Planet Tor

@blog November 23, 2020 - 19:12 • 3 days ago
New alpha release: Tor 0.4.5.2-alpha
New alpha release: Tor 0.4.5.2-alpha nickm November 23, 2020

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.5.2-alpha from the download page on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release by mid-December.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

Tor 0.4.5.2-alpha is the second alpha release in the 0.4.5.x series. It fixes several bugs present in earlier releases, including one that made it impractical to run relays on Windows. It also adds a few small safety features to improve Tor's behavior in the presence of strange compile-time options, misbehaving proxies, and future versions of OpenSSL.

Changes in version 0.4.5.2-alpha - 2020-11-23

  • Major bugfixes (relay, windows):
    • Fix a bug in our implementation of condition variables on Windows. Previously, a relay on Windows would use 100% CPU after running for some time. Because of this change, Tor now require Windows Vista or later to build and run. Fixes bug 30187; bugfix on 0.2.6.3-alpha. (This bug became more serious in 0.3.1.1-alpha with the introduction of consensus diffs.) Patch by Daniel Pinto.
  • Minor features (compilation):
    • Disable deprecation warnings when building with OpenSSL 3.0.0 or later. There are a number of APIs newly deprecated in OpenSSL 3.0.0 that Tor still requires. (A later version of Tor will try to stop depending on these APIs.) Closes ticket 40165.

 

  • Minor features (protocol, proxy support, defense in depth):
    • Respond more deliberately to misbehaving proxies that leave leftover data on their connections, so as to make Tor even less likely to allow the proxies to pass their data off as having come from a relay. Closes ticket 40017.
  • Minor features (safety):
    • Log a warning at startup if Tor is built with compile-time options that are likely to make it less stable or reliable. Closes ticket 18888.
  • Minor bugfixes (circuit, handshake):
    • In the v3 handshaking code, use connection_or_change_state() to change the state. Previously, we changed the state directly, but this did not pass the state change to the pubsub or channel objects, potentially leading to bugs. Fixes bug 32880; bugfix on 0.2.3.6-alpha. Patch by Neel Chauhan.
  • Minor bugfixes (compilation):
    • Use the correct 'ranlib' program when building libtor.a. Previously we used the default ranlib, which broke some kinds of cross-compilation. Fixes bug 40172; bugfix on 0.4.5.1-alpha.
    • Remove a duplicate typedef in metrics_store.c. Fixes bug 40177; bugfix on 0.4.5.1-alpha.
    • When USDT tracing is enabled, and STAP_PROBEV() is missing, don't attempt to build. Linux supports that macro but not the BSDs. Fixes bug 40174; bugfix on 0.4.5.1-alpha.
  • Minor bugfixes (configuration):
    • Exit Tor on a misconfiguration when the Bridge line is configured to use a transport but no corresponding ClientTransportPlugin can be found. Prior to this fix, Tor would attempt to connect to the bridge directly without using the transport, making it easier for adversaries to notice the bridge. Fixes bug 25528; bugfix on 0.2.6.1-alpha.
    • Fix an issue where an ORPort was compared with other kinds of ports, when it should have been only checked against other ORPorts. This bug would lead to "DirPort auto" getting ignored. Fixes bug 40195; bugfix on 0.4.5.1-alpha.
    • Fix a bug where a second non-ORPort with a variant family (ex: SocksPort [::1]:9050) would be ignored due to a configuration parsing error. Fixes bug 40183; bugfix on 0.4.5.1-alpha.
  • Minor bugfixes (crash, relay, signing key):
    • Avoid assertion failures when we run Tor from the command line with `--key-expiration sign`, but an ORPort is not set. Fixes bug 40015; bugfix on 0.3.2.1-alpha. Patch by Neel Chauhan.
  • Minor bugfixes (logging):
    • Remove trailing whitespace from control event log messages. Fixes bug 32178; bugfix on 0.1.1.1-alpha. Based on a patch by Amadeusz Pawlik.
    • Turn warning-level log message about SENDME failure into a debug- level message. (This event can happen naturally, and is no reason for concern). Fixes bug 40142; bugfix on 0.4.1.1-alpha.
  • Minor bugfixes (relay, address discovery):
    • Don't trigger an IP change when no new valid IP can be found. Fixes bug 40071; bugfix on 0.4.5.1-alpha.
    • When attempting to discover our IP, use a simple test circuit, rather than a descriptor fetch: the same address information is present in NETINFO cells, and is better authenticated there. Fixes bug 40071; bugfix on 0.4.5.1-alpha.
  • Minor bugfixes (testing):
    • Fix the `config/parse_tcp_proxy_line` test so that it works correctly on systems where the DNS provider hijacks invalid queries. Fixes part of bug 40179; bugfix on 0.4.3.1-alpha.
    • Fix unit tests that used newly generated list of routers so that they check them with respect to the date when they were generated, not with respect to the current time. Fixes bug 40187; bugfix on 0.4.5.1-alpha.
    • Fix our Python reference-implementation for the v3 onion service handshake so that it works correctly with the version of hashlib provided by Python 3.9. Fixes part of bug 40179; bugfix on 0.3.1.6-rc.
    • Fix the `tortls/openssl/log_one_error` test to work with OpenSSL 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha.
  • Removed features (controller):
    • Remove the "GETINFO network-status" controller command. It has been deprecated since 0.3.1.1-alpha. Closes ticket 22473.
  • Tor 0.4.5.2-alpha is the second alpha release in the 0.4.5.x series. It fixes several bugs present in earlier releases, including one that made it impractical to run relays on Windows. It also adds a few small safety features to improve Tor's behavior in the presence of strange compile-time options, misbehaving proxies, and future versions of OpenSSL.

    Changes in version 0.4.5.2-alpha - 2020-11-23

    • Major bugfixes (relay, windows):
      • Fix a bug in our implementation of condition variables on Windows. Previously, a relay on Windows would use 100% CPU after running for some time. Because of this change, Tor now require Windows Vista or later to build and run. Fixes bug 30187; bugfix on 0.2.6.3-alpha. (This bug became more serious in 0.3.1.1-alpha with the introduction of consensus diffs.) Patch by Daniel Pinto.
    • Minor features (compilation):
      • Disable deprecation warnings when building with OpenSSL 3.0.0 or later. There are a number of APIs newly deprecated in OpenSSL 3.0.0 that Tor still requires. (A later version of Tor will try to stop depending on these APIs.) Closes ticket 40165.

     

    • Minor features (protocol, proxy support, defense in depth):
      • Respond more deliberately to misbehaving proxies that leave leftover data on their connections, so as to make Tor even less likely to allow the proxies to pass their data off as having come from a relay. Closes ticket 40017.
    • Minor features (safety):
      • Log a warning at startup if Tor is built with compile-time options that are likely to make it less stable or reliable. Closes ticket 18888.
    • Minor bugfixes (circuit, handshake):
      • In the v3 handshaking code, use connection_or_change_state() to change the state. Previously, we changed the state directly, but this did not pass the state change to the pubsub or channel objects, potentially leading to bugs. Fixes bug 32880; bugfix on 0.2.3.6-alpha. Patch by Neel Chauhan.
    • Minor bugfixes (compilation):
      • Use the correct 'ranlib' program when building libtor.a. Previously we used the default ranlib, which broke some kinds of cross-compilation. Fixes bug 40172; bugfix on 0.4.5.1-alpha.
      • Remove a duplicate typedef in metrics_store.c. Fixes bug 40177; bugfix on 0.4.5.1-alpha.
      • When USDT tracing is enabled, and STAP_PROBEV() is missing, don't attempt to build. Linux supports that macro but not the BSDs. Fixes bug 40174; bugfix on 0.4.5.1-alpha.
    • Minor bugfixes (configuration):
      • Exit Tor on a misconfiguration when the Bridge line is configured to use a transport but no corresponding ClientTransportPlugin can be found. Prior to this fix, Tor would attempt to connect to the bridge directly without using the transport, making it easier for adversaries to notice the bridge. Fixes bug 25528; bugfix on 0.2.6.1-alpha.
      • Fix an issue where an ORPort was compared with other kinds of ports, when it should have been only checked against other ORPorts. This bug would lead to "DirPort auto" getting ignored. Fixes bug 40195; bugfix on 0.4.5.1-alpha.
      • Fix a bug where a second non-ORPort with a variant family (ex: SocksPort [::1]:9050) would be ignored due to a configuration parsing error. Fixes bug 40183; bugfix on 0.4.5.1-alpha.
    • Minor bugfixes (crash, relay, signing key):
      • Avoid assertion failures when we run Tor from the command line with `--key-expiration sign`, but an ORPort is not set. Fixes bug 40015; bugfix on 0.3.2.1-alpha. Patch by Neel Chauhan.
    • Minor bugfixes (logging):
      • Remove trailing whitespace from control event log messages. Fixes bug 32178; bugfix on 0.1.1.1-alpha. Based on a patch by Amadeusz Pawlik.
      • Turn warning-level log message about SENDME failure into a debug- level message. (This event can happen naturally, and is no reason for concern). Fixes bug 40142; bugfix on 0.4.1.1-alpha.
    • Minor bugfixes (relay, address discovery):
      • Don't trigger an IP change when no new valid IP can be found. Fixes bug 40071; bugfix on 0.4.5.1-alpha.
      • When attempting to discover our IP, use a simple test circuit, rather than a descriptor fetch: the same address information is present in NETINFO cells, and is better authenticated there. Fixes bug 40071; bugfix on 0.4.5.1-alpha.
    • Minor bugfixes (testing):
      • Fix the `config/parse_tcp_proxy_line` test so that it works correctly on systems where the DNS provider hijacks invalid queries. Fixes part of bug 40179; bugfix on 0.4.3.1-alpha.
      • Fix unit tests that used newly generated list of routers so that they check them with respect to the date when they were generated, not with respect to the current time. Fixes bug 40187; bugfix on 0.4.5.1-alpha.
      • Fix our Python reference-implementation for the v3 onion service handshake so that it works correctly with the version of hashlib provided by Python 3.9. Fixes part of bug 40179; bugfix on 0.3.1.6-rc.
      • Fix the `tortls/openssl/log_one_error` test to work with OpenSSL 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha.
    • Removed features (controller):
      • Remove the "GETINFO network-status" controller command. It has been deprecated since 0.3.1.1-alpha. Closes ticket 22473.
...
@blog November 20, 2020 - 12:46 • 7 days ago
From Trac into Gitlab for Tor
From Trac into Gitlab for Tor Gaba November 20, 2020
Tor has been using Trac until June 2020, when we moved to our self-hosted instance of Gitlab administered by the Tor sysadmin team. We reached some limitations with Trac as well as were concern on some of the plugins we depended on not being mantained. The challenges on doing this migration sooner were and are related to the capacity that we have to adapt a new ticketing system to our needs.
 
We're hoping Gitlab will be a good fit because:
  • Gitlab will allow us to collect our different engineering tools into a single application: Git repository handling, Wiki, Issue tracking, Code reviews, and project management tooling.
  • Gitlab is well-maintained, while Trac plugins are not well maintained and Trac itself hasn't seen a release for over a year (since 2019).
  • Gitlab will allow us to build a more modern approach to handling Continuous Integration for our different projects. This is going to happen after the ticket and wiki migration.
 
We spent several months fixing and testing problems on data migration, from formatting issues to where the information of trac goes to live to in Gitlab. We tested the Gitlab instance with a few projects until we jumped into migrating all data from Trac. You can read about the use cases for a bug tracker at Tor in this ticket
 
To accomplish the migration, the Gitlab migration group wrote a number of tools to make the migration happen. These tools were split into two parts: one part for fetching all the state from Trac and a number of tool from turning the Trac state into Gitlab issues and wiki content in various ways. The migration group worked with the engineering teams in the organisation on issues such as splitting up Trac "flat ticket namespace" into the different groups and projects that we wanted to have on Gitlab. This allowed the individual teams at Tor to decide the organisation they wanted to have on Gitlab and allow them to build a mapping that fits better with the project model of Gitlab, where each project have an issue tracker, a wiki, and a repository attached.
 
We specified a specific date for the migration to happen where all of Tor's engineering teams were asked to find different means of doing their work than using Trac while Trac was put in read-only mode. During this period the migration group worked together on the actual migration, verifying that all data was properly migrated to a point where things looked satisfying, and then finally we announced that Gitlab was what we would move to next. We did the transition period with start on Friday afternoon over the weekend to ensure that only a minimum amount of disruption would be caused by this.
 
The period after the migration did involve a bit of support handling from the different teams, but we ar amazed at how quickly everybody picked up the new work flows and we believe that Gitlab have made it easier for engineers to make choices around their respective projects now without needing help from the Gitlab admin team.
 
We are not migrating away from Gitolite and Jenkins just yet. This means those services are still fully operational and their equivalent features in GitLab are not supported (namely Git hosting and CI). Those services might eventually be migrated to GitLab.
 
The issues and wiki of the "Tor" project are migrated. There are no other projects in Trac.
Trac issues that remain are really legacy issues, others issues have been "moved" to the respective projects. All the tickets that were not moved to their respective projects have been closed in the first week of July 2020. Next year we will permanently shut Trac down and keep it archived in the Wayback machine.
 
To request a new account you have to fill the form in https://gitlab.onionize.space/ where we get the request and a few of us attend to them. Through the Outreachy Internship we are mentoring an intern that will help improve this application.
 
To be able to have all issues in one same board we created a main group "tpo" where all our projects live. The structure for the rest of the projects is:
 

Organization: host our main wiki, which links to documentation for all projects at TPO. It also hold issues that may not be related to any particular project but are organizational on TPO.

TPA: host any project related to the infrastructure administered by TPO

  • Gitlab : Any issue or documentation related to running the Gitlab instance.
  • Team: Any issue related to administering TP infrastructure

Core: host projects that are related to mantaining little-t tor

  • arti, tor specifications, shadow, trunnel, tor socks, fallback scripts, directory authorities, chutney, tor
  • Team: Any issue related to processes for the core team and the wiki.

Anti-Censorship: host projects that work on circumventing censorship with Tor

  • gettor, pluggable transports, rdsys, bridgedb, censorship analysis, bridgestrap, emma, state of censorship
  • Team: Any issue related to processes of the team and the wiki.

Network Health: it has all the projects related to monitoring the Tor network

  • doctor, exitmap, torflow, sbws, helper scripts
  • Team: Issues related to network health in general but not to specific projects.

Applications: everything at Tor that is a user facing product

  • tor browser projects, tor launcher, https everywhere
  • Team: issues and wiki related to processes of the team that work on user facing products

Metrics: everything related to collecting, analyzing and visualizing data from the Tor network

  • collector, metrics website, onionperf, weather ,utilities, analysis, exit scanner, exonerator
  • Team: issues and wiki related to the team

Community: is for all the projects that help people that help Tor. 

  • l10n, support, outreach, training
  • Team: anything about processes for the community

Web: all projects and code related to the websites that the Tor project mantains

  • support portal, community, torproject.org main website, donations, styleguide

UX: all projects related to user experience in all the software we develop at the Tor project

  • design, research, media
  • Team: anything about the people working on UX at Tor
 
You can read more about Tor's Gitlab instance in the documentation.
 
Edit: For any question not related to Gitlab or Trac please send a mail to frontdesk at torproject dot org. Thanks!
...
@blog November 19, 2020 - 21:40 • 7 days ago
Transparency, Openness, and Our 2018 and 2019 Finances
Transparency, Openness, and Our 2018 and 2019 Finances arma November 19, 2020

After completing standard audits for 2017-2018 and for 2019, our federal tax filings and audits are available. We publish all of our related tax documents for transparency.

Specifically, there are four new documents:

  • The 2018 Form 990 (our tax document), covering January through June of 2018.
  • The 2018 Financial statements and audit results, covering January 2017 through June 2018.
  • The 2019 Form 990, covering July 2018 to June 2019.
  • The 2019 Financial statements and audit results, covering July 2018 to June 2019.

The reason these documents are no longer tied to calendar years is because in 2017 we changed our fiscal year to be "July through June", since having our fiscal year end right in the middle of fundraising season (Dec 31) makes it harder to plan budgets.

Remember that transparency for a privacy project is not a contradiction: privacy is about choice, and we choose to publish all of these aspects of our work in order to build a stronger community. Transparency is about where the money comes from, but it's also about what we do with it: we show you all of our projects, in source code, and in periodic project and team reports, and in collaborations with researchers who help assess and improve Tor. Transparency also means being clear about our values, promises, and priorities as laid out in our social contract.

The board has also continued to publish minutes for seven board meetings in 2018, six meetings in 2019, and three so far in 2020.

The last few years have been a bit bumpy financially, because we grew to be able to cover more of the Tor ecosystem (which was great), but our expenses grew faster than our income (not so great). That approach is sustainable for a while by spending reserves, but once you're out of reserves the remaining option is to solve it by reducing expenses. You can see part of that arc in the 2017-2019 documents here, and the other half of the arc (the more cheerful half) will be included in the 2020-2021 documents.

One contributing factor to the bumpiness is that we didn't expand our grant writing in 2017 as much as (in retrospect) we should have. This challenge makes it even clearer why being dependent on a small set of funding sources impacts our robustness — a few big grant proposals getting rejected rather than accepted was the difference for 2018. Further amplifying the challenge is that for many funders, the time between proposal and decision can be a full year or more, which makes planning ahead both harder and essential.

Some observations to help you read through the 2018 and 2019 financial documents:

  • Tor's revenue for the half-year of 2018 was $1.76 million, and for FY2019 was a bit under $4.9 million. So things have continued to grow, and the hard part is to make sure that revenue and expenses grow together.
  • 2019 marks the first year since 2005 (before Tor was incorporated as a non-profit) where more than half our support came from sources other than the US government. In terms of percentages, 2015-2016-2017 were 85%, 76%, and 51% US government sources respectively. For the half-year 2018 it went back up to 70%, but for 2019 the fraction of our funding that came from US government sources dropped all the way to 42%. We should expect this percentage to keep going up and down in the future, but one of our priorities remains to continue working to reduce our reliance on US government sources.
  • We also had the highest contributions ever from individuals—$577k—due to the hard work of our fundraising team. Thank you to the broader Tor community for the support! This support is especially valuable because unrestricted donations let us work on the topics and projects that are most important at the time.
  • Remember the big picture though: Tor's budget remains modest considering the number of people involved and the impact we have. And it is dwarfed by the budgets that our adversaries are spending to make the world a more dangerous and less free place.
  • Check out the comment sections on the previous posts for previous years' versions of the usual "omg government funding" and "omg transparency" discussions. You might find this comment more useful than the rest.
  • When people ask me about Tor funding, I explain that we have four categories of funders: (A) Research funding from groups like the National Science Foundation to do fundamental research on privacy and censorship, including studying how to improve Tor's performance and safety, and inventing new censorship circumvention techniques. (B) R&D funding from groups like OTF and DARPA to actually build safer tools. Different funders might have different audiences in mind when they help us make Tor Browser safer and easier to use, but they want the same things out of Tor Browser: in all cases we make all of our work public, and also remember that anonymity loves company. (C) Deployment and teaching funding from organizations like the US State Dept and Sweden's foreign ministry to do in-country security trainings, user-oriented documentation, and otherwise help activists around the world learn how to be safer on the internet. (D) Core organizational support, primarily from individual donations (that's you!), to cover the day-to-day operations of the non-profit, and most importantly to let us spend time on critical tasks that we can't convince a funder to care enough about.
  • More generally, I should take a brief moment to explain how funding proposals work, for those who worry that governments come to us wanting to pay us to do something bad. The way it works is that we try to find groups with funding for the general area that we want to work on, and then we go to them with a specific plan for what we'd like to do and how much it will cost, and if we're lucky they say ok. There is never any point where somebody comes to us and says "I'll pay you $X to do Y."
  • In half-of-2018 and 2019 we counted $216k and $738k in "donated services," that is, volunteers helping with translations, website hosting, and contributed patches. Thank you!
  • The 990 forms have a "Schedule B Contributors" list, which is standard practice for the accountants to anonymize (in case some contributors want to stay anonymous). Here's how they match up to funder names: contributors #1-5 in 2018 correspond to DRL, NSF part one, NSF part two, a grant via NYU for the Library Freedom Project, and Rose Foundation. And contributors #1-5 in 2019 correspond to Mozilla, DRL, NSF, Sida, and the Handshake Foundation.

In closing, remember that there are many different ways to get involved with Tor, and we need your help. For example, you can donate, volunteer, and run a Tor relay. Now is a great time to make a contribution and join our year end campaign and help us resist the surveillance pandemic. Give today, and Friends of Tor will match your donation. Double your impact by making a gift now, and remember, Use a Mask, Use Tor. 

...
@blog November 18, 2020 - 10:23 • 9 days ago
New Release: Tor Browser 10.5a4
New Release: Tor Browser 10.5a4 gk November 18, 2020

Tor Browser 10.5a4 is now available from the Tor Browser Alpha download page and also from our distribution directory.

Note: This is an alpha release, an experimental version for users who want to help us test new features. For everyone else, we recommend downloading the latest stable release for desktop or Android instead.

This release updates Firefox to 78.5.0esr for desktop and Fenix to 83.0 for Android. Additionally, we update Tor to 0.4.5.1-alpha. This release includes important security updates both for desktop and Android users.

Note: Tor Browser 10.5 does not support CentOS 6.

The full changelog since Tor Browser 10.5a3 is:

  • All Platforms
    • Update Tor to 0.4.5.1-alpha
    • Bug 40212: Add new default bridge "PraxedisGuerrero"
  • Windows + OS X + Linux
    • Update Firefox to 78.5.0esr
  • Android
    • Update Fenix to 83.1.0
    • Bug 27002: (Mozilla 1673237) Always allow SVGs on about: pages
    • Bug 40137: Built-in https-everywhere storage is not migrated to idb
    • Bug 40152: Top Crash: android.database.sqlite.SQLiteConstraintException
    • Bug 40205: Replace occurrence of EmptyCString with 0-length _ns literal
    • Bug 40206: Disable the /etc/hosts parser
    • Translations update
  • Build System
    • OS X
    • Android
      • Bug 40211: Lower required build-tools version to 29.0.2
      • Bug 40126: Bump Node to 10.22.1 for mozilla83
      • Bug 40127: Update components for switch to mozilla83-based Fenix
...
@blog November 17, 2020 - 23:29 • 9 days ago
New Release: Tor Browser 10.0.5 (Only Desktop)
New Release: Tor Browser 10.0.5 (Only Desktop) sysrqb November 17, 2020

Tor Browser 10.0.5 is now available from the Tor Browser download page and also from our distribution directory.

This release updates Firefox to 78.5.0esr and updates Tor to 0.4.4.6. This release includes important security updates to Firefox.

Note: Android Tor Browser 10.0.5 is delayed until next week. In the future, new Tor Browser versions for Android and Desktop should be published at the same time.

The full changelog since Tor Browser 10.0.4 (Desktop) is:

  • Windows + OS X + Linux
    • Update Firefox to 78.5.0esr
    • Update Tor to 0.4.4.6
    • Bug 40212: Add new default obfs4 bridge

...
@blog November 13, 2020 - 15:01 • 14 days ago
New Release: Tor Browser 10.5a3
New Release: Tor Browser 10.5a3 sysrqb November 13, 2020

Tor Browser 10.5a3 for Desktop platforms is now available from the Tor Browser Alpha download page and also from our distribution directory.

Note: This is an alpha release, an experimental version for users who want to help us test new features. For everyone else, we recommend downloading the latest stable release instead.

Tor Browser 10.5a3 updates NoScript to 11.1.5 and libevent to 2.1.12. This release includes important security updates to Firefox.

Note: Tor Browser 10.5 does not support CentOS 6.

The full changelog since Tor Browser 10.5a2 is:

  • All Platforms
    • Update NoScript to 11.1.5
    • Bug 40022: EOY November Update - Matching
    • Bug 40064: Bump libevent to 2.1.12
    • Translations update
  • Windows + OS X + Linux
    • Bug 27002: (Mozilla 1673237) Always allow SVGs on about: pages
    • Bug 40021: Keep page shown after Tor Browser update purple
    • Bug 40137: Migrate https-everywhere storage to idb
    • Bug 40219: Backport fix for Mozilla's bug 1675905
  • Android
    • Pick up fix for Mozilla's bug 1675905 (with GeckoView 82.0.3)
    • Bug 40106: EOY November Update - Matching
  • Build System
    • All Platforms
    • Windows + OS X + Linux
      • Bug 40133: Bump Rust version for ESR 78 to 1.43.0
...
@blog November 12, 2020 - 15:39 • 15 days ago
New Releases: Tor 0.3.5.12, 0.4.3.7, and 0.4.4.6
New Releases: Tor 0.3.5.12, 0.4.3.7, and 0.4.4.6 nickm November 12, 2020

We have a new stable release today. If you build Tor from source, you can download the source code for 0.4.4.6 on the download page. Packages should be available within the next several weeks, with a new Tor Browser likely next week.

We've also released 0.3.5.12 (changelog) and 0.4.3.7 (changelog) today. You can find the source for them at https://dist.torproject.org/, along with older releases.

Tor 0.4.4.6 is the second stable release in the 0.4.4.x series. It backports fixes from later releases, including a fix for TROVE-2020- 005, a security issue that could be used, under certain cases, by an adversary to observe traffic patterns on a limited number of circuits intended for a different relay.

Changes in version 0.4.4.6 - 2020-11-12

  • Major bugfixes (security, backport from 0.4.5.1-alpha):
    • When completing a channel, relays now check more thoroughly to make sure that it matches any pending circuits before attaching those circuits. Previously, address correctness and Ed25519 identities were not checked in this case, but only when extending circuits on an existing channel. Fixes bug 40080; bugfix on 0.2.7.2-alpha. Resolves TROVE-2020-005.
  • Minor features (directory authorities, backport from 0.4.5.1-alpha):
    • Authorities now list a different set of protocols as required and recommended. These lists have been chosen so that only truly recommended and/or required protocols are included, and so that clients using 0.2.9 or later will continue to work (even though they are not supported), whereas only relays running 0.3.5 or later will meet the requirements. Closes ticket 40162.
    • Make it possible to specify multiple ConsensusParams torrc lines. Now directory authority operators can for example put the main ConsensusParams config in one torrc file and then add to it from a different torrc file. Closes ticket 40164.

 

  • Minor features (subprotocol versions, backport from 0.4.5.1-alpha):
    • Tor no longer allows subprotocol versions larger than 63. Previously version numbers up to UINT32_MAX were allowed, which significantly complicated our code. Implements proposal 318; closes ticket 40133.
  • Minor features (tests, v2 onion services, backport from 0.4.5.1-alpha):
    • Fix a rendezvous cache unit test that was triggering an underflow on the global rend cache allocation. Fixes bug 40125; bugfix on 0.2.8.1-alpha.
    • Fix another rendezvous cache unit test that was triggering an underflow on the global rend cache allocation. Fixes bug 40126; bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (compilation, backport from 0.4.5.1-alpha):
    • Fix compiler warnings that would occur when building with "--enable-all-bugs-are-fatal" and "--disable-module-relay" at the same time. Fixes bug 40129; bugfix on 0.4.4.1-alpha.
    • Resolve a compilation warning that could occur in test_connection.c. Fixes bug 40113; bugfix on 0.2.9.3-alpha.
  • Minor bugfixes (logging, backport from 0.4.5.1-alpha):
    • Remove a debug logging statement that uselessly spammed the logs. Fixes bug 40135; bugfix on 0.3.5.0-alpha.
  • Minor bugfixes (relay configuration, crash, backport from 0.4.5.1-alpha):
    • Avoid a fatal assert() when failing to create a listener connection for an address that was in use. Fixes bug 40073; bugfix on 0.3.5.1-alpha.
  • Minor bugfixes (v2 onion services, backport from 0.4.5.1-alpha):
    • For HSFETCH commands on v2 onion services addresses, check the length of bytes decoded, not the base32 length. Fixes bug 34400; bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan.
...
@blog November 11, 2020 - 14:03 • 16 days ago
Digital security tools for human rights defenders
Digital security tools for human rights defenders nah November 11, 2020

At the beginning of the Coronavirus pandemic, there wasn't much known about how people living in rural areas, forests, and near rivers would face this new situation. For people living in the world's cities, digital technologies were part of every decision made when considering how to address the pandemic. Still, communities that depend on forests for their livelihood and environmentalists who fight to protect forests from exploitation live with digital technology in different ways from residents of cities. As a result, the changes to daily life that these communities experienced were different.

It didn't take long for organizations worldwide to warn: loggers, land grabbers, and miners do not quarantine. In fact, according to The National Institute for Space Research (Inpe), logging in the Brazilian Amazon increased 63% in April, a month after the global pandemic had its start in the country. Along with the pandemic, Brazilian Amazonian communities face all kinds of challenges: from access to communications to the struggle for survival - and during the pandemic, a challenge was strengthened: the issues of fake news and secure communication between communities and third-party organizations.

Since July 2020, I've been working with the Tor Project as a Bertha Fellow to strengthen and promote digital security among individuals and organizations in the Amazonian region of Brazil,  where I work with the technological challenges of the people who live there fighting to protect forests: lack of internet access or unstable access; lack of telecommunication signals; limited or no variety in telecommunication service providers; lack of inexpensive devices and little availability to update systems due to poor internet access; fake news against movements and individuals, sometimes coming directly from the government; communications surveillance; little access to secure technologies and devices; little availability of alternative and secure services compared to commercial services, especially to store files and online meetings.

Still, some platforms can strengthen these people's security on the front lines against global warming. Due to the limited communications and internet signal, the people I work with often need to use VPN to access public wifi - one of the biggest challenges on these platforms is the language and availability of these tools for old devices. In other software, such as Veracrypt, the problem is the same since there is no translation and localization to Portuguese. Some other software is only produced for 64-bit computers. Due to limited access to resources, some machines used by organizations are still 32-bit; the same is true for applications that do not support or have severe problems on older or cheaper phones.  Because of these challenges, the people and organizations I work with can often be very creative about exchanging information when there is no access to the internet, and many are using Briar to circumvent this problem.

The use of Tor Browser came easily to them in terms of connectivity and the use of social media or email accounts. It's common sense that the Internet connection can be troubling in a place where there isn't much broadband available, but the needs for privacy and security surpass the challenges. Also, choosing the right app in Apple Store can be confusing due to many other applications using Tor's name to attract people.

Despite the challenges, organizations and individuals understand the need, and are willing to change their habits regarding digital security. Because they know that their safety is also the security of the forests, their territory, and, consequently, their lives.

...
@blog November 10, 2020 - 21:35 • 16 days ago
You’re Invited: State of the Onion 2020
You’re Invited: State of the Onion 2020 Al Smith November 10, 2020

Every year people from the Tor Project communities present the State of the Onion, a compilation of updates from our different projects, at conferences around the world. We use this opportunity to talk about highlights of the work we’ve accomplished during the year and what we are excited about in the upcoming year.

With COVID-19 pandemic this year, we didn’t have the chance to ‘tour’ our State of the Onion during any face-to-face conferences. So we decided to bring the State of the Onion to you in a special livestream on November 16 from 16:00 - 18:00 UTC.*

We have an awesome, comprehensive program this year, as we want to show off all the work that the Tor Project has been doing as well as highlight the work from people in our community. Isabela Bagueros, our executive director, will host this event and help to provide continuity for everything we’ll discuss.

* Show local time for the day-of the event.

Program

Part I — The Tor Project

Topic

Speaker

Details

Tor community

Gustavo Gus

Community Team Lead 

Presentation on the work we’ve been doing to deliver trainings to communities around the world, how we’re adapting this work during the COVID-19 pandemic, as well as how we’re building connections with users through the year. 

Tor Browser

 

Matthew Finkel 

Tor Browser Team Lead 

Presentation on the successful migration of Tor Browser desktop and mobile onto Fenix, the newest version of Firefox. 

User experience

Antonela Debiasi

UX Lead & Designer

Presentation on the user experience  improvements we have made in Tor tools during 2020 and what’s coming next in 2021.

Onion services

David Goulet 

Network Team Developers

Presentation on onion services improvements we’ve accomplished in 2020.

Tokens

 

George Kadianakis

Network Team Developer

Presentation on research to implement tokens to improve Tor usability and the results of our work over the last year. 

Tor network performance

Mike Perry

Scalability and Network Performance Lead

Presentation on our efforts to improve performance on the Tor network.

Network simulation

Jim Newsome

Shadow Developer

Presentation on work to improve Shadow, the Tor network simulator used to conduct experiments with potential improvements before making these changes on the live network.

Network Health

 

Georg Koppen

Network Health Team Lead

Presentation on improving the health of the network and watching for bad relays.

Censorship circumvention

Cecylia

Anti-Censorship Team

Presentation on how we have improved Tor as a censorship circumvention tool in 2020 and a preview of what’s coming next.

Core tor

Nick Mathewson

Core Tor CTO

Presentation on our efforts to move into an implementation in Rust.

Integration

Alex Færøy 

Network Team Lead

Presentation on work to help third-party developers to integrate tor into their applications and the work we’re doing to improve these integrations.

Part II — Tor Community

We have also invited other projects who are part of the Tor community to present and share their updates.

SecureDrop

Kushal Das

SecureDrop Developer

Presentation on recent SecureDrop improvements and the collaboration with Tor to create proof-of-concept human-memorable names for SecureDrop onion services addresses.

Library Freedom Project

Alison Macrina

Leads the Library Freedom Project

Presentation on LFP’s work to bring privacy to the librarians, libraries, and their communities. 

Ricochet Refresh

Richard Pospesel

Ricochet Developer

Presentation on work to revamp Ricochet and the use of v3 onion services. 

Open Observatory of Network Interference

Maria Xynou 

OONI’s Partnership Program - Manager

Presentation on the status of Internet censorship around the world and OONI’s work to measure it.

The Guardian Project

Nathan Freitas

Founder of the Guardian Project

Presentation on the Guardian Project’s work to integrate Tor and Snowflake into their applications.

OnionShare

Micah Lee

OnionShare Developer

Presentation on new features coming up for OnionShare.

The State of the Onion will be streamed on the Tor Project's YouTube, Facebook, and Twitter accounts.

You can join the conversation in two ways: use the Twitter hashtag #UseAMaskUseTor or by using the live chat feature on the YouTube stream.

This event is part of our year-end fundraising campaign. You can support the Tor Project's work to resist the surveillance pandemic by making a donation today. Your donation will be matched, 1:1, by Friends of Tor. We couldn't do the work we're sharing at this year's State of the Onion without your support!

donate button

...
@blog November 10, 2020 - 19:35 • 16 days ago
New Release: Tor Browser 10.0.4
New Release: Tor Browser 10.0.4 sysrqb November 10, 2020

Tor Browser 10.0.4 is now available from the Tor Browser download page and also from our distribution directory.

This release updates NoScript to 11.1.5 and includes an important security update to Firefox.

The full changelog since Tor Browser 10.0.2 (Desktop) is:

  • Windows + OS X + Linux
    • Update NoScript to 11.1.5
    • Bug 40021: Keep page shown after Tor Browser update purple
    • Bug 40022: EOY November Update - Matching
    • Bug 40219: Backport Mozilla Bug 1675905
    • Translations update
  • Build System
    • Windows + OS X + Linux
      • Update Go to 1.14.11
      • Bug 40141: Include "desktop" in signed tag

The full changelog since Tor Browser 10.0.3 (Android) is:

  • Android
    • Update NoScript to 11.1.5
    • Bug 40022: EOY November Update - Matching
    • Bug 40106: EOY November Update - Matching
    • Bug 40219: Backport Mozilla Bug 1675905
    • Translations update
  • Build System
    • Android
      • Update Go to 1.14.11
      • Bug 40141: Include "android" in signed tag
...
@blog November 9, 2020 - 17:38 • 17 days ago
Use a Mask, Use Tor: Friends of Tor Matching Donations up to $100,000
Use a Mask, Use Tor: Friends of Tor Matching Donations up to $100,000 Al Smith November 09, 2020

Starting today through December 31, every dollar donated to the Tor Project, up to $100,000, will be matched by Friends of Tor. That means that your donation will make double the impact. We’re able to offer this match because of generous folks in our community who believe in Tor, privacy online, and the work to resist the surveillance pandemic.

Make a donation today and your gift will be matched, 1:1.

donate-now

Meet our friends who have generously come forward to make this match:


friends-of-tor-aspirationAspiration connects nonprofit organizations, foundations and activists with free and open software solutions and technology skills that help them better carry out their missions. We want those working for social and racial justice to be able to find and use the best tools and practices available, so that they maximize their effectiveness and impact and, in turn, change the world. We also work with free and open source projects and communities in both support and partnership roles, advising and contributing on matters of strategy, sustainability, governance, community health, equity and diversity. We design and facilitate unique and collaborative nonprofit and FLOSS technology convenings, and have run almost 700 in over 50 countries as well as online over the past 16 years.


friends-of-tor-wendyWendy Seltzer is Strategy Lead and Counsel to the World Wide Web Consortium (W3C) at MIT, improving the Web's security, availability, and interoperability through standards. As a Fellow with Harvard's Berkman Klein Center for Internet & Society, Wendy founded the Lumen Project (formerly Chilling Effects Clearinghouse), the web's pioneering transparency report to measure the impact of legal takedown demands online. She seeks to improve technology policy in support of user-driven innovation and secure communication.


friends-of-tor-jonJon Callas is a cryptographer, software engineer, user experience designer, and entrepreneur. Jon is the co-author of many crypto and security systems including OpenPGP, DKIM, ZRTP, Skein, and Threefish. Jon has co-founded several startups including PGP, Silent Circle, and Blackphone. Jon has worked on security, user experience, and encryption for Apple, Kroll-O'Gara, Counterpane, and Entrust. Before coming to the EFF, Jon was a technologist in the ACLU's Speech, Privacy, and Technology Project on issues including surveillance, encryption, machine learning, end-user security, and privacy. Jon is fond of Leica cameras, Morgan sports cars, and Birman cats. Jon's photographs have been used by Wired, CBS News, and The Guggenheim Museum.


friends-of-tor-rabbi-robRabbi Rob Thomas is the founder and CEO of Team Cymru, and a member of the early generation of network defenders. He has worked at IBM, Sun, and Cisco, among others. During his career, Rabbi Rob has been a Unix kernel developer, ISP backbone engineer, security architect, and an adjunct professor. He was also the first individual member of FIRST (the Forum of Incident Response and Security Teams). Rabbi Rob took his first C programming class at age 12, and has been addicted to technology ever since. He and Team Cymru are long-time fans and supporters of the Tor Project.


friends-of-tor-anonWe would also like to thank our dearest anonymous donors who collaborated to create this fund. This spot is dedicated to them as a small recognition of their support. As the Tor community knows, anonymity loves company, so why not join our anonymous donors and make a contribution, too? With their matching donation, your contribution has the double the impact.

 


Thank you to the generous Friends of Tor, and to all of our supporters! Please make your gift today, and your donation will be matched 1:1.

...
@blog November 2, 2020 - 18:42 • 24 days ago
New Release: Tor Browser 10.0.3 (Android Only)
New Release: Tor Browser 10.0.3 (Android Only) sysrqb November 02, 2020

After many months of design and development we are very happy to announce the release of Tor Browser 10.0.3 for Android. This is the first Android Tor Browser version in the stable 10.0 series. The Desktop version was released at the end of September. We began working on this project in April 2020 with the goal of rebuilding the Android Tor Browser on top of Mozilla's new Android Firefox Browser, Fenix. Over the last six months, we successfully achieved this goal and we reached feature parity with the previous Android Tor Browser version.

Tor Browser for Android 10 - Security Settings

This version is now available from the Tor Browser download page and also from our distribution directory.

Tor Browser 10.0.3 is based on Fenix 82.1.1, and upgrades Go to 1.14.10, NoScript to 1.1.4, OpenSSL to 1.1.1h, and Tor to 0.4.4.5. This release includes important security updates to Firefox.

Having achieved feature-parity with the previous Tor Browser for Android, we will continue working on closing the gap with Tor Browser for Desktop. That includes implementing the "Circuit Display" and "New Identity" features, as well as supporting the Onion-Location header and short ".tor.onion" URLs, among others. Stay tuned!

Tor Browser for Android 10 - Use Bridges

Over the last four months we adjusted our toolchains, finished our proxy audits, re-implemented the user interfaces, solved numerous build reproducibility bugs, and fixed a lot of issues we encountered due to the switch from Firefox 68esr to Fenix.

Give Feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know. Thanks to all of the teams across Tor, and the many volunteers, who contributed to this release.

Full Changelog

The full changelog since Tor Browser 9.5.4 is:

  • Android
    • Update Fenix to 82.1.1
    • Update NoScript to 11.1.4
    • Update OpenSSL to 1.1.1h
    • Update Tor to 0.4.4.5
    • Bug 10394: Let Tor Browser update HTTPS Everywhere
    • Bug 11154: Disable TLS 1.0 (and 1.1) by default
    • Bug 16931: Sanitize the add-on blocklist update URL
    • Bug 17374: Disable 1024-DH Encryption by default
    • Bug 21601: Remove unused media.webaudio.enabled pref
    • Bug 30682: Disable Intermediate CA Preloading
    • Bug 30812: Exempt about: pages from Resist Fingerprinting
    • Bug 32886: Separate treatment of @media interaction features for desktop and android
    • Bug 33534: Review FF release notes from FF69 to latest (FF78)
    • Bug 33594: Disable telemetry collection (Glean)
    • Bug 33851: Patch out Parental Controls detection and logging
    • Bug 33856: Set browser.privatebrowsing.forceMediaMemoryCache to True
    • Bug 33862: Fix usages of createTransport API
    • Bug 33962: Uplift patch for bug 5741 (dns leak protection)
    • Bug 34125: API change in protocolProxyService.registerChannelFilter
    • Bug 34338: Disable the crash reporter
    • Bug 34377: Port padlock states for .onion services
    • Bug 34378: Port external helper app prompting
    • Bug 34401: Re-design Connect screen on Android
    • Bug 34402: Re-design Network Settings Screen on Android
    • Bug 34403: UI changes for "Only Private Browsing Mode" on Android
    • Bug 34405: Re-design about:tor on Android
    • Bug 34406: Re-design onion indicators for Android
    • Bug 34407: Review all Fenix menu items
    • Bug 30605: Honor privacy.spoof_english
    • Bug 40001: Start Tor as part of the Fenix initialization
    • Bug 40001: Generate tor-browser-brand.ftl when importing translations
    • Bug 40002: Ensure system download manager is not used
    • Bug 40002: Fix generateNSGetFactory being moved to ComponentUtils
    • Bug 40003: Adapt code for L10nRegistry API changes
    • Bug 40003: Block starting Tor when setup is not complete
    • Bug 40004: "Tor Browser" string is used instead of "Alpha"/"Nightly" for non en-US locales
    • Bug 40004: Fix noscript message passing for Firefox 79
    • Bug 40005: Modify WebExtensions Menu
    • Bug 40006: "Only Private Browsing Mode" on Android
    • Bug 40006: Add Security Level plumbing
    • Bug 40007: Port external helper app prompting
    • Bug 40007: Move SecurityPrefs initialization to the StartupObserver component
    • Bug 40008: Style fixes for 78
    • Bug 40009: Change the default search engines
    • Bug 40010: Verify Sentry is disabled
    • Bug 40011: Verify Leanplum is disabled
    • Bug 40011: Hide option for disallowing addons in private mode
    • Bug 40012: Verify Adjust is disabled
    • Bug 40013: Timestamp is embedded in extension manifest files
    • Bug 40013: Verify InstallReferrer is disabled
    • Bug 40014: Verify Google Ads ID is disabled
    • Bug 40014: Set correct default Security Level
    • Bug 40015: Modify Fenix Home Menu
    • Bug 40016: Modify Fenix Settings Menu
    • Bug 40016: Allow inheriting from AddonCollectionProvider
    • Bug 40017: Rebase android-components patches to 60
    • Bug 40017: Audit Firefox 68-78 diff for proxy issues
    • Bug 40018: Disable Push functionality
    • Bug 40019: Ensure missing Adjust token does not throw an exception
    • Bug 40019: Expose spoofEnglish pref
    • Bug 40020: Disable third-party cookies
    • Bug 40021: Force telemetry=false in Fennec settings migration
    • Bug 40022: Migrate tor security settings
    • Bug 40023: Stop Private Notification Service
    • Bug 40023: Rebase Tor Browser esr78 patches onto 80 beta
    • Bug 40024: Disable tracking protection by default
    • Bug 40026: Implement Security Level settings
    • Bug 40028: Implement bootstrapping and about:tor
    • Bug 40029: Rebase Fenix patches to 81.1.0b1
    • Bug 40030: Install https-everywhere and noscript addons
    • Bug 40031: Hide Mozilla-specific items on About page
    • Bug 40032: Disallow Cleartext Traffic
    • Bug 40034: Disable PWA
    • Bug 40035: Maybe hide Quick Start in release
    • Bug 40038: Review RemoteSettings for ESR 78
    • Bug 40039: Implement Bridge configuration from Connect screen
    • Bug 40040: Investigate why bootstrapping fails
    • Bug 40041: Implement Network settings
    • Bug 40042: Timestamp is embedded in extension manifest files
    • Bug 40044: Fixup Connect, Onboarding, and Home screens
    • Bug 40048: Disable various ESR78 features via prefs
    • Bug 40050: Rebase Fenix patches to Fenix 82
    • Bug 40053: Select your security settings panel on start page is confusing
    • Bug 40054: Search engines on mobile Tor Browser don't match the desktop ones
    • Bug 40058: Disabling/Enabling addon still shows option to disallow in private mode
    • Bug 40058: Hide option for disallowing addon in private mode
    • Bug 40061: Do not show "Send to device" in sharing menu
    • Bug 40062: HTTPS Everywhere is not shown as installed
    • Bug 40063: Do not sort search engines alphabetically
    • Bug 40064: Modify Nighty (and Debug) build variants
    • Bug 40066: Remove default bridge 37.218.240.34
    • Bug 40066: Update existing prefs for ESR 78
    • Bug 40067: Make date on Fenix about page reproducible
    • Bug 40068: Tor Service closes when changing theme
    • Bug 40069: Add helpers for message passing with extensions
    • Bug 40071: Show only supported locales
    • Bug 40072: Bug 40072: Disable Tracking Protection
    • Bug 40073: Use correct branding on About page
    • Bug 40073: Repack omni.ja to include builtin HTTPS Everywhere
    • Bug 40073: Disable remote Public Suffix List fetching
    • Bug 40076: "Explore privately" not visible
    • Bug 40078: Crash at Android startup from background service
    • Bug 40082: Security level is reset when the app is killed
    • Bug 40082: Let JavaScript on safest setting handled by NoScript again
    • Bug 40083: Locale ordering in BuildConfig is non-deterministic
    • Bug 40087: Implement a switch for english locale spoofing
    • Bug 40088: Use Tor Browser logo in migration screen
    • Bug 40091: Load HTTPS Everywhere as a builtin addon
    • Bug 40093: Enable Quit menu button
    • Bug 40094: Do not use MasterPasswordTipProvider in HomeFragment
    • Bug 40095: Hide "Sign in to sync" in bookmarks
    • Bug 40095: Review Mozilla developer notes for 79-81 (including)
    • Bug 40096: Review closed Mozilla bugs between 79-81 (inclusive) for GeckoView
    • Bug 40097: Rebase browser patches to 81.0b1
    • Bug 40097: Bump allowed_addons.json
    • Bug 40098: Implement EOY home screen
    • Bug 40100: Resolve startup crashes in debug build
    • Bug 40112: Check that caching stylesheets per document group adheres to FPI
    • Bug 40119: Update Fenix dependencies for 81.1.2
    • Bug 40125: Geckoview: Expose security level interface
    • Bug 40133: Rebase tor-browser patches to 82.0b1
    • Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots
    • Bug 40172: Security UI not updated for non-https .onion pages in Fenix
    • Bug 40173: Initialize security_slider in GeckoView at 4
    • Bug 40198: Expose privacy.spoof_english pref
    • Bug 40199: Avoid using system locale for intl.accept_languages
    • Translations update
  • Build System
    • Android
      • Update Go to 1.14.10
      • Bug 33556: Add TBB project for android-components
      • Bug 33557: Update Android toolchain for Fenix
      • Bug 33558: Update tor-onion-proxy-library to use toolchain for Fenix
      • Bug 33559: Update tor-android-service to use toolchain for Fenix
      • Bug 33561: Update OpenSSL to use Android NDK 20
      • Bug 33563: Update Tor to use Android NDK 20
      • Bug 33564: Update ZSTD to use Android NDK 20
      • Bug 33626: Add project for GeckoView
      • Bug 33670: Update rbm.conf to match NDK 20
      • Bug 33801: Update Go project to use new Android toolchain
      • Bug 33833: Update Rust project to use Android NDK 20
      • Bug 33927: Add tor-browser-build project for fenix
      • Bug 33935: Fenix's classes5.dex files are not reproducible
      • Bug 33973: Create fat .aar for GeckoView
      • Bug 34011: Bump clang to 9.0.1
      • Bug 34012: Bump cbindgen to 0.14.3
      • Bug 34013: Bump Node to 10.21.0
      • Bug 34014: Enable sqlite3 support in Python
      • Bug 34101: Add tor-browser-build project for application-services
      • Bug 34163: testbuild target is broken for Tor Browser 64 bit
      • Bug 34187: Update zlib to use Android NDK 20
      • Bug 34360: Bump binutils version to 2.35.1
      • Bug 40010: Add nss project for application-services
      • Bug 40011: Add sqlcipher for application-services
      • Bug 40029: Clean-up all projects to remove fennec bits we don't need for fenix
      • Bug 40031: Add licenses for kcp-go and smux.
      • Bug 40039: Remove version_path in nss project
      • Bug 40040: Wire geckoview, application-services, android-components, and fenix together
      • Bug 40054: Adapt build.android script in tor-browser project for fenix
      • Bug 40055: Integrate building Glean in offline mode
      • Bug 40057: Include translations into build process in the fenix world
      • Bug 40058: Build Fenix with tor-android-service and tor-onion-proxy-library
      • Bug 40060: Set Fenix Version Name in build
      • Bug 40061: Remove Android SDK 28
      • Bug 40065: Bump debootstrap-image ubuntu_version to 20.04.1
      • Bug 40068: Bump versions for Fenix 81.1.0b1 dependencies
      • Bug 40072: Tor libraries are missing in final .apk after switch to 81.1.0b1
      • Bug 40076: Use our android-components repo on GitLab
      • Bug 40078: Bump Gradle version for Fenix to 6.5.1
      • Bug 40084: Generation of AndroidManifest.xml is not reproducible
      • Bug 40085+40086: classes.dex files are not reproducible in Fenix
      • Bug 40087: Deterministically add HTTPS Everywhere into omni.ja
      • Bug 40088+40117: Use MOZ_BUILD_DATE for extension manifest timestamps
      • Bug 40093: Ensure application-services libs do not include libc networking symbols
      • Bug 40094: Aarch64 fenix rust cross-compilation fails
      • Bug 40095: The pattern for the apk variable in build.android is matching too much
      • Bug 40097: Update toolchain for Fenix 82
      • Bug 40101: Pick up Fenix 81.1.1
      • Bug 40105: Enhance Gradle dependency script (sort deterministically and exclude .module files)
      • Bug 40106: Support using geckoview as well
      • Bug 40108: android-components does not bundle tooling-glean-gradle archive, only .pom file
      • Bug 40113: Nightly Android should use Nightly branding
      • Bug 40115: Update components for switch to mozilla82-based Fenix
      • Bug 40121: Use updated glean_parser for application-services as well
      • Bug 40124: Remove unused torbrowser-android-all (and related) targets
      • Bug 40125: Remove fenix-* projects
      • Bug 40129: application-services is missing rustc in PATH
      • Bug 40130: More mobile clean-up
...
@kushal November 2, 2020 - 04:20 • 25 days ago
Johnnycanencrypt 0.4.0 released

Last night I released 0.4.0 of johnnycanencrypt module for OpenPGP in Python. This release has one update in the creating new key API. Now, we can pass one single UID as a string, or multiple in a list, or even pass None to the key creation method. This means we can have User ID-less certificates, which sequoia-pgp allows.

I also managed to fix the bug so that users can use pip to install the latest release from https://pypi.org.

You will need the rust toolchain, I generally install from https://rustup.rs.

For Fedora

sudo dnf install nettle clang clang-devel nettle-devel python3-devel

For Debian/Ubuntu

sudo apt install -y python3-dev libnettle6 nettle-dev libhogweed4 python3-pip python3-venv clang

Remember to upgrade your pip version inside of the virtual environment if you are in Buster.

For macOS

Install nettle via brew.

Installing the package

❯ python3 -m pip install johnnycanencrypt
Collecting johnnycanencrypt
  Downloading https://files.pythonhosted.org/packages/50/98/53ae56eb208ebcc6288397a66cf8ac9af5de53b8bbae5fd27be7cd8bb9d7/johnnycanencrypt-0.4.0.tar.gz (128kB)
     |████████████████████████████████| 133kB 6.4MB/s
  Installing build dependencies ... done
  Getting requirements to build wheel ... done
    Preparing wheel metadata ... done
Building wheels for collected packages: johnnycanencrypt
  Building wheel for johnnycanencrypt (PEP 517) ... done
  Created wheel for johnnycanencrypt: filename=johnnycanencrypt-0.4.0-cp37-cp37m-macosx_10_7_x86_64.whl size=1586569 sha256=41ab04d3758479a063a6c42d07a15684beb21b1f305d2f8b02e820cb15853ae1
  Stored in directory: /Users/kdas/Library/Caches/pip/wheels/3f/63/03/8afa8176c89b9afefc11f48c3b3867cd6dcc82e865c310c90d
Successfully built johnnycanencrypt
Installing collected packages: johnnycanencrypt
Successfully installed johnnycanencrypt-0.4.0
WARNING: You are using pip version 19.2.3, however version 20.2.4 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.

Now, you can import the module inside of your virtual environment :)

Note: In the future, I may change the name of the module to something more meaningful :)

...
@blog November 1, 2020 - 21:49 • 25 days ago
New alpha release: Tor 0.4.5.1-alpha
New alpha release: Tor 0.4.5.1-alpha nickm November 01, 2020

There's a new alpha release available for download. If you build Tor from source, you can download the source code for Tor 0.4.5.1-alpha from the download page on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release some time this month, assuming we get #40172 figured out.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual. We'll be trying to put out putting out stable backport releases in the next week or so.

Tor 0.4.5.1-alpha is the first alpha release in the 0.4.5.x series. It improves support for IPv6, address discovery and self-testing, code metrics and tracing.

This release also fixes TROVE-2020-005, a security issue that could be used, under certain cases, by an adversary to observe traffic patterns on a limited number of circuits intended for a different relay. To mount this attack, the adversary would need to actively extend circuits to an incorrect address, as well as compromise a relay's legacy RSA-1024 key. We'll be backporting this fix to other release series soon, after it has had some testing.

Here are the changes since 0.4.4.5.

Changes in version 0.4.5.1-alpha - 2020-11-01

  • Major features (build):
    • When building Tor, first link all object files into a single static library. This may help with embedding Tor in other programs. Note that most Tor functions do not constitute a part of a stable or supported API: only those functions in tor_api.h should be used if embedding Tor. Closes ticket 40127.
  • Major features (metrics):
    • Introduce a new MetricsPort which exposes, through an HTTP interface, a series of metrics that tor collects at runtime. At the moment, the only supported output format is Prometheus data model. Closes ticket 40063. See the manual page for more information and security considerations.

 

  • Major features (relay, IPv6):
    • The torrc option Address now supports IPv6. This unifies our address discovery interface to support IPv4, IPv6, and hostnames. Closes ticket 33233.
    • Launch IPv4 and IPv6 ORPort self-test circuits on relays and bridges. Closes ticket 33222.
    • Relays now automatically bind on IPv6 for their ORPort, unless specified otherwise with the IPv4Only flag. Closes ticket 33246.
    • When a relay with IPv6 support is told to open a connection to another relay, and the extend cell lists both IPv4 and IPv6 addresses, the first relay now picks randomly which address to use. Closes ticket 33220.
    • Relays now track their IPv6 ORPort reachability separately from the reachability of their IPv4 ORPort. They will not publish a descriptor unless _both_ ports appear to be externally reachable. Closes ticket 34067.
  • Major features (tracing):
    • Add event-tracing library support for USDT and LTTng-UST, and a few tracepoints in the circuit subsystem. More will come incrementally. This feature is compiled out by default: it needs to be enabled at configure time. See documentation in doc/HACKING/Tracing.md. Closes ticket 32910.
  • Major bugfixes (security):
    • When completing a channel, relays now check more thoroughly to make sure that it matches any pending circuits before attaching those circuits. Previously, address correctness and Ed25519 identities were not checked in this case, but only when extending circuits on an existing channel. Fixes bug 40080; bugfix on 0.2.7.2-alpha. Resolves TROVE-2020-005.
  • Major bugfixes (TLS, buffer):
    • When attempting to read N bytes on a TLS connection, really try to read all N bytes. Previously, Tor would stop reading after the first TLS record, which can be smaller than the N bytes requested, and not check for more data until the next mainloop event. Fixes bug 40006; bugfix on 0.1.0.5-rc.
  • Minor features (address discovery):
    • If no Address statements are found, relays now prioritize guessing their address by looking at the local interface instead of the local hostname. If the interface address can't be found, the local hostname is used. Closes ticket 33238.
  • Minor features (admin tools):
    • Add a new --format argument to -key-expiration option to allow specifying the time format of the expiration date. Adds Unix timestamp format support. Patch by Daniel Pinto. Closes ticket 30045.
  • Minor features (bootstrap reporting):
    • When reporting bootstrapping status on a relay, do not consider connections that have never been the target of an origin circuit. Previously, all connection failures were treated as potential bootstrapping failures, including connections that had been opened because of client requests. Closes ticket 25061.
  • Minor features (build):
    • When running the configure script, try to detect version mismatches between the OpenSSL headers and libraries, and suggest that the user should try "--with-openssl-dir". Closes 40138.
    • If the configure script has given any warnings, remind the user about them at the end of the script. Related to 40138.
  • Minor features (configuration):
    • Allow using wildcards (* and ?) with the %include option on configuration files. Closes ticket 25140. Patch by Daniel Pinto.
    • Allow the configuration options EntryNodes, ExcludeNodes, ExcludeExitNodes, ExitNodes, MiddleNodes, HSLayer2Nodes and HSLayer3Nodes to be specified multiple times. Closes ticket 28361. Patch by Daniel Pinto.
  • Minor features (control port):
    • Add a DROPTIMEOUTS command to drop circuit build timeout history and reset the current timeout. Closes ticket 40002.
    • When a stream enters the AP_CONN_STATE_CONTROLLER_WAIT status, send a control port event. Closes ticket 32190. Patch by Neel Chauhan.
    • Introduce GETINFO "stats/ntor/{assigned/requested}" and "stats/tap/{assigned/requested}" to get the NTor and TAP circuit onion handshake counts respectively. Closes ticket 28279. Patch by Neel Chauhan.
  • Minor features (control port, IPv6):
    • Tor relays now try to report to the controller when they are launching an IPv6 self-test. Closes ticket 34068.
    • Introduce "GETINFO address/v4" and "GETINFO address/v6" in the control port to fetch the Tor host's respective IPv4 or IPv6 address. We keep "GETINFO address" for backwards-compatibility. Closes ticket 40039. Patch by Neel Chauhan.
  • Minor features (directory authorities):
    • Authorities now list a different set of protocols as required and recommended. These lists have been chosen so that only truly recommended and/or required protocols are included, and so that clients using 0.2.9 or later will continue to work (even though they are not supported), whereas only relays running 0.3.5 or later will meet the requirements. Closes ticket 40162.
    • Add a new consensus method 30 that removes the unnecessary "=" padding from ntor-onion-key. Closes ticket 7869. Patch by Daniel Pinto.
    • Directory authorities now reject descriptors from relays running Tor versions from the obsolete 0.4.1 series. Resolves ticket 34357. Patch by Neel Chauhan.
    • Make it possible to specify multiple ConsensusParams torrc lines. Now directory authority operators can for example put the main ConsensusParams config in one torrc file and then add to it from a different torrc file. Closes ticket 40164.
    • The AssumeReachable option no longer stops directory authorities from checking whether other relays are running. A new AuthDirTestReachability option can be used to disable these checks. Closes ticket 34445.
    • When looking for possible Sybil attacks, also consider IPv6 addresses. Two routers are considered to have "the same" address by this metric if they are in the same /64 network. Patch from Maurice Pibouin. Closes ticket 7193.
  • Minor features (directory authorities, IPv6):
    • Make authorities add their IPv6 ORPort (if any) to the trusted servers list. Authorities previously added only their IPv4 addresses. Closes ticket 32822.
  • Minor features (ed25519, relay):
    • Save a relay's base64-encoded ed25519 identity key to the data directory in a file named fingerprint-ed25519. Closes ticket 30642. Patch by Neel Chauhan.
  • Minor features (heartbeat):
    • Include the total number of inbound and outbound IPv4 and IPv6 connections in the heartbeat message. Closes ticket 29113.
  • Minor features (IPv6, ExcludeNodes):
    • Handle IPv6 addresses in ExcludeNodes; previously they were ignored. Closes ticket 34065. Patch by Neel Chauhan.
  • Minor features (logging):
    • Add the running glibc version to the log, and the compiled glibc version to the library list returned when using --library-versions. Patch from Daniel Pinto. Closes ticket 40047.
    • Consider an HTTP 301 response to be an error (like a 404) when processing a directory response. Closes ticket 40053.
    • Log directory fetch statistics as a single line. Closes ticket 40159.
    • Provide more complete descriptions of our connections when logging about them. Closes ticket 40041.
    • When describing a relay in the logs, we now include its ed25519 identity. Closes ticket 22668.
  • Minor features (onion services):
    • Only overwrite an onion service's existing hostname file if its contents are wrong. This enables read-only onion-service directories. Resolves ticket 40062. Patch by Neel Chauhan.
  • Minor features (pluggable transports):
    • Add an OutboundBindAddressPT option to allow users to specify which IPv4 and IPv6 address pluggable transports should use for outgoing IP packets. Tor does not have a way to enforce that the pluggable transport honors this option, so each pluggable transport needs to implement support on its own. Closes ticket 5304.
  • Minor features (relay address tracking):
    • We now store relay addresses for OR connections in a more logical way. Previously we would sometimes overwrite the actual address of a connection with a "canonical address", and then store the "real address" elsewhere to remember it. We now track the "canonical address" elsewhere for the cases where we need it, and leave the connection's address alone. Closes ticket 33898.
  • Minor features (relay):
    • If a relay is unable to discover its address, attempt to learn it from the NETINFO cell. Closes ticket 40022.
    • Log immediately when launching a relay self-check. Previously we would try to log before launching checks, or approximately when we intended to launch checks, but this tended to be error-prone. Closes ticket 34137.
  • Minor features (relay, address discovery):
    • If Address option is not found in torrc, attempt to learn our address with the configured ORPort address if any. Closes ticket 33236.
  • Minor features (relay, IPv6):
    • Add an AssumeReachableIPv6 option to disable self-checking IPv6 reachability. Closes part of ticket 33224.
    • Add new "assume-reachable" and "assume-reachable-ipv6" consensus parameters to be used in an emergency to tell relays that they should publish even if they cannot complete their ORPort self- checks. Closes ticket 34064 and part of 33224.
    • Allow relays to send IPv6-only extend cells. Closes ticket 33222.
    • Declare support for the Relay=3 subprotocol version. Closes ticket 33226.
    • When launching IPv6 ORPort self-test circuits, make sure that the second-last hop can initiate an IPv6 extend. Closes ticket 33222.
  • Minor features (specification update):
    • Several fields in microdescriptors, router descriptors, and consensus documents that were formerly optional are now required. Implements proposal 315; closes ticket 40132.
  • Minor features (state management):
    • When loading the state file, remove entries from the statefile that have been obsolete for a long time. Ordinarily Tor preserves unrecognized entries in order to keep forward-compatibility, but these entries have not actually been used in any release since before 0.3.5.x. Closes ticket 40137.
  • Minor features (statistics, ipv6):
    • Relays now publish IPv6-specific counts of single-direction versus bidirectional relay connections. Closes ticket 33264.
    • Relays now publish their IPv6 read and write statistics over time, if statistics are enabled. Closes ticket 33263.
  • Minor features (subprotocol versions):
    • Tor no longer allows subprotocol versions larger than 63. Previously version numbers up to UINT32_MAX were allowed, which significantly complicated our code. Implements proposal 318; closes ticket 40133.
    • Use the new limitations on subprotocol versions due to proposal 318 to simplify our implementation. Part of ticket 40133.
  • Minor features (testing configuration):
    • The TestingTorNetwork option no longer implicitly sets AssumeReachable to 1. This change allows us to test relays' self- testing mechanisms, and to test authorities' relay-testing functionality. Closes ticket 34446.
  • Minor features (testing):
    • Added unit tests for channel_matches_target_addr_for_extend(). Closes Ticket 33919. Patch by MrSquanchee.
  • Minor features (tests, v2 onion services):
    • Fix a rendezvous cache unit test that was triggering an underflow on the global rend cache allocation. Fixes bug 40125; bugfix on 0.2.8.1-alpha.
    • Fix another rendezvous cache unit test that was triggering an underflow on the global rend cache allocation. Fixes bug 40126; bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (circuit padding):
    • When circpad_send_padding_cell_for_callback is called, `is_padding_timer_scheduled` flag was not reset. Now it is set to 0 at the top of that function. Fixes bug 32671; bugfix on 0.4.0.1-alpha.
    • Add a per-circuit padding machine instance counter, so we can differentiate between shutdown requests for old machines on a circuit. Fixes bug 30992; bugfix on 0.4.1.1-alpha.
    • Add the ability to keep circuit padding machines if they match a set of circuit states or purposes. This allows us to have machines that start up under some conditions but don't shut down under others. We now use this mask to avoid starting up introduction circuit padding again after the machines have already completed. Fixes bug 32040; bugfix on 0.4.1.1-alpha.
  • Minor bugfixes (compatibility):
    • Strip '\r' characters when reading text files on Unix platforms. This should resolve an issue where a relay operator migrates a relay from Windows to Unix, but does not change the line ending of Tor's various state files to match the platform, and the CRLF line endings from Windows end up leaking into other files such as the extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5.
  • Minor bugfixes (compilation):
    • Fix compiler warnings that would occur when building with "--enable-all-bugs-are-fatal" and "--disable-module-relay" at the same time. Fixes bug 40129; bugfix on 0.4.4.1-alpha.
    • Resolve a compilation warning that could occur in test_connection.c. Fixes bug 40113; bugfix on 0.2.9.3-alpha.
  • Minor bugfixes (configuration):
    • Fix bug where %including a pattern ending with */ would include files and folders (instead of folders only) in versions of glibc < 2.19. Fixes bug 40141; bugfix on 0.4.5.0-alpha-dev. Patch by Daniel Pinto.
  • Minor bugfixes (control port):
    • Make sure we send the SOCKS request address in relay begin cells when a stream is attached with the purpose CIRCUIT_PURPOSE_CONTROLLER. Fixes bug 33124; bugfix on 0.0.5. Patch by Neel Chauhan.
  • Minor bugfixes (logging):
    • Remove a debug logging statement that uselessly spammed the logs. Fixes bug 40135; bugfix on 0.3.5.0-alpha.
    • When logging a rate-limited message about how many messages have been suppressed in the last N seconds, give an accurate value for N, rounded up to the nearest minute. Previously we would report the size of the rate-limiting interval, regardless of when the messages started to occur. Fixes bug 19431; bugfix on 0.2.2.16-alpha.
  • Minor bugfixes (relay configuration, crash):
    • Avoid a fatal assert() when failing to create a listener connection for an address that was in use. Fixes bug 40073; bugfix on 0.3.5.1-alpha.
  • Minor bugfixes (rust, protocol versions):
    • Declare support for the onion service introduction point denial of service extensions when building with Rust. Fixes bug 34248; bugfix on 0.4.2.1-alpha.
    • Make Rust protocol version support checks consistent with the undocumented error behavior of the corresponding C code. Fixes bug 34251; bugfix on 0.3.3.5-rc.
  • Minor bugfixes (self-testing):
    • When receiving an incoming circuit, only accept it as evidence that we are reachable if the declared address of its channel is the same address we think that we have. Otherwise, it could be evidence that we're reachable on some other address. Fixes bug 20165; bugfix on 0.1.0.1-rc.
  • Minor bugfixes (spec conformance):
    • Use the correct key type when generating signing->link certificates. Fixes bug 40124; bugfix on 0.2.7.2-alpha.
  • Minor bugfixes (subprotocol versions):
    • Consistently reject extra commas, instead of only rejecting leading commas. Fixes bug 27194; bugfix on 0.2.9.4-alpha.
    • In summarize_protover_flags(), treat empty strings the same as NULL. This prevents protocols_known from being set. Previously, we treated empty strings as normal strings, which led to protocols_known being set. Fixes bug 34232; bugfix on 0.3.3.2-alpha. Patch by Neel Chauhan.
  • Minor bugfixes (v2 onion services):
    • For HSFETCH commands on v2 onion services addresses, check the length of bytes decoded, not the base32 length. Fixes bug 34400; bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan.
  • Code simplification and refactoring:
    • Add and use a set of functions to perform down-casts on constant connection and channel pointers. Closes ticket 40046.
    • Refactor our code that logs descriptions of connections, channels, and the peers on them, to use a single call path. This change enables us to refactor the data types that they use, and eliminates many confusing usages of those types. Closes ticket 40041.
    • Refactor some common node selection code into a single function. Closes ticket 34200.
    • Remove the now-redundant 'outbuf_flushlen' field from our connection type. It was previously used for an older version of our rate-limiting logic. Closes ticket 33097.
    • Rename "fascist_firewall_*" identifiers to "reachable_addr_*" instead, for consistency with other code. Closes ticket 18106.
    • Rename functions about "advertised" ports which are not in fact guaranteed to return the ports that have been advertised. Closes ticket 40055.
    • Split implementation of several command line options from options_init_from_torrc into smaller isolated functions. Patch by Daniel Pinto. Closes ticket 40102.
    • When an extend cell is missing an IPv4 or IPv6 address, fill in the address from the extend info. This is similar to what was done in ticket 33633 for ed25519 keys. Closes ticket 33816. Patch by Neel Chauhan.
  • Deprecated features:
    • The "non-builtin" argument to the "--dump-config" command is now deprecated. When it works, it behaves the same as "short", which you should use instead. Closes ticket 33398.
  • Documentation:
    • Replace URLs from our old bugtracker so that they refer to the new bugtracker and wiki. Closes ticket 40101.
  • Removed features:
    • We no longer ship or build a "tor.service" file for use with systemd. No distribution included this script unmodified, and we don't have the expertise ourselves to maintain this in a way that all the various systemd-based distributions can use. Closes ticket 30797.
    • We no longer ship support for the Android logging API. Modern versions of Android can use the syslog API instead. Closes ticket 32181.
    • The "optimistic data" feature is now always on; there is no longer an option to disable it from the torrc file or from the consensus directory. Closes part of 40139.
    • The "usecreatefast" network parameter is now removed; there is no longer an option for authorities to turn it off. Closes part of 40139.
  • Testing:
    • Add unit tests for bandwidth statistics manipulation functions. Closes ticket 33812. Patch by MrSquanchee.
  • Code simplification and refactoring (autoconf):
    • Remove autoconf checks for unused funcs and headers. Closes ticket 31699; Patch by @bduszel
  • Code simplification and refactoring (maintainer scripts):
    • Disable by default the pre-commit hook. Use the environment variable TOR_EXTRA_PRE_COMMIT_CHECKS in order to run it. Furthermore, stop running practracker in the pre-commit hook and make check-local. Closes ticket 40019.
  • Code simplification and refactoring (relay address):
    • Most of IPv4 representation was using "uint32_t". It has now been moved to use the internal "tor_addr_t" interface instead. This is so we can properly integrate IPv6 along IPv4 with common interfaces. Closes ticket 40043.
  • Documentation (manual page):
    • Move them from doc/ to doc/man/. Closes ticket 40044.
    • Describe the status of the "Sandbox" option more accurately. It is no longer "experimental", but it _is_ dependent on kernel and libc versions. Closes ticket 23378.
  • Documentation (tracing):
    • Document in depth the circuit subsystem trace events in the new doc/tracing/EventsCircuit.md. Closes ticket 40036.
...
@kushal November 1, 2020 - 04:18 • 26 days ago
High load average while package building on Fedora 33

Enabling Link time optimization (LTO) with rpmbuild is one of the new features of Fedora 33. I read the changeset page once and went back only after I did the Tor package builds locally.

While building the package, I noticed that suddenly there are many processes with /usr/libexec/gcc/x86_64-redhat-linux/10/lto1 and my load average reached 55+. Here is a screenshot I managed to take in between.

high load average

...
@kushal October 31, 2020 - 05:15 • 27 days ago
Alembic migration errors on SQLite

We use SQLite3 as the database in SecureDrop. We use SQLAlchemy to talk the database and Alembic for migrations. Some of those migrations are written by hand.

Most of my work time in the last month went to getting things ready for Ubuntu Focal 20.04. We currently use Ubuntu Xenial 16.04. During this, I noticed 17 test failures related to the Alembic on Focal but works fine on Xenial. After digging a bit more, these are due to the missing reference to temporary tables we used during migrations. With some more digging, I found this entry on the SQLite website:

Compatibility Note: The behavior of ALTER TABLE when renaming a table was enhanced in versions 3.25.0 (2018-09-15) and 3.26.0 (2018-12-01) in order to carry the rename operation forward into triggers and views that reference the renamed table. This is considered an improvement. Applications that depend on the older (and arguably buggy) behavior can use the PRAGMA legacy_alter_table=ON statement or the SQLITE_DBCONFIG_LEGACY_ALTER_TABLE configuration parameter on sqlite3_db_config() interface to make ALTER TABLE RENAME behave as it did prior to version 3.25.0.

This is what causing the test failures as SQLite upgraded to 3.31.1 on Focal from 3.11.0 on Xenial.

According to the docs, we can fix the error by adding the following in the env.py.

diff --git a/securedrop/alembic/env.py b/securedrop/alembic/env.py
index c16d34a5a..d6bce65b5 100644
--- a/securedrop/alembic/env.py
+++ b/securedrop/alembic/env.py
@@ -5,6 +5,8 @@ import sys
 
 from alembic import context
 from sqlalchemy import engine_from_config, pool
+from sqlalchemy.engine import Engine
+from sqlalchemy import event
 from logging.config import fileConfig
 from os import path
 
@@ -16,6 +18,12 @@ fileConfig(config.config_file_name)
 sys.path.insert(0, path.realpath(path.join(path.dirname(__file__), '..')))
 from db import db  # noqa
 
+@event.listens_for(Engine, "connect")
+def set_sqlite_pragma(dbapi_connection, connection_record):
+    cursor = dbapi_connection.cursor()
+    cursor.execute("PRAGMA legacy_alter_table=ON")
+    cursor.close()
+
 try:
     # These imports are only needed for offline generation of automigrations.
     # Importing them in a prod-like environment breaks things.

Later, John found an even simpler way to do the same for only the migrations impacted.

...
@ooni October 30, 2020 - 00:00 • 28 days ago
Investigating Encrypted DNS Blocking in India
In October 2020, we collaborated with Divyank Katira and Gurshabad Grover, researchers at the Centre for Internet & Society, India, to implement and evaluate a new OONI experiment focused on detecting DNS censorship. This new OONI experiment, called dnscheck, focuses on detecting the blocking of encrypted DNS transports such as DNS over TLS and DNS over HTTPS. Its methodology improves upon the measurement methodology OONI previously used to measure DoT blocking in Iran. ...
@ooni October 28, 2020 - 00:00 • 1 months ago
Tanzania blocks social media (and Tor?) on election day
Starting from yesterday (27th October 2020) – on the eve of Tanzania’s 2020 general election – OONI measurements continue to show the ongoing blocking of social media (and of the Tor circumvention tool) in Tanzania. In this report, we share OONI data collected from Tanzania on these blocks, as well as relevant instructions for further OONI Probe testing. Methods Blocking of social media ...
@blog October 26, 2020 - 17:50 • 1 months ago
New Release: Tor Browser 10.0a9 (Android Only)
New Release: Tor Browser 10.0a9 (Android Only) sysrqb October 26, 2020

Android Tor Browser 10.0a9 is now available from the Tor Browser Alpha download page and also from our distribution directory.

Note: This is an alpha release, an experimental version for users who want to help us test new features. For everyone else, we recommend downloading the latest stable release instead.

We are happy to announce the second alpha version for Android users based on Fenix 82.

Tor Browser 10.0a9 ships with Fenix 82.1.1 (see Mozilla's blog post for more information about this new browser). As this is the second alpha version based on Fenix we expect more bugs than usual. Please report them (with steps to reproduce), either here or on Gitlab, or essentially with any other means that would reach us. We are in particular interested in potential proxy bypasses which our proxy audit missed. This version is expected to be the last alpha release before Tor Browser 10.0 is considered stable on Android.

The full changelog since Tor Browser 10.0a8 is:

  • Android
    • Update Fenix to 82.1.1
    • Update NoScript to 11.1.3
    • Update OpenSSL to 1.1.1h
    • Bug 30605: Honor privacy.spoof_english
    • Bug 40003: Block starting Tor when setup is not complete
    • Bug 40004: "Tor Browser" string is used instead of "Alpha"/"Nightly" for non en-US locales
    • Bug 40016: Allow inheriting from AddonCollectionProvider
    • Bug 40017: Rebase android-components patches to 60
    • Bug 40019: Expose spoofEnglish pref
    • Bug 40020: Disable third-party cookies
    • Bug 40021: Force telemetry=false in Fennec settings migration
    • Bug 40022: Migrate tor security settings
    • Bug 40023: Stop Private Notification Service
    • Bug 40024: Disable tracking protection by default
    • Bug 40050: Rebase Fenix patches to Fenix 82
    • Bug 40053: Select your security settings panel on start page is confusing
    • Bug 40058: Disabling/Enabling addon still shows option to disallow in private mode
    • Bug 40062: HTTPS Everywhere is not shown as installed
    • Bug 40068: Tor Service closes when changing theme
    • Bug 40071: Show only supported locales
    • Bug 40073: Use correct branding on About page
    • Bug 40076: "Explore privately" not visible
    • Bug 40078: Crash at Android startup from background service
    • Bug 40082: Security level is reset when the app is killed
    • Bug 40083: Locale ordering in BuildConfig is non-deterministic
    • Bug 40087: Implement a switch for english locale spoofing
    • Bug 40088: Use Tor Browser logo in migration screen
    • Bug 40094: Do not use MasterPasswordTipProvider in HomeFragment
    • Bug 40095: Hide "Sign in to sync" in bookmarks
    • Bug 40097: Bump allowed_addons.json
    • Bug 40133: Rebase tor-browser patches to 82.0b1
    • Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots
    • Bug 40198: Expose privacy.spoof_english pref
    • Bug 40199: Avoid using system locale for intl.accept_languages
    • Translations update
  • Build System
    • Android
      • Update Go to 1.14.10
      • Bug 34360: Bump binutils version to 2.35.1
      • Bug 40097: Update toolchain for Fenix 82
      • Bug 40108: Package tooling-glean-gradle archive, too
      • Bug 40115: Update components for switch to mozilla82-based Fenix
      • Bug 40121: Use updated glean_parser for application-services as well
      • Bug 40124: Remove unused torbrowser-android-all (and related) targets
      • Bug 40125: Remove fenix-* projects
      • Bug 40129: application-services is missing rustc in PATH
      • Bug 40130: More mobile clean-up
...
@kushal October 26, 2020 - 05:46 • 1 months ago
Running SecureDrop inside of podman containers on Fedora 33

Last week, while setting up a Fedora 33 system, I thought of running the SecureDrop development container there, but using podman instead of the Docker setup we have.

I tried to make minimal changes to our existing scripts. Added a ~/bin/docker file, with podman $@ inside (and the sha-bang line).

Next, I provided the proper label for SELinux:

sudo chcon -Rt container_file_t securedrop

The SecureDrop container runs as the normal user inside of the Docker container. I can not do the same here as the filesystem gets mounted as root, and I can not write in it. So, had to modify one line in the bash script, and also disabled another function call which deletes the /dev/random file inside of the container.

diff --git a/securedrop/bin/dev-shell b/securedrop/bin/dev-shell
index ef424bc01..37215b551 100755
--- a/securedrop/bin/dev-shell
+++ b/securedrop/bin/dev-shell
@@ -72,7 +72,7 @@ function docker_run() {
            -e LANG=C.UTF-8 \
            -e PAGE_LAYOUT_LOCALES \
            -e PATH \
-           --user "${USER:-root}" \
+           --user root \
            --volume "${TOPLEVEL}:${TOPLEVEL}" \
            --workdir "${TOPLEVEL}/securedrop" \
            --name "${SD_CONTAINER}" \
diff --git a/securedrop/bin/run b/securedrop/bin/run
index e82cc6320..0c11aa8db 100755
--- a/securedrop/bin/run
+++ b/securedrop/bin/run
@@ -9,7 +9,7 @@ cd "${REPOROOT}/securedrop"
 source "${BASH_SOURCE%/*}/dev-deps"
 
 run_redis &
-urandom
+#urandom
 run_sass --watch &
 maybe_create_config_py
 reset_demo

This time I felt that build time for verifying each cached layer is much longer than what it used to be for podman. Maybe I am just mistaken. The SecureDrop web application is working very fine inside.

Package build containers

We also use containers to build Debian packages. And those molecule scenarios were failing as ansible.posix.synchronize module could not sync to a podman container. I asked if there is anyway to do that, and by the time I woke up, Adam Miller had a branch that fixed the issue. I directly used the same in my virtual environment. The package build was successful. Then, the testinfra tests failed due as it could not create the temporary directory inside of the container. I already opened an issue for the same.

...
@atagar October 23, 2020 - 23:33 • 1 months ago
Status Report for October 2020

Happy election season, everyone! Isolation drove me to spend a week just reading the Constitution and surrounding case law. My favorite is the 27th amendment, ratified 202 years after it was proposed because a TA gave 19 year old Gregory Watson a bad grade. Civics is delightfully odd.

Vote


Has it really been three months since my last post? Pandemic malaise has weighed me down, but also my work hasn’t been terribly sexy…

Honestly since Shari’s departure I haven’t felt excited by anything at Tor. I should poke around some other communities to see what’s around.

...
@blog October 21, 2020 - 17:40 • 1 months ago
Use A Mask, Use Tor: Resist the Surveillance Pandemic
Use A Mask, Use Tor: Resist the Surveillance Pandemic Al Smith October 21, 2020

Update October 27: Limited-edition Tor masks are now available. Make a donation of $50 between now and December 31, 2020, and get yours.

tor-mask


As many friends and followers of Tor know by now, we spend the final weeks of each year asking for your help as part of our year-end fundraising campaign. This year hasn't been a normal year at all, not for Tor and not for the rest of the world. 

In many ways, 2020 has put the dangers of a centralized, surveillance-driven internet into even clearer focus. The pandemic has changed most of our lives dramatically. Many of us have shifted more of our work, socialization, shopping, medical care, and schooling online. We’ve seen governments and corporations roll out new surveillance technology, like tools to watch students while they take tests, tech to spy on workers, and contact tracing mechanisms that will change our world long after the pandemic is over.

In the face of this widespread hardship, people all around the world have also demonstrated enormous gestures of solidarity and mutual-aid, and millions of people have risen in defense of Black lives in the U.S. and around the world.

For our 2020 campaign, we wanted a theme that conveys a positive message and speaks to the power of this kind of community action. That’s why we decided on the theme Use a Mask, Use Tor. There is a lot of meaning and intention behind this slogan. Use a mask, use Tor promotes the positive steps we can all take to combat the virus by using masks. Wearing a mask protects others. Wearing a mask is about caring about each other, our community.

In the same way, when using Tor, you are not only protecting your identity and privacy online, but you are also helping to hide others who are using Tor. After all, anonymity loves company.  

To put it simply, using a mask keeps yourself and your communities safe in person. Using Tor keeps yourself and your communities safe online. Both tools help to conceal your identity, can break systems of surveillance, and their widespread use can promote the health of communities while undermining the power of systems bent on dividing us. Using a mask and using Tor helps us stand in solidarity with one another.

hoodie-and-t-shirt-use-a-mask-use-tor

Now is the time we ask you to stand with Tor. We believe it IS possible to resist the surveillance pandemic. Your support makes this mission a reality. In 2021, we are taking some big steps, including: 

  • Improving speed and user-perceptible performance on the Tor network, particularly for people who are connecting on mobile devices with slow connections and limited data. 
  • Providing more support to the relay operator community.
  • Bringing more censorship circumvention tools to mobile devices and making this experience more seamless for users.
  • Making it easier for any developer to embed Tor in their mobile app.
  • Continue our work in UX research, metrics, network health, onion services, and Tor Browser for desktop. 

The Tor Project is a 501(3) nonprofit, and your support at this time is critical for our success in the coming year. Use a mask, Use Tor. Donate today and fight the surveillance pandemic.

tor-donate-button-green-2020

Every donation made from now through the end of 2020 will count towards our year-end campaign. Be on the lookout for events, giveaways, and new merch available from now until December 31. And don’t forget: use a mask, use Tor.

...
@kushal October 21, 2020 - 06:34 • 1 months ago
Fixing errors on my blog's feed

For the last few weeks, my blog feed was not showing up in the Fedora Planet. While trying to figure out what is wrong, Nirik pointed me to the 4 errors in the feed according to the W3C validator. If you don't know, I use a self developed Rust application called khata for my static blog. This means I had to fix these errors.

  • Missing guid, just adding the guid to the feed items solved this.
  • Relative URLs, this had to be fixed via the pulldown_cmark parser.
  • Datetime error as error said "not RFC822" value. I am using chrono library, and was using to_rfc2822 call. Now, creating by hand with format RFC822 value.
  • There is still one open issue dependent on the upstream fix.

The changes are in the git. I am using a build from there. I will make a release after the final remaining issue is fixed.

Oh, I also noticed how bad the code looks now as I can understand Rust better :)

Also, the other Planets, like Python and Tor, are still working for my feed.

...
@blog October 21, 2020 - 04:13 • 1 months ago
New Release: Tor Browser 10.5a2
New Release: Tor Browser 10.5a2 sysrqb October 20, 2020

Tor Browser 10.5a2 for Desktop platforms is now available from the Tor Browser Alpha download page and also from our distribution directory.

Note: This is an alpha release, an experimental version for users who want to help us test new features. For everyone else, we recommend downloading the latest stable release instead.

Tor Browser 10.5a2 ships with Firefox 78.4.0esr, updates NoScript to 11.1.3, and OpenSSL to 1.1.1h. This release includes important security updates to Firefox.

Note: Tor Browser 10.5 does not support CentOS 6.

Note: We encountered updater issues for all alpha users that have been auto-updating the alpha series for months. We changed the accepted MAR channel ID to torbrowser-torproject-alpha as we are on an alpha channel. The assumption was that enough time passed since we changed it last time to torbrowser-torproject-release,torbrowser-torproject-alpha but it turns out that change did not get applied. Workaround: change the torbrowser-torproject-release in your update-settings.ini (in the Browser's code directory, which depends on you operating system) file to torbrowser-torproject-alpha and the update should get applied successfully. Alternatively, downloading a fresh alpha copy of Tor Browser works as well. Sorry for the inconvenience.

Note: Now Javascript on the Safest security level is governed by NoScript again. It was set as false when on Safest in 9.5a9. The javascript.enabled preference was reset to true beginning in Tor Browser 10.5a1 for everyone using Safest and you must re-set it as false if that is your preference.

The full changelog since Tor Browser 10.5a1 is:

  • Windows + OS X + Linux
    • Update Firefox to 78.4.0esr
    • Update NoScript to 11.1.3
    • Update OpenSSL to 1.1.1h
    • Update Tor Launcher to 0.2.26
      • Translations update
    • Bug 31767: Avoid using intl.locale.requested preference directly
    • Bug 33954: Consider different approach for Bug 2176
    • Bug 40011: Rename tor-browser-brand.ftl to brand.ftl
    • Bug 40012: Fix about:tor not loading some images in 82
    • Bug 40013: End of year 2020 Fundraising campaign
    • Bug 40016: Fix onion pattern for LTR locales
    • Bug 40139: Update Onboarding icon for 10.0
    • Bug 40148: Disable Picture-in-Picture until we investigate and possibly fix it
    • Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots
    • Bug 40192: Backport Mozilla Bug 1658881
    • Translations update
  • Windows
    • Bug 40140: Videos stop working with Tor Browser 10.0 on Windows
  • Build System
    • Windows + OS X + Linux
      • Update Go to 1.14.10
      • Bug 40104: Use our TMPDIR when creating our .mar files
    • Linux
      • Bug 40118: Add missing libdrm dev package to firefox container
    • Windows
...