[tor-reports] George's status report: October 2015
George Kadianakis
desnacked at riseup.net
Sat Nov 14 16:15:58 UTC 2015
# Activities of October 2015
- We did considerable progress on the implementation of the global shared
randomness project (proposal 250). The code can now perform the whole protocol
successfuly. Next steps are to improve the code, seek and destroy bugs,
improve test coverage, etc:
https://trac.torproject.org/projects/tor/ticket/16943
We also further refined proposal 250 itself:
https://lists.torproject.org/pipermail/tor-dev/2015-October/009812.html
- Wrote a small document on the status of the various open hidden service
proposals. The goal here is to make it easier for developers and security
researchers to get up to date with the current state of hidden services:
https://lists.torproject.org/pipermail/tor-dev/2015-October/009762.html
- On the topic of hidden service statistics, I helped perform another security
and privacy evaluation of the two existing stats to ensure that the
obfuscatory noise we are adding is indeed completely covering the tracks of
individual users. This is part of the ongoing discussion in ticket:
https://trac.torproject.org/projects/tor/ticket/15254
We performed the evaluation by extracting all the hidden service statistics
values that were reported by relays over the month of September. Then we
manually inspected them to see that the noise we are adding is significantly
affecting the reports of relays. A more detailed analysis can be found here:
https://trac.torproject.org/projects/tor/ticket/15254#comment:33
More independent research should be done here!
- Provided some feedback on the various hidden service performance proposals:
https://lists.torproject.org/pipermail/tor-dev/2015-October/009761.html
https://lists.torproject.org/pipermail/tor-dev/2015-October/009760.html
Also provided feedback to the guard node security improvements that isis has
proposed: https://lists.torproject.org/pipermail/tor-dev/2015-October/009831.html
- Tor bug bounties are moving forward! I helped compile a list of $$$ rewards
for little-t-tor security bounties. This might happen soon people!
- Wrote a post about providing higher levels of presence privacy in Ricochet:
https://moderncrypto.org/mail-archive/messaging/2015/001919.html
# Activities for November 2015
- More work will be done on proposal 250. We can simplify the protocol further
and improve the readability of the proposal. Also more tests need to be
written and edge cases should be enumerated and exterminated.
- It seems like we will be able to throw some more engineering power to the
implemention of proposal 224, the next generation hidden services project. We
should probably revisit our implementation plan and see how more people can be
useful and how we can do things in a more structured way.
- Planning to look further into recently suggested guard node security
improvements and the simulator code that is being written by Nick and isis.
I also need to look at Mike's updates to proposal 247:
https://lists.torproject.org/pipermail/tor-dev/2015-November/009899.html
- Help Tim and Alec with their Rendezvous Single Onion Services implementation:
https://trac.torproject.org/projects/tor/ticket/17178
- Planning to start doing a hidden services patch workshop IRC meetup, similar
to the one that Nick is doing for general little-t-tor.
More information about the tor-reports
mailing list