Tor Weekly NewsOctober 2nd, 2013
Welcome to the fourteenth issue of Tor Weekly News, the weekly
newsletter that covers what’s happening in the much-discussed Tor
community.
Tor Browser Bundle 3.0alpha4 released
-
On September 28th, Mike Perry released the fourth alpha of the new Tor
Browser Bundle 3.0 series [1]. The main highlights of this series are
the important usability improvements that integrate Tor configuration
and control into the browser itself, rather than relying on the
unmaintained Vidalia interface.
The latest iteration is based on Firefox 10.0.9esr, which brings with it
a lot of important security fixes. It also fixes a fingerprinting issue
by randomizing the timestamp sent when establishing an HTTPS connection.
Two small but important usability improvements in the new Tor Launcher
component were made: users can now directly copy and paste “bridge”
lines from the bridge database [2], while clock-skews that would prevent
Tor from functioning properly are now reported to users.
Download your copy, test it, and report any problems you find. If you're
feeling adventurous, you can also try out the crucial new security
process by independently reproducing the binaries from the
publicly-reviewable source code [3].
[1] https://blog.torproject.org/blog/tor-browser-bundle-30alpha4-released
[2] https://bridges.torproject.org/
[3]
https://gitweb.torproject.org/builders/tor-browser-bundle.git/blob/HEAD:/gitian/README.build
Tor mini-hackathon at GNU 30th anniversary
--
The Tor mini-hackathon at the GNU 30th anniversary event [4] took place
over the weekend, and Nick Mathewson sent out a brief report [5] on how
things went. As well as working on proposal 220, which involves
improvements to Tor server identity keys, Nick merged some small patches
into the Tor mainline branch, and collected promises of several more to
come. He also directed a few enquiring minds towards Tor's online
community, saying “I hope we’ll be seeing more of some of the folks I
talked to on our mailing lists and IRC channels soon”.
[4]
https://lists.torproject.org/pipermail/tor-talk/2013-September/030238.html
[5] https://www.gnu.org/gnu30/
Tor Stack Exchange page in private beta
---
The Tor Stack Exchange page [6], which reached 100% commitment last
week [7], has now been moved into the ‘private beta’ stage. Runa Sandvik
clarified that “the purpose behind it is to ensure that users who
committed to the site’s proposal have a chance to start asking and
answering questions, as well as help with the initial community building
activities that will define and shape the site” [8]. She added that “the
more experts who participate in the private beta, the more certain it is
that our page will move on to the next stage (i.e. the public beta).”
Fruitful discussions are already taking place: Karsten Loesing wrote to
the wider community on the question of what to do about contact
information for bridge operators after it was posed on Stack
Exchange. [9]
Roger Dingledine put out a call [10] for Tor developers and anonymity
researchers to participate in answering questions on the site, adding
“Steven, Philipp, Jens, and I can't do it by ourselves.” If you have
expert knowledge to contribute, please send an email to
h...@rt.torproject.org to get an invitation!
[6] http://tor.stackexchange.com
[7]
http://area51.stackexchange.com/proposals/56447/tor-online-anonymity-privacy-and-security
[8]
https://lists.torproject.org/pipermail/tor-talk/2013-September/030187.html
[9]
https://lists.torproject.org/pipermail/tor-relays/2013-September/002936.html
[10] https://lists.torproject.org/pipermail/tor-dev/2013-September/005519.html
liballium: Pluggable Transports utility library in C
Yawning Angel announced a new library to ease the task of writing
pluggable transports [11]. liballium is a “simple library that handles
the Tor Pluggable Transport Configuration protocol. The idea is for this
library to be the C/C++ equivalent to pyptlib [12] (and maybe more,
depending on how much time I have to work on it).”
The code is available for review [13] featuring “a reasonably well
commented example.”
Feel free to follow up with “questions, comments, feedback”!
[11] https://www.torproject.org/docs/pluggable-transports.html
[12] https://gitweb.torproject.org/pluggable-transports/pyptlib.git
[13] https://github.com/Yawning/liballium
Tor Help Desk Roundup
-
Multiple users wrote to the help desk asking for guidance setting up
hidden service sites. The most straightforward documentation for hidden
services is in the torrc file itself [14]. A more