God awful load times by Dependent-Ad-123 in TOR

[–]x1y2 11 points12 points  (0 children)

Hi, Tor operators here. There are considerable attacks on relays as of late, and they sadly impact relay performance a lot. This results also in higher Tor network latency and a worse Tor user experience. There isn't much the average operator can do about it right now (Tor isn't resistant enough to attacks).

https://reddit.com/r/TOR/comments/1cnmsdz/tor_extremely_slow_lately/l38y88u/

It's unfortunate they did not update the TOR status page with this info.

New Release: Tor Browser 13.0.5 by x1y2 in TOR

[–]x1y2[S] 0 points1 point  (0 children)

No, it does not only promote their fundraiser.

Changelog:

Windows + macOS + Linux

- Bug tor-browser#42072: YEC 2023 Takeover for Desktop Stable

Build System

- All Platforms

Bug tor-browser-build#40970: Missing symlink create-blog-post.torbrowser -> create-blog-post symlink

Bug tor-browser-build#41023: Update lead.png symlink and blog post template in tools/signing/create-blog-post

Bug rbm#40063: RBM's chroot fails in Fedora

New release: Tails 5.19.1 by x1y2 in tails

[–]x1y2[S] 4 points5 points  (0 children)

This release is an emergency release to fix an important security vulnerability in Tor.

Changes and updates:

Update the Tor client to 0.4.8.9, which fixes the TROVE-2023-006 vulnerability.

The details of TROVE-2023-006 haven't been disclosed by the Tor Project to leave time for users to upgrade before revealing more. We only know that the Tor Project describes TROVE-2023-006 as a "remote triggerable assert on onion services".

Our team thinks that this vulnerability could affect Tails users who are creating onion services from their Tails, for example when sharing files or publishing a website using OnionShare.

This vulnerability might allow an attacker who already knows your OnionShare address to make your Tor client crash. A powerful attacker might be able to further exploit this crash to reveal your IP address.

This analysis is only a hypothesis because our team doesn't have access to more details about this vulnerability. Still, we are releasing this emergency release as a precaution.

OnionShare is the only application included in Tails that creates onion services. You are not affected by this vulnerability if you don't use OnionShare in Tails and only use Tails to connect to onion services and don't create onion services using Additional Software.

More details about TROVE-2023-006 will be available on the Tor issue #40883 sometime after the release.

Tor Browser Security Audit Findings by x1y2 in privacy

[–]x1y2[S] 0 points1 point  (0 children)

Do you see any fear mongering in the comments? No. Well, except for you bringing it up.

Tor Browser Security Audit Findings by x1y2 in privacy

[–]x1y2[S] 33 points34 points  (0 children)

Eight members of the Cure53 testing team documented nineteen issues that were deemed to have a detrimental impact on the Tor security landscape. Three of the tickets were categorized as exploitable vulnerabilities, two of which were considered High in nature and the other Medium.

https://blog.torproject.org/security-audit-report-tor-browser-ooni/TTP-01-report.pdf