Here is the June report for SponsorF Year4: https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorF/Year4 (With thanks to Lunar for compiling much of it!)
------------------------------------------------------------------------ 1) Tor: performance, scalability, reachability, anonymity, security. - Tor 0.2.5.5-alpha was released on June 18th, fixing a wide variety of remaining issues in the Tor 0.2.5.x release series, including a couple of DoS issues, some performance regressions, a large number of bugs affecting the Linux seccomp2 sandbox code, and various other bugfixes. Among the major security improvements is an adjustment to the way Tor decides when to close TLS connections, which should improve Tor's resistance against some kinds of traffic analysis, and lower some overhead from needlessly closed connections. https://lists.torproject.org/pipermail/tor-talk/2014-June/033347.html - Nick Mathewson wrote an analysis on the impact of the OpenSSL "EarlyCCS bug" on Tor: https://lists.torproject.org/pipermail/tor-talk/2014-June/033161.html ------------------------------------------------------------------------ 2) Bridges and Pluggable transports: make Tor able to adapt to new blocking events (including better tracking when these blocking events occur). - BridgeDB version 0.2.2 has been deployed with many fixes and translation updates. The email autoresponder is back in fully working state. https://gitweb.torproject.org/bridgedb.git/blob_plain/cb8b01bc:/CHANGELOG - George Kadianakis wrote a blog post about the upcoming developments in pluggable transports. https://blog.torproject.org/blog/recent-and-upcoming-developments-pluggable-transports - David Fifield updated the experimental Tor Browser builds that include the meek pluggable transport. The new packages are based on Tor Browser version 3.6.2. https://lists.torproject.org/pipermail/tor-talk/2014-June/033229.html https://people.torproject.org/~dcf/pt-bundle/3.6.2-meek-1/ - The server component of Flashproxy has entered Debian. The package, named pt-websocket, should help getting more deployment. https://packages.debian.org/sid/pt-websocket - Marc Juarez, our gsoc student, continued work on a pluggable transport to help us test website fingerprinting defenses: https://lists.torproject.org/pipermail/tor-reports/2014-June/000567.html https://lists.torproject.org/pipermail/tor-reports/2014-July/000581.html - In May (missed in the last report), Kevin Dyer released libfte, a "filter" version of fteproxy does the cryptographic transformations of network traffic: https://github.com/kpdyer/libfte He also released a version of fteproxy that depends upon libfte, instead of using its own FTE code; and released two versions of fteproxy: 0.2.14 and 0.2.15, which included various bugfixes. https://github.com/kpdyer/fteproxy ------------------------------------------------------------------------ 3) Bundles: improve the Tor Browser Bundle and other Tor bundles and packages, especially improving bridge and pluggable transport support in TBB. - Version 3.6.2 of the Tor Browser has been released featuring a fix to allow the configuration of a local HTTP or SOCKS proxy with all included Pluggable Transports, as well as important fixes to mitigate recent OpenSSL vulnerabilities, and other security updates. https://blog.torproject.org/blog/tor-browser-362-released - Tails 1.0.1 has been released on June 10th. This minor update contains several security fixes and upgrade Tor and I2P to their latest stable versions. https://tails.boum.org/news/version_1.0.1/ - Georg Koppen announced a new set of experimental hardened Linux builds of the Tor Browser that include both AddressSanitizer and Undefined Behaviour Sanitizer (UBSan). https://lists.torproject.org/pipermail/tor-qa/2014-June/000428.html - The most versatile Tor controller, Stem, is now at version 1.2. The new version includes an interactive controller prompt, and a new connect() function for ease of integration. https://blog.torproject.org/blog/stem-release-12 - meejah released a new version of txtorcon -- a Twisted-based asynchronous Tor control protocol implementation. Version 0.10.0 adds support for Twisted's endpoint strings. Any Twisted program that uses endpoints can accept "onion:" strings to bring up (i.e. host) a hidden service easily. https://lists.torproject.org/pipermail/tor-dev/2014-June/007006.html - Mike Perry summarized the month of June for the Tor Browser Team: https://lists.torproject.org/pipermail/tor-reports/2014-July/000584.html ------------------------------------------------------------------------ 4) Metrics: provide safe but useful statistics, along with the underlying data, about the Tor network and its users and usage. - The new CollecTor service has been launched. This is an improved spin off of the directory archive section from the Metrics portal. Archive tarballs are now provided in a directory structure rather than a single directory, recently published descriptors can now be accessed much more easily, and the documentation of descriptor formats has been updated. https://collector.torproject.org/ - Lukas Erlacher has released OnionPy 0.1.5. A library for object-oriented access to the Onionoo database. https://lists.torproject.org/pipermail/tor-dev/2014-June/007018.html - Onionoo now properly includes bridge pool assignments. https://bugs.torproject.org/12203 - The relay-search service (https://metrics.torproject.org/relay-search.html) has been shut down and the metrics website database schema cleaned up. This reduced the database size from 95 GiB to 3 GiB. Cronjobs to update graph data are now running within minutes rather than hours. ------------------------------------------------------------------------ 5) Outreach: teach a broad range of communities about how Tor works, why it's important, and why this broad range of user communities is needed for best safety. - The EFF announced its 2014 Tor Challenge to encourage the creation of new relays: https://blog.torproject.org/blog/tor-challenge-2014 We're well over 1000 relays that have signed up. Roger also revamped the Tor relay documentation pages: https://www.torproject.org/docs/tor-relay-debian https://www.torproject.org/docs/tor-doc-relay - fr33tux delivered a presentation in French at Université de technologie Belfort-Montbéliard. https://lists.torproject.org/pipermail/tor-talk/2014-June/033337.html - Colin Childs presented Tor at the Winnipeg Cryptoparty on June 7th. - Lunar attended Backbone 409 near Barcelona, to spread the word about the open and community nature of the Tor network: https://lists.torproject.org/pipermail/tor-reports/2014-June/000568.html - Karsten started a "Tor documentation map" to help us understand what we have and what we don't have in terms of user-facing documents: https://trac.torproject.org/projects/tor/wiki/doc/DocumentationList#TorDocumentationMap - Andrew talked to a member of parliament in Iceland about Internet censorship in Iceland. - Roger, David Fifield, George, Philipp Winter, and others attended a circumvention researcher summit with Google in Seattle. There were many research groups present, and we made some good progress at understanding useful shared research directions and at considering how to (and how not to) compose pluggable transports. I'm especially excited by the freedom.js and librtc work that the UW group is leading. - Roger gave an invited presentation at the SponsorF PI meeting: http://freehaven.net/~arma/slides-jun14.pdf (Alas the slides aren't as useful without the voiceover -- in my copious free time I'll aim to write up some of the more useful points I made.) ------------------------------------------------------------------------ 6) Research: Assist the academic community in analyzing/improving Tor. - Tariq Elahi introduced PrivEx, an effort to collect statistics from Tor exits in a privacy-sensitive manner. https://lists.torproject.org/pipermail/tor-dev/2014-June/006999.html - Roger coordinated the stipends for PETS, to make sure people from the broader security community can integrate with the researchers there. - Roger, Philipp, and others finished reviewing FOCI 2014 papers and participated in the selection meeting. There are some great papers this year: https://www.usenix.org/conference/foci14 https://www.usenix.org/conference/foci14/workshop-program - Robert has published the results of a three-week-long test of the interconnectivity between 6730 relays in order to determine how many relays are firewalling certain outbound ports (and thus messing with connectivity inside the Tor network). https://bugs.torproject.org/12131#comment:11 _______________________________________________ tor-reports mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-reports
