
Tor Browser 7.0a4 is released - remx
https://blog.torproject.org/blog/tor-browser-70a4-released
======
jjawssd
How do the Tor project developers continue the development of Tor without the
interference and corruption efforts of state level actors?

~~~
beardog
1\. Tor is open source. Any backdoor attempts in the source would require
careful hiding. Shutting down the Tor Project would just result in someone
else picking it up.

2\. The US Navy funded (maybe still does) Tor. Tor is useful for western
allies & spies

3\. Many of the developers live in western nations. While western nations like
the US do have intel agencies who are interested in messing with Tor, it
doesn't seem to have gotten to the point of shutting down the Tor Project or
directly attacking their infrastructure much if at all, especially since Tor
benefits the military as well.

~~~
secfirstmd
Yep. IIRC one of the Snowden documents even mentioned GCHQ and other
organisations using Tor for their own purposes.

~~~
jerheinze
> IIRC one of the Snowden documents even mentioned GCHQ and other
> organisations using Tor for their own purposes.

I think you're referring to this presentation about hidden services by the
GCHQ [1] where they state, 'Until then... Doesn't stop us from using them'

I wonder what they may have to say about the soon coming next-gen onion
services.

[1] : [https://www.eff.org/files/2015/01/26/20141228-speigel-
analyt...](https://www.eff.org/files/2015/01/26/20141228-speigel-
analytics_on_security_of_tor_hidden_services_0.pdf) (page 25)

------
libeclipse
Could someone more knowledgeable than me comment on what Selfrando is, how
it's useful, and how it works.

~~~
dublinben
I recommend reading the linked blog post about it. [0]

[0] [https://blog.torproject.org/blog/selfrando-q-and-georg-
koppe...](https://blog.torproject.org/blog/selfrando-q-and-georg-koppen)

There is also a research paper [1] and accompanying video [2].

[1] [https://people.torproject.org/~gk/misc/Selfrando-Tor-
Browser...](https://people.torproject.org/~gk/misc/Selfrando-Tor-Browser.pdf)

[2]
[https://www.youtube.com/watch?v=IikpczzNyas](https://www.youtube.com/watch?v=IikpczzNyas)

~~~
TazeTSchnitzel
tl;dr seems to be a more advanced form of ASLR?

~~~
notlambda
i think it's ASLR with more entropy by skimming through the paper, but most
exploits have read primitives or infoleaks anyways so i don't see how more
entropy affects them. If i am right it protects against attackers guessing the
ASLR slide, but that's very unreliable and no FBI grade exploit should ever do
that.

~~~
jerheinze
See "Real-world Exploits against the Tor Browser" pages 9-10 where they
conclude,

> The reason is that these function pointers are only accessed through an
> indirection layer, i.e., memory objects on the heap contain a pointer to a
> virtual table which is located in the code or data section of the
> application and contains a number of pointers to virtual functions. Since
> the attackers can only disclose the virtual table pointer, but not the
> virtual table itself, as it is not on the heap, they cannot disclose gadget
> addresses. Note that, when only ASLR is applied, the address of the virtual
> table is randomized with the same offset as the ROP gadgets. Therefore, such
> an attack can bypass ASLR but not selfrando.

> We therefore conclude that selfrando can thwart most real-world exploits.
> Attackers can only succeed in rare cases where they can disclose the
> complete heap and data section.

[1] : [https://people.torproject.org/~gk/misc/Selfrando-Tor-
Browser...](https://people.torproject.org/~gk/misc/Selfrando-Tor-Browser.pdf)

------
kapauldo
For the over 40 crowd
[https://read.feedly.com/html?url=https%3A%2F%2Fblog.torproje...](https://read.feedly.com/html?url=https%3A%2F%2Fblog.torproject.org%2Fblog%2Ftor-
browser-70a4-released&theme=white&size=medium)

~~~
awake
javascript:(function()%7Bvar%20currentURL%20%3D%20encodeURIComponent(window.location)%3Bwindow.location%20%3D%20%60https%3A%2F%2Fread.feedly.com%2Fhtml%3Furl%3D%24%7BcurrentURL%7D%26theme%3Dwhite%26size%3Dsmall%60%7D)())

bookmarklet code to do that for you on any web page not sure how to format
this better

------
irresolute
I'm waiting for version 8 because of my religion.

~~~
Proof
Could be a while.

