Author: harmony
Date:   2014-06-16T19:44:12+00:00

   some language/link fixes

--- version 23
+++ version 24
@@ -26,31 +26,32 @@
 
  [XXX]: https://tails.boum.org/news/version_1.0.1/
  [XXX]: https://mailman.boum.org/pipermail/tails-dev/2014-May/005917.html
- [XXX]: https://tails.boum.org/security/Numerous_security_holes_in_1.0/index.en.html
+ [XXX]: https://tails.boum.org/security/Numerous_security_holes_in_1.0/index
 
-Upcoming pluggable transports developments
-------------------------------------------
+Upcoming developments in pluggable transports
+---------------------------------------------
 
-In a new blog post [XXX], George Kadianakis gave some news on recent
-pluggable transports [XXX] developments. Some like the release of
+In a new blog post [XXX], George Kadianakis reported on some recent
+pluggable transports [XXX] developments. Some — like the release of
 Tor Browser 3.6 [XXX], the deprecation of obfs2 [XXX], the new meek
-transort [XXX], or the recent “Childs Garden Of Pluggable
-Transports” [XXX] should already be known to Tor Weekly News' readers.
+transport [XXX], or the recently-written “Childs Garden Of Pluggable
+Transports” guide [XXX] should already be known to regular readers of
+Tor Weekly News.
 
-It was previously impossible to use pluggable transports simultaneously
-with an HTTP or SOCKS proxy. The release of Tor Browser 3.6.2 [XXX]
-is the first to include the work of Yawning Angel which solved this
+It was previously impossible to use pluggable transports at the same
+time as an HTTP or SOCKS proxy. The release of Tor Browser 3.6.2 [XXX]
+is the first to include work by Yawning Angel which solves this
 deficiency.
 
-ScrambleSuit, released last Winter, has however not been included in
-Tor Browser yet. The pluggable transport team is considering skipping
-its actual deployement to prefer a new protocol, dubbed “obfs4” [XXX],
+However, ScrambleSuit, released last winter, has not yet been included in
+Tor Browser. The pluggable transport team is considering skipping
+its deployment in favor of a new protocol, dubbed “obfs4” [XXX],
 which is “like ScrambleSuit (with regards to features and threat model),
-but it's faster and autofixes some of the open issues”.
+but it’s faster and autofixes some of the open issues”.
 
-George also mentions that enabling pluggable transport to work over IPv6
-is on the team's radar. As advanced deep packet inspection on IPv6 is
-less common, it should buy some more time to users in censored network.
+George also mentions that enabling pluggable transports to work over IPv6
+is on the team’s radar. As advanced deep packet inspection (DPI) on IPv6 is
+less common, it should buy some more time for users on censored networks.
 
  [XXX]: https://blog.torproject.org/blog/recent-and-upcoming-developments-pluggable-transports
  [XXX]: https://www.torproject.org/docs/pluggable-transports.html
@@ -64,34 +65,34 @@
 Miscellaneous news
 ------------------
 
-David Fifield updated [XXX] the experimental Tor Browser builds including the meek
+David Fifield updated [XXX] the experimental Tor Browser builds that include the meek
 pluggable transport [XXX]. The new packages are based on Tor Browser version 3.6.2.
 
  [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-June/033229.html
  [XXX]: https://people.torproject.org/~dcf/pt-bundle/3.6.2-meek-1/
 
 The Tails team reported [XXX] progress on code, documentation, infrastructure, discussions,
-funding, and outreach matters for May. The report also mentions Tails position regarding
-TrueCrypt discontinuation.
+funding, and outreach matters for May. The report also mentions Tails’ position regarding
+the discontinuation of TrueCrypt.
 
  [XXX]: https://tails.boum.org/news/report_2014_05/
 
-Andrew Lewman reported [XXX] on his activities for May. Sebastian G. subsquently
-opened two discussions on the tor-talk mailing list [XXX]. One regarding the
+Andrew Lewman reported [XXX] on his activities for May. Sebastian G. subsequently
+opened two discussions on the tor-talk mailing list [XXX]: one regarding the
 challenges of integrating Tor into millions of products [XXX] and another on
-how US legislation was preventing the Tor Project, Inc. to receive donations
+how US legislation is preventing the Tor Project, Inc. from receiving donations
 from certain countries [XXX].
 
  [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000563.html
  [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-June/033254.html
  [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-June/033255.html
 
-Several GSoC student reported on the progress of their project: Kostas
+Several GSoC students reported on the progress of their projects: Kostas
 Jakeliunas on the BridgeDB Twitter distributor [XXX], Juha Nurmi for
 ahmia.fi [XXX], and Zack Mullaly on the HTTPS Everywhere secure ruleset update
 mechanism [XXX].
 
- [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006988.htmIl
+ [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006988.html
  [XXX]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000562.html
  [XXX]: https://lists.eff.org/pipermail/https-everywhere/2014-June/002128.html
 



-- 
Your friendly TWN monitoring script

      In case of malfunction, please reach out for lunar at torproject.org
          or for the worst cases, tell weasel at torproject.org to kill me.
