[TWN team] Recent changes to the wiki pages
Lunar
lunar at torproject.org
Wed Sep 24 11:40:05 UTC 2014
===========================================================================
=== https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews/2014/38 ===
===========================================================================
version 42
Author: harmony
Date: 2014-09-24T10:53:24+00:00
numerize/wrap
--- version 41
+++ version 42
@@ -17,34 +17,34 @@
The EFF concludes its 2014 Tor Challenge
----------------------------------------
-As Tor Weekly News reported in June [XXX], over the last few months the
+As Tor Weekly News reported in June [1], over the last few months the
Electronic Frontier Foundation has been holding its second Tor Challenge
to improve the strength and diversity of the Tor network by inspiring
people to run Tor relays. The 2014 Challenge is now over, and Rainey
-Reitman of the EFF posted [XXX] some thoughts on the campaign and its
+Reitman of the EFF posted [2] some thoughts on the campaign and its
outcome.
-1635 Tor relays (including 326 exit relays) were started up or had
-their capacity increased as part of the 2014 Tor Challenge, compared to
-549 at the end of the last campaign in 2011. As Rainey wrote, this
-number “far exceeded our hopes”; the success can be attributed to a
-coordinated promotional effort by the EFF, the Free Software Foundation,
-the Freedom of the Press Foundation, and the Tor Project, as well as to
-“the 1,000 individuals who cared enough to help contribute bandwidth to
-the Tor network.” Thanks to everyone who participated!
+1635 Tor relays (including 326 exit relays) were started up or had their
+capacity increased as part of the 2014 Tor Challenge, compared to 549 at
+the end of the last campaign in 2011. As Rainey wrote, this number “far
+exceeded our hopes”; the success can be attributed to a coordinated
+promotional effort by the EFF, the Free Software Foundation, the Freedom
+of the Press Foundation, and the Tor Project, as well as to “the 1,000
+individuals who cared enough to help contribute bandwidth to the Tor
+network.” Thanks to everyone who participated!
It’s important to remember, though, that new relays only benefit Tor
users as long as they stay running. Advice and support from experienced
relay operators can always be found on the #tor IRC channel or the
-tor-relays mailing list [XXX]; if you missed out on the Tor Challenge
-this year but still want to contribute to a stronger, more stable Tor
-network, take a look at the Tor website [XXX] for advice on how to get
+tor-relays mailing list [3]; if you missed out on the Tor Challenge this
+year but still want to contribute to a stronger, more stable Tor
+network, take a look at the Tor website [4] for advice on how to get
started.
- [XXX]: https://lists.torproject.org/pipermail/tor-news/2014-June/000049.html
- [XXX]: https://www.eff.org/deeplinks/2014/09/tor-challenge-inspires-1635-tor-relays
- [XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
- [XXX]: https://www.torproject.org/docs/tor-doc-relay
+ [1]: https://lists.torproject.org/pipermail/tor-news/2014-June/000049.html
+ [2]: https://www.eff.org/deeplinks/2014/09/tor-challenge-inspires-1635-tor-relays
+ [3]: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
+ [4]: https://www.torproject.org/docs/tor-doc-relay
Guardiness and Tor’s directory authorities
------------------------------------------
@@ -52,7 +52,7 @@
When a Tor relay is first assigned the Guard flag by the directory
authorities (or “dirauths”) it sees a dip in the amount of traffic
passing through it, because Guard capacity is a scarce resource on the
-Tor network and, as Roger Dingledine explained last year [XXX], “all the
+Tor network and, as Roger Dingledine explained last year [5], “all the
rest of the clients back off from using you for their middle hops,
because when they see the Guard flag, they assume that you have plenty
of load already from clients using you as their first hop”, an
@@ -64,31 +64,31 @@
“Guardiness”, or GuardFraction, is a proposed measurement to let
dirauths, and therefore clients, work out how much of a relay’s capacity
is being used for first hops by clients, and how much for second and
-third hops, by finding the fraction of recent consensuses in which
-the relay has been given the Guard flag [XXX]; the “dead period”
-following the assignment of the flag can then be avoided. George
-Kadianakis published [XXX] an analysis of ways in which dirauths’ votes
-could be extended to include this guardiness measurement, taking into
-account the time and effort required to parse large numbers of Tor
-consensuses very quickly. The initial proposal was to ask dirauths to
-run a script each hour that would extract the data required for parsing
-into “summary files”: Sebastian Hahn asked [XXX] how this measure might
-fail in different situations, and Peter Palfrader suggested [XXX] that
-loading every consensus into a database for later querying might be more
+third hops, by finding the fraction of recent consensuses in which the
+relay has been given the Guard flag [6]; the “dead period” following the
+assignment of the flag can then be avoided. George Kadianakis
+published [7] an analysis of ways in which dirauths’ votes could be
+extended to include this guardiness measurement, taking into account the
+time and effort required to parse large numbers of Tor consensuses very
+quickly. The initial proposal was to ask dirauths to run a script each
+hour that would extract the data required for parsing into “summary
+files”: Sebastian Hahn asked [8] how this measure might fail in
+different situations, and Peter Palfrader suggested [9] that loading
+every consensus into a database for later querying might be more
efficient.
“This feature is by far the trickiest part of prop236 (guard node
security) and I wanted to inform all dirauths of our plan and ask for
feedback on the deployment procedure”, wrote George. If you have any
-comments to add to the discussion so far, please send them to the tor-dev
-mailing list [XXX].
-
- [XXX]: https://blog.torproject.org/blog/lifecycle-of-a-new-relay
- [XXX]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/236-single-guard-node.txt#l101
- [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-September/007489.html
- [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-September/007526.html
- [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-September/007490.html
- [XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
+comments to add to the discussion so far, please send them to the
+tor-dev mailing list [10].
+
+ [5]: https://blog.torproject.org/blog/lifecycle-of-a-new-relay
+ [6]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/236-single-guard-node.txt#l101
+ [7]: https://lists.torproject.org/pipermail/tor-dev/2014-September/007489.html
+ [8]: https://lists.torproject.org/pipermail/tor-dev/2014-September/007526.html
+ [9]: https://lists.torproject.org/pipermail/tor-dev/2014-September/007490.html
+ [10]: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Miscellaneous news
------------------
@@ -96,111 +96,113 @@
The Tails team wants to make sure that all the Debian packages on which
Tails relies are “in good shape” before Jessie, the next Debian release,
is frozen on 5th November. To that end, the team called for testing both
-of the software itself [XXX] and its translations [XXX] — if you’d like
-to help, find full instructions and links to the “barely-working”
+of the software itself [11] and its translations [12] — if you’d like to
+help, find full instructions and links to the “barely-working”
experimental disk images in the announcements.
- [XXX]: https://mailman.boum.org/pipermail/tails-testers/2014-September/000071.html
- [XXX]: https://mailman.boum.org/pipermail/tails-l10n/2014-September/001553.html
-
-meek [XXX], the pluggable transport that routes Tor traffic through
+ [11]: https://mailman.boum.org/pipermail/tails-testers/2014-September/000071.html
+ [12]: https://mailman.boum.org/pipermail/tails-l10n/2014-September/001553.html
+
+meek [13], the pluggable transport that routes Tor traffic through
platforms which are “too big to block”, now works with Microsoft Azure
in addition to the already-supported Google App Engine and Amazon Web
-Services. David Fifield posted the announcement [XXX], which contains
+Services. David Fifield posted the announcement [14], which contains
instructions for those who want to start using the new front domain.
- [XXX]: https://trac.torproject.org/projects/tor/wiki/doc/meek
- [XXX]: https://lists.torproject.org/pipermail/tor-dev/2014-September/007525.html
-
-Sebastian Hahn announced [XXX] that gabelmoo, the Tor directory
-authority which he administers, has moved to a new IP address. “You
-should not notice any kind of disturbance from this, and everything
-should continue to work as normal.”
-
- [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-September/034898.html
-
-Released in December 2013, the SafePlug is a $49 router that promises its
-users “complete security and anonymity” online by sending all of their
-traffic through Tor. Annie Edmundson from Princeton University released a
-summary [XXX] of research presented during FOCI’14 [XXX] in which the
-authors point out several security problems in the implementation of the
-SafePlug administration interface, and also highlight other structural
-issues. “The most crucial problem with a torifying proxy is that it
-uses a bring-your-own-browser system, as opposed to a hardened browser,
-and therefore is susceptible to browser-based privacy leaks. This is why
-it’s better to use the Tor Browser Bundle […]”, wrote Annie.
-
- [XXX]: https://freedom-to-tinker.com/blog/annee/security-audit-of-safeplug-tor-in-a-box/
- [XXX]: https://www.usenix.org/system/files/conference/foci14/foci14-edmundson.pdf
-
-The upcoming Tor Messenger is based on Instantbird [XXX]. One
-key feature that was identified as missing in the latter is support for
-Off-the-Record encryption [XXX]. After months of discussions and reviews
+ [13]: https://trac.torproject.org/projects/tor/wiki/doc/meek
+ [14]: https://lists.torproject.org/pipermail/tor-dev/2014-September/007525.html
+
+Sebastian Hahn announced [15] that gabelmoo, the Tor directory authority
+which he administers, has moved to a new IP address. “You should not
+notice any kind of disturbance from this, and everything should continue
+to work as normal.”
+
+ [15]: https://lists.torproject.org/pipermail/tor-talk/2014-September/034898.html
+
+Released in December 2013, the SafePlug is a $49 router that promises
+its users “complete security and anonymity” online by sending all of
+their traffic through Tor. Annie Edmundson from Princeton University
+released a summary [16] of research presented during FOCI’14 [17] in
+which the authors point out several security problems in the
+implementation of the SafePlug administration interface, and also
+highlight other structural issues. “The most crucial problem with a
+torifying proxy is that it uses a bring-your-own-browser system, as
+opposed to a hardened browser, and therefore is susceptible to
+browser-based privacy leaks. This is why it’s better to use the Tor
+Browser Bundle […]”, wrote Annie.
+
+ [16]: https://freedom-to-tinker.com/blog/annee/security-audit-of-safeplug-tor-in-a-box/
+ [17]: https://www.usenix.org/system/files/conference/foci14/foci14-edmundson.pdf
+
+The upcoming Tor Messenger is based on Instantbird [18]. One key feature
+that was identified as missing in the latter is support for
+Off-the-Record encryption [19]. After months of discussions and reviews
to determine the right programming interface, Arlo Breault got the
-necessary core modifications merged [XXX, XXX].
-
- [XXX]: http://instantbird.com/
- [XXX]: https://otr.cypherpunks.ca/
- [XXX]: https://hg.mozilla.org/comm-central/rev/e2c85d70fda2
- [XXX]: https://hg.mozilla.org/users/florian_queze.net/purple/rev/6550fcf407f0
-
-Roger Dingledine wrote up a walkthrough [XXX] of the controller events
+necessary core modifications merged [20, 21].
+
+ [18]: http://instantbird.com/
+ [19]: https://otr.cypherpunks.ca/
+ [20]: https://hg.mozilla.org/comm-central/rev/e2c85d70fda2
+ [21]: https://hg.mozilla.org/users/florian_queze.net/purple/rev/6550fcf407f0
+
+Roger Dingledine wrote up a walkthrough [22] of the controller events
you might see when accessing Tor hidden services. “In theory the
controller events should help you understand how far we got at reaching
a hidden service when the connection fails. In practice it’s a bit
-overwhelming” [XXX].
-
- [XXX]: https://trac.torproject.org/projects/tor/wiki/doc/TorControlPortWalkthrough-HS
- [XXX]: https://bugs.torproject.org/13206
+overwhelming” [23].
+
+ [22]: https://trac.torproject.org/projects/tor/wiki/doc/TorControlPortWalkthrough-HS
+ [23]: https://bugs.torproject.org/13206
In the first message posted to the recently-created onionoo-announce
-mailing list [XXX], Karsten Loesing explained [XXX] a minor improvement
+mailing list [24], Karsten Loesing explained [25] a minor improvement
that should allow Onionoo clients to determine when they need to be
upgraded to a new protocol version.
- [XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/onionoo-announce
- [XXX]: https://lists.torproject.org/pipermail/onionoo-announce/2014/000000.html
+ [24]: https://lists.torproject.org/cgi-bin/mailman/listinfo/onionoo-announce
+ [25]: https://lists.torproject.org/pipermail/onionoo-announce/2014/000000.html
Leiah, whose design work has featured on many of Tor’s company
-publications, posted [XXX] a mock-up of a possible new look for the Tor
+publications, posted [26] a mock-up of a possible new look for the Tor
blog.
- [XXX]: https://bugs.torproject.org/13117
-
-Patrick Schleizer announced [XXX] the release of version 9 of Whonix,
-the anonymous operating system based on Tor, Debian, and
+ [26]: https://bugs.torproject.org/13117
+
+Patrick Schleizer announced [27] the release of version 9 of Whonix, the
+anonymous operating system based on Tor, Debian, and
security-by-isolation.
- [XXX]: https://lists.torproject.org/pipermail/tor-talk/2014-September/034909.html
+ [27]: https://lists.torproject.org/pipermail/tor-talk/2014-September/034909.html
Tor help desk roundup
---------------------
-The help desk has been asked how to configure a VPN to prevent a website from
-learning that a user is using Tor. We consider positioning a VPN between one's
-exit node and the destination site to be totally unsafe, and not much more
-anonymous than using a VPN without Tor. By design, Tor allows the destination
-site to know that a visitor is using Tor [XXX]. The better solution is to
-email the website owner and ask them to stop blocking Tor. The longer term
-solution is that Tor needs someone willing to coordinate with websites to
-design engagement solutions that work for Tor users and for big websites [XXX].
-
- [XXX]: https://www.torproject.org/docs/faq.html.en#HideExits
- [XXX]: https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
+The help desk has been asked how to configure a VPN to prevent a website
+from learning that a user is using Tor. We consider positioning a VPN
+between one’s exit node and the destination site to be totally unsafe,
+and not much more anonymous than using a VPN without Tor. By design, Tor
+allows the destination site to know that a visitor is using Tor [28].
+The better solution is to email the website owner and ask them to stop
+blocking Tor. The longer-term solution is that Tor needs someone willing
+to coordinate with websites to design engagement solutions that work for
+Tor users and for big websites [29].
+
+ [28]: https://www.torproject.org/docs/faq.html.en#HideExits
+ [29]: https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
News from Tor StackExchange
---------------------------
-Jobiwan has a machine on their network which should act as a SOCKS proxy.
-When Tor Browser is configured to use this proxy, it complains that Tor
-is not working in this browser [XXX]. However, Jobiwan is able to visit
-hidden services with these settings, and wants to know why this message
-is printed and if it is safe to use Tor Browser this way. Do you know a
-good answer to this question? If so, please share your thoughts.
-
- [XXX]: https://tor.stackexchange.com/q/4173/88
-
-Andy Smith asks if slow relays are useful for the Tor network [XXX].
+Jobiwan has a machine on their network which should act as a SOCKS
+proxy. When Tor Browser is configured to use this proxy, it complains
+that Tor is not working in this browser [30]. However, Jobiwan is able
+to visit hidden services with these settings, and wants to know why this
+message is printed and if it is safe to use Tor Browser this way. Do you
+know a good answer to this question? If so, please share your thoughts.
+
+ [30]: https://tor.stackexchange.com/q/4173/88
+
+Andy Smith asks if slow relays are useful for the Tor network [31].
Roya suggests that a large number of slow relays is better than a small
number of fast relays, at least anonymity-wise, because this helps to
grow diversity in the network and makes it harder for an attacker to
@@ -208,7 +210,7 @@
that a slow relay does not provide much benefit for the network. They
recommend spending a few dollars more to rent a fast virtual server.
- [XXX]: https://tor.stackexchange.com/q/4050/88
+ [31]: https://tor.stackexchange.com/q/4050/88
Easy development tasks to get involved with
-------------------------------------------
@@ -218,17 +220,17 @@
“[scrubbed]”. However, this option does not cover hidden services
operated by the tor daemon. Extending this option involves scanning
through some code, but Nick says it could be some interesting code; if
-you're up to reading and patching some C code and then reading some
+you’re up to reading and patching some C code and then reading some
(hopefully scrubbed) logs, this ticket may be for you. Be sure to post
-your branch for review on the ticket [XXX].
-
- [XXX]: https://bugs.torproject.org/2743
+your branch for review on the ticket [32].
+
+ [32]: https://bugs.torproject.org/2743
Upcoming events
---------------
Sep 24 13:30 UTC | little-t tor development meeting
- | #tor-dev, irc.oftc.net
+ | #tor-dev, irc.oftc.net
|
Sep 24 16:00 UTC | Pluggable transport online meeting
| #tor-dev, irc.oftc.net
@@ -253,10 +255,10 @@
Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
-important news. Please see the project page [XXX], write down your
-name and subscribe to the team mailing list [XXX] if you want to
+important news. Please see the project page [33], write down your
+name and subscribe to the team mailing list [34] if you want to
get involved!
- [XXX]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
- [XXX]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
+ [33]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
+ [34]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
}}}
--
Your friendly TWN monitoring script
In case of malfunction, please reach out for lunar at torproject.org
or for the worst cases, tell weasel at torproject.org to kill me.
More information about the news-team
mailing list