======================================================================== Tor Weekly News April 15th, 2015 ========================================================================
Welcome to the fifteenth issue in 2015 of Tor Weekly News, the weekly newsletter that covers what’s happening in the Tor community. Contents -------- 1. Tor Browser 4.0.8 is out 2. Hidden services that aren’t hidden 3. Tor Summer of Privacy — entry closing soon! 4. More monthly status reports for March 2015 5. Miscellaneous news 6. Upcoming events Tor Browser 4.0.8 is out ------------------------ Mike Perry announced [1] a new stable release by the Tor Browser team. This version is exactly the same as 4.0.7, which was briefly advertised to users last week but then withdrawn because a bug [2] would have caused it to endlessly recommend updating. This release includes Tor 0.2.5.12, which fixes the recent onion service [3] and client [4] crash bugs. There is no corresponding Tor Browser alpha update; that series will become the new stable release in a couple of weeks. Download your copy of Tor Browser 4.0.8 from the project page [5], or over the in-browser update system. [1]: https://blog.torproject.org/blog/tor-browser-408-released [2]: https://bugs.torproject.org/15637 [3]: https://bugs.torproject.org/15600 [4]: https://bugs.torproject.org/15601 [5]: https://www.torproject.org/projects/torbrowser.html Hidden services that aren’t hidden ---------------------------------- As the name implies, Tor hidden services (also known as “onion services”) are location-hidden and anonymous, just like regular Tor clients. There may be instances, however, in which a potential hidden service operator doesn’t much care about being hidden: they are more interested in the other unique properties of hidden services, like free end-to-end encryption and authentication, or they want to prevent their users from accidentally sending information non-anonymously. For example, even though everyone knows who Facebook are and where to find them, their users still have things to gain from using their .onion address [6]. At the moment, these kinds of services are still forced to use the regular hidden service protocol, meaning they connect to rendezvous points [7] over a Tor circuit. Hiding someone who doesn’t want to be hidden is an inefficient use of network resources, and needlessly slows down connections to the service in question, so Tor developers have been discussing the possibility of enabling “direct onion services”, which sacrifice anonymity for improved performance. George Kadianakis requested feedback on a draft [8] of a Tor proposal for this feature. One of the major questions still to be resolved is how to ensure that nobody enables this option by mistake, or fails to understand the implications for their service’s anonymity. Possible solutions include choosing a better name, making the configuration file option sound more ominous, or even requiring the operator to compile Tor themselves with a special flag. See George’s proposal for more use-cases and full details of the concept, and feel free to comment on the tor-dev list thread. [6]: https://blog.torproject.org/blog/facebook-hidden-services-and-https-certs [7]: https://www.torproject.org/docs/hidden-services [8]: https://lists.torproject.org/pipermail/tor-dev/2015-April/008625.html Tor Summer of Privacy — entry closing soon! ------------------------------------------- If you’d like to participate in the first-ever Tor Summer of Privacy [9], you still have the chance — but be quick, as the application period closes on Friday. Competition for places is already strong, so make it as easy as possible for your entry to be chosen: look at previous applications [10] for an idea of what Tor developers like to see, drum up interest from potential mentors on the tor-dev mailing list [11] or IRC channel [12], link to your best code samples, and show the community that you can take the initiative in moving your project forward. Good luck! [9]: https://trac.torproject.org/projects/tor/wiki/org/TorSoP [10]: https://www.torproject.org/about/gsoc#Example [11]: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev [12]: https://www.torproject.org/about/contact#irc More monthly status reports for March 2015 ------------------------------------------ A few more Tor developers submitted monthly reports for March: Isis Lovecruft [13] (for work on BridgeDB and pluggable transports), Arlo Breault [14] (reporting on Tor Messenger and Tor Check), Karsten Loesing [15] (for projects including hidden service statistics, translation coordination, and Tor network tools), and Colin C. [16] (for work on support, documentation, and localization). The Tails team published its March report [17]. Take a look for updates on development, funding, and outreach; summaries of ongoing discussions; Tails in the media; and much more besides. [13]: https://lists.torproject.org/pipermail/tor-reports/2015-April/000802.html [14]: https://lists.torproject.org/pipermail/tor-reports/2015-April/000803.html [15]: https://lists.torproject.org/pipermail/tor-reports/2015-April/000804.html [16]: https://lists.torproject.org/pipermail/tor-reports/2015-April/000805.html [17]: https://tails.boum.org/news/report_2015_03 Miscellaneous news ------------------ Nathan Freitas announced [18] the third release candidate for Orbot v15. This version supports the x86 processor architecture, so devices such as the Galaxy Tab 3 and the Asus Zenphone/Padphone are now officially Tor-compatible. See Nathan’s announcement for the full changelog. [18]: https://lists.mayfirst.org/pipermail/guardian-dev/2015-April/004316.html Giovanni Pellerano announced [19] GlobalLeaks 2.60.65, featuring lots of bugfixes, improved localization (including eight new languages), and more. [19]: https://lists.torproject.org/pipermail/tor-talk/2015-April/037457.html David Fifield located and fixed [20] a problem with meek’s Microsoft Azure backend that was causing it to run much more slowly than the other two options. “If you tried meek-azure before, but it was too slow, give it another try!” [20]: https://lists.torproject.org/pipermail/tor-dev/2015-April/008637.html Thanks to John Penner [21] for running a mirror of the Tor Project’s website and software! [21]: https://lists.torproject.org/pipermail/tor-mirrors/2015-April/000870.html Upcoming events --------------- Apr 15 13:30 UTC | little-t tor development meeting | #tor-dev, irc.oftc.net | Apr 16 - 18 | Roger @ 2015 German-American Frontiers of Engineering Symposium | Potsdam, Germany | http://www.naefrontiers.org/Symposia/GAFOE/21649/44840.aspx | Apr 20 18:00 UTC | Tor Browser online meeting | #tor-dev, irc.oftc.net | Apr 20 18:00 UTC | OONI development meeting | #ooni, irc.oftc.net | Apr 21 18:00 UTC | little-t tor patch workshop | #tor-dev, irc.oftc.net | Apr 24 | Roger @ CTIC Privacy Conference | University of Pennsylvania Law School | https://www.law.upenn.edu/newsevents/calendar.php#event_id/48977/view/event | Apr 29 02:00 UTC | Pluggable transports/bridges meeting | #tor-dev, irc.oftc.net | https://lists.torproject.org/pipermail/tor-dev/2015-April/008627.html | May 03 19:00 UTC | Tails contributors meeting | #tails-dev, irc.oftc.net | https://mailman.boum.org/pipermail/tails-project/2015-April/000187.html This issue of Tor Weekly News has been assembled by Harmony, the Tails team, and other contributors. Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page [22], write down your name and subscribe to the team mailing list [23] if you want to get involved! [22]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews [23]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
