[TWN team] Recent changes to the wiki pages

Lunar lunar at torproject.org
Tue Nov 4 21:00:09 UTC 2014 

===========================================================================
=== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2014/44 ===
===========================================================================

version 14
Author: harmony
Date:   2014-11-04T20:21:34+00:00

   clarify

--- version 13
+++ version 14
@@ -22,9 +22,8 @@
 conditions are handled better than in 0.2.5, pluggable transports have
 improved proxy support, and clients now use optimistic data for
 contacting hidden services.” Support for some very old compilers that do
-not understand the C99 programming standard, as well as systems without
-threading support and the Windows CE operating system, has also been
-dropped.
+not understand the C99 programming standard, systems without threading
+support, and the Windows CE operating system has also been dropped.
 
 “This is the first alpha release in a new series, so expect there to be
 bugs.” If you want to test it out, you can find the source code in the

version 13
Author: harmony
Date:   2014-11-04T20:15:53+00:00

   sound less resigned

--- version 12
+++ version 13
@@ -28,7 +28,7 @@
 
 “This is the first alpha release in a new series, so expect there to be
 bugs.” If you want to test it out, you can find the source code in the
-distribution directory [XXX], as usual.
+distribution directory [XXX].
 
  [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-October/035390.html
 

version 12
Author: harmony
Date:   2014-11-04T20:06:16+00:00

   facebook

--- version 11
+++ version 12
@@ -46,6 +46,71 @@
 
  [XXX]: https://blog.torproject.org/blog/tor-browser-401-released
  [XXX]: https://www.torproject.org/projects/torbrowser.html
+
+Facebook, hidden services, and HTTPS certificates
+-------------------------------------------------
+
+Facebook, one of the world’s most popular websites, surprised the
+Internet by becoming the most prominent group so far to set up a Tor
+hidden service [XXX]. Rather than connecting through an exit relay,
+Facebook users can now interact with the social network without their
+traffic leaving the Tor network at all until it reaches its destination.
+
+Soon after the service was announced, some in the Tor community
+expressed concern over the implications of its unusually memorable
+.onion address [XXX]. Had Facebook somehow mustered the computing power
+to brute-force hidden service keys at will? Alec Muffett, one of the
+lead engineers behind the project, clarified [XXX] that in fact “we just
+did the same thing as everyone else: generated a bunch of keys with a
+fixed lead prefix (‘facebook’) and then went fishing looking for good
+ones”, getting “tremendous lucky” in the process. Those concerned by how
+easy this seems, added Nick Mathewson [XXX], “might want to jump in on
+reviewing and improving proposal 224 [XXX], which includes a brand-new,
+even less usable, but far more secure, name format”.
+
+“Why would you want to use Facebook over Tor?” remains a
+frequently-asked (and -misunderstood) question, so Roger Dingledine took
+to the Tor blog [XXX] to address this and related issues. “The key point
+here is that anonymity isn’t just about hiding from your destination.
+There’s no reason to let your ISP know when or whether you’re visiting
+Facebook. There’s no reason for Facebook’s upstream ISP, or some agency
+that surveils the Internet, to learn when and whether you use Facebook.
+And if you do choose to tell Facebook something about you, there’s still
+no reason to let them automatically discover what city you’re in today
+while you do it.” Not only that, but Facebook is now taking advantage of
+the special security properties that hidden services afford, including
+strong authentication (letting users be confident that they are talking
+to the right server, and not to an impostor) and end-to-end encryption
+of their data.
+
+This last point generated some confusion, since Facebook have also
+acquired an HTTPS certificate for their hidden service, which might seem
+like an unnecessary belt-and-braces approach to security. This has been
+the subject of “feisty discussions” in the Internet security community,
+with many points for and against: on the one hand, users have been
+taught that “https is necessary and http is scary, so it makes sense
+that users want to see the string “https” in front of” URLs, while on
+the other, “by encouraging people to pay Digicert we’re reinforcing the
+certificate authority business model when maybe we should be continuing
+to demonstrate an alternative.”
+
+Please see Roger’s post for a fuller discussion of all these points and
+more, and feel free to contribute your own thoughts on the tor-talk
+mailing list [XXX]. If you experience problems with the service, please
+contact Facebook support rather than the Tor help desk; as Alec wrote
+in the announcement, “we expect the service to be of an evolutionary and
+slightly flaky nature”, as it is an “experiment” — hopefully an
+experiment that will, as Roger suggested, “help to continue opening
+people’s minds about why they might want to offer a hidden service, and
+help other people think of further novel uses for hidden services.”
+
+ [XXX]: https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237
+ [XXX]: https://facebookcorewwwi.onion
+ [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-October/035413.html
+ [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-October/035416.html
+ [XXX]: https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/224-rend-spec-ng.txt
+ [XXX]: https://blog.torproject.org/blog/facebook-hidden-services-and-https-certs
+ [XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
 
 Monthly status reports for October 2014
 ---------------------------------------
@@ -145,6 +210,5 @@
  * Graph of Tor users for every country https://lists.torproject.org/pipermail/tor-dev/2014-October/007697.html
  * GetTor development status https://lists.torproject.org/pipermail/tor-dev/2014-October/007700.html
  * MATor: A live-monitor for anonymity guarantees https://lists.torproject.org/pipermail/tor-dev/2014-October/007692.html
- * Facebook, hidden services, and https certs https://blog.torproject.org/blog/facebook-hidden-services-and-https-certs
  * PT meeting weds https://lists.torproject.org/pipermail/tor-dev/2014-November/007713.html
  * Patch meeting thurs https://lists.torproject.org/pipermail/tor-dev/2014-November/007714.html



-- 
Your friendly TWN monitoring script

      In case of malfunction, please reach out for lunar at torproject.org
          or for the worst cases, tell weasel at torproject.org to kill me.

More information about the news-team mailing list