Tor 0.2.2.33
An anonymous Internet communication system
Tor is a toolset for a wide range of organizations and people that want to be more safe and more secure on the Internet.
Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.
Your traffic is safer when you use Tor, because communications are bounced around a distributed network of servers, called onion routers. Instead of taking a direct route from source to destination, data packets on the Tor network take a random pathway through several servers that cover your tracks so no observer at any single point can tell where the data came from or where it’s going.
This makes it hard for recipients, observers, and even the onion routers themselves to figure out who and where you are. Tor’s technology aims to provide Internet users with protection against “traffic analysis,” a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security.
Traffic analysis is used every day by companies, governments, and individuals that want to keep track of where people and organizations go and what they do on the Internet. Instead of looking at the content of your communications, traffic analysis tracks where your data goes and when, as well as how much is sent.
For example, online advertising companies like Fastclick and Doubleclick use traffic analysis to record what web pages you’ve visited, and can build a profile of your interests from that. A pharmaceutical company could use traffic analysis to monitor when the research wing of a competitor visits its website, and track what pages or products that interest the competitor. IBM hosts a searchable patent index, and it could keep a list of every query your company makes. A stalker could use traffic analysis to learn whether you’re in a certain Internet cafe.
Tor aims to make traffic analysis more difficult by preventing eavesdroppers from finding out where your communications are going online, and by letting you decide whether to identify yourself when you communicate.
Tor’s security is improved as its user base grows and as more people volunteer to run servers. Please consider installing it and then helping out.
Part of the goal of the Tor project is to deploy a public testbed for experimenting with design trade-offs, to teach us how best to provide privacy online. We welcome research into the security of Tor and related anonymity systems, and want to hear about any vulnerabilities you find.
Tor is an important piece of building more safety, privacy, and anonymity online, but it is not a complete solution. And remember that this is development code-it’s not a good idea to rely on the current Tor network if you really need strong anonymity.
What’s New in This Release:
Major bugfixes:
· Avoid an assertion failure when reloading a configuration with TrackExitHosts changes. Found and fixed by ‘laruldan’. Fixes bug 3923; bugfix on 0.2.2.25-alpha.
Minor features (security):
· Check for replays of the public-key encrypted portion of an INTRODUCE1 cell, in addition to the current check for replays of the g^x value. This prevents a possible class of active attacks by an attacker who controls both an introduction point and a rendezvous point, and who uses the malleability of AES-CTR to alter the encrypted g^x portion of the INTRODUCE1 cell. We think that these attacks are infeasible (requiring the attacker to send on the order of zettabytes of altered cells in a short interval), but we’d rather block them off in case there are any classes of this attack that we missed. Reported by Willem Pinckaers.
Minor features:
· Adjust the expiration time on our SSL session certificates to better match SSL certs seen in the wild. Resolves ticket 4014.
· Change the de…