https://2014.rmll.info/conference311
lunar@torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-news
 
 
 
[x] semi-global passive adversaries
[x] traffic correlation attacks
[x] website fingerprinting
[x] guard nodes selection
[x] guard nodes and user fingerprinting
[x] hidden services enumeration
[x] more trusted encryption primitives
[x] attacks on applications and web browsers
[x] usability is security
[x] software updates
[x] botnets
[x] being targetted by the NSA
[x] filtering of Tor exit nodes
[x] key rotation strategies
[x] blocking access to the Tor network
 
 
 
History of onion routing and Tor:
http://www.acsac.org/2011/program/keynotes/syverson.pdf
 
Initial Tor design:
https://svn.torproject.org/svn/projects/design-paper/tor-design.pdf
 
Recap of changes since the original design of Tor:
https://blog.torproject.org/blog/top-changes-tor-2004-design-paper-part-1
https://blog.torproject.org/blog/top-changes-tor-2004-design-paper-part-2
https://blog.torproject.org/blog/top-changes-tor-2004-design-paper-part-3
 
If you have the time:
http://freehaven.net/anonbib/
https://www.petsymposium.org/2014/
 
About website fingerprinting:
https://blog.torproject.org/blog/experimental-defense-website-traffic-fingerprinting
https://blog.torproject.org/blog/critique-website-traffic-fingerprinting-attacks
http://cacr.uwaterloo.ca/techreports/2014/cacr2014-05.pdf
This year's GSoC by Marc Juarez-Miro:
https://lists.torproject.org/pipermail/tor-dev/2014-March/006435.html
 
About browser fingerprinting:
https://www.cosic.esat.kuleuven.be/fpdetective/
https://www.torproject.org/projects/torbrowser/design/
 
XKS rules:
http://daserste.ndr.de/panorama/xkeyscorerules100.txt
http://daserste.ndr.de/panorama/aktuell/nsa230_page-1.html
 
Growth:
(July 8th, 6:00 UTC)
#tor 437 users
#tor-dev 239 users
#tor-project 84 users
#nottor 211 users
https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
 
Lifecycle of a new relay:
https://blog.torproject.org/blog/lifecycle-of-a-new-relay
 
Guard selection:
https://blog.torproject.org/blog/research-problem-better-guard-rotation-parameters (2011)
http://freehaven.net/~arma/cogs-wpes.pdf
https://blog.torproject.org/blog/
Guard selection:
https://blog.torproject.org/blog/research-problem-better-guard-rotation-parameters (2011)
http://freehaven.net/~arma/cogs-wpes.pdf
https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters (2013)
https://www.petsymposium.org/2014/papers/Dingledine.pdf
 
improving-tors-anonymity-changing-guard-parameters (2013)
https://www.petsymposium.org/2014/papers/Dingledine.pdf
 
Guard fingerprinting:
https://trac.torproject.org/projects/tor/ticket/9273#comment:4
 
Diversity:
https://metrics.torproject.org/bubbles.html
 
Traffic corellation attacks:
https://blog.torproject.org/blog/one-cell-enough
http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf
https://web.engr.illinois.edu/~das17/tor-traceroute_v1.html
 
Botnets:
https://metrics.torproject.org/users.html
https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients
http://blogs.technet.com/b/mmpc/archive/2014/01/09/tackling-the-sefnit-botnet-tor-hazard.aspx
http://fc14.ifca.ai/papers/fc14_submission_152.pdf
 
Performance:
https://metrics.torproject.org/bandwidth.html
https://metrics.torproject.org/performance.html
 
Plain text over Tor is still plain text:
https://blog.torproject.org/blog/plaintext-over-tor-still-plaintext
https://www.eff.org/https-everywhere/
https://addons.mozilla.org/en-us/thunderbird/addon/torbirdy/
 
Tor being blocked:
https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor
OFTC!
http://paste.debian.net/
 
Privacy friendly statistics collection:
http://www.ifca.ai/pub/fc11/wecsr11/soghoian.pdf
http://cacr.uwaterloo.ca/techreports/2014/cacr2014-08.pdf
 
Usability is security:
http://users.encs.concordia.ca/~clark/papers/2007_soups.pdf
https://www.petsymposium.org/2012/papers/hotpets12-1-usability.pdf
https://www.internetsociety.org/sites/default/files/04_1-paper.pdf
https://www.torproject.org/projects/torbrowser.html
https://tails.boum.org/
 
Software updates:
http://theupdateframework.com/
https://trac.torproject.org/projects/tor/ticket/4234
 
Being targetted by the NSA:
https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise
https://blog.torproject.org/blog/deterministic-builds-part-two-technical-details
https://wiki.debian.org/ReproducibleBuilds
https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/101-dir-voting.txt
 
Key rotation strategy:
https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/231-migrate-authority-rsa1024-ids.txt
https://lists.torproject.org/pipermail/tor-news/2014-April/000041.html (second feature)
 
Hidden services improvements:
https://gnunet.org/sites/default/files/Trawling_for_tor_HS.pdf
https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/224-rend-spec-ng.txt
 
Better crypto:
https://lists.torproject.org/pipermail/tor-news/2013-September/000011.html (second feature)
https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/220-ecc-id-keys.txt
https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/231-migrate-authority-rsa1024-ids.txt
 
Attacks on applications and web browsers:
https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html
https://trac.torproject.org/projects/tor/ticket/5756
https://lists.torproject.org/pipermail/tor-qa/2014-June/000428.html
 
Blocking access to the Tor network:
https://www.torproject.org/docs/pluggable-transports.html
https://trac.torproject.org/projects/tor/wiki/doc/AChildsGardenOfPluggableTransports
https://ooni.torproject.org/
 
Semi-global passive adversaries:
http://www.syverson.org/entropist-final.pdf