Welcome to the thirty-first issue in 2015 of Tor Weekly News, the weekly newsletter that covers what’s happening in the Tor community. Tor Browser 5.0 and 5.5a1 are out The Tor Browser team put out two new releases of the privacy-preserving web browser. Version 5.0, the first release in the new stable series, is based on Firefox 38ESR, “which should mean improved support for HTML5 video on Youtube, as well as a host of other improvements”. Updates to Tor Browser are now downloaded automatically in the background, removing the need for users to go through the update wizard manually. New privacy features in this release include first-party domain bar isolation of more identifier sources, and “defenses from the 5.0-alpha series for keystroke (typing) fingerprinting and some instances of performance/timing fingerprinting”. The first alpha release in the 5.5 series, meanwhile, fixes the recent pdf.js exploit to which users of 5.0a3 and 5.0a4 had been vulnerable; it also contains a refined version of the new font fingerprinting defenses in which “Tor Browser now ships with a standard set of fonts, and prefers to use the provided fonts instead of native ones in most cases”. For full changelogs and download instructions, please see the team’s announcements. Both of these new releases contain important security updates, so please upgrade your Tor Browser as soon as you can. Tails 1.5 is out The Tails developers announced version 1.5 of the anonymous live operating system. This release disables access to the local network in Tor Browser, restricting this activity to Tails’ “unsafe browser”. It also ships with Tor Browser 5.0, and a 32-bit GRUB EFI bootloader, so “Tails should now start on some tablets with Intel Bay Trail processors, among others”. For a list of all the changes in this release, please see the team’s announcement. This is an important security update, so please download your copy as soon as possible, either from the Tails website or via the incremental updater. OnioNS beta testing version is out Jesse Victors announced the first beta testing release of his Tor Summer of Privacy project, the Onion Name System (OnioNS). OnioNS is a distributed system that links hard-to-remember and hard-to-verify onion service addresses (such as “onions55e7yam27n.onion”) to domain names that are easier for humans to read and recall (like “example.tor”). The software that comprises OnioNS is divided into three main parts: OnioNS-HS, OnioNS-client, and OnioNS-server. These are respectively intended to be run by onion services wishing to claim domain names, clients (such as Tor Browser users) wanting to visit services using these names, and the servers that let the system function. Whichever software you download will also require the OnioNS-common library in order to work. This is a beta testing version, so Jesse warns that it is not ready to be used on production onion services and that name-claims made now may not survive in the long term. If you’re willing to give the system a try, however, please see Jesse’s message for further information, and feel free to send “feedback as to how usable the system is and areas where it could be improved” to the tor-dev mailing list, or file issues on the bug tracker of the relevant software package. Miscellaneous news Karsten Loesing deployed version 2.4 of Onionoo , the Tor network data observatory. This release implements an optional “effective_family” field to Onionoo details documents, listing all the relays with which the relay in question is in an effective, mutual family relationship. “The main goal here is to make it easier to detect misconfigured relay families. This can be relay operators or friendly people watching over the Tor network and reminding relay operators to fix their configurations.” Colin Childs sent out a call for new volunteers to man the Tor help desk, which offers individual support to Tor users all over the world. If you can use Tor Browser and other Tor software with confidence and have a good understanding of the theory behind Tor, know how to use GnuPG (or are willing to learn), and are an active member of the Tor community who wants to help users on an ongoing basis, then please see Colin’s message for more details. The Tails project sent out its monthly report for July, featuring development updates, upcoming events, and summaries of ongoing discussions. George Kadianakis sent out the SponsorR report, and also submitted his own status report for July. Alec Muffett revived the discussion around possible human factors to consider when devising a new and more secure system of onion addresses (such as the one suggested in proposal 224). Sue Gardner invited active Tor community members to take part in a short survey as part of her work to devise a long-term strategic plan for the Tor Project. Thomas White put out a call for “good guides on using Tor with common applications” to form part of a “small site dedicated to Tor usage [that] will convey, in as simple as possible terms, how to put as many applications as possible through Tor”. This issue of Tor Weekly News has been assembled by Harmony. Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing list if you want to get involved! Continue reading...
