Tor’s Bug Smash Fund: Progress Since January 2020
At the beginning of August 2019, we asked you to help us build our very first Bug Smash Fund. This fund will ensure that the Tor Project has a healthy reserve earmarked for maintenance work and smashing the bugs necessary to keep Tor Browser, the Tor network, and the many tools that rely on Tor strong, safe, and running smoothly. Together we raised $86,081.
We want to share a final update on the work the 2019 Bug Smash Fund made possible.
Over the last year, we’ve marked 93 tickets with BugSmashFund. As of today, 74 of those tickets have been closed, and 19 of them are still in progress. With this reserve, we’ve been able to fix bugs and complete necessary maintenance on our mechanisms for sending bridges via email and collecting metrics data. We’ve also been able to improve tor padding, testing, onion services, documentation, Tor Browser UX, and tooling for development.
With your support, we’ve been able to allocate time to important tickets, and we look forward to launching our second Bug Smash Fund campaign in August 2020!
For a list of the tickets we closed with the first half of the Bug Smash Fund, see our blog post from January. Below is a full list of the BugSmashFund tickets we’ve closed since that update.
Tor Browser
The Bug Smash Fund helped the Tor Browser team complete the ESR 68 migration in late 2019, and has helped us close the following tickets since then:
- 32174 Replace XUL <textbox> with <html:input>
- 21549 Investigate wasm for linkability/fingerprint ability/disk avoidance issues
- 31395 Remove inline <script> in aboutTor.xhtml
Core Tor – Backport bug fixes, documentation, tests
The Bug Smash Fund has helped the Network team to accomplish quite a bit—from improving documentation and tests to backporting bug fixes.
- 32721 Allow chutney users to disable tor's sandbox at runtime
- 28992 Bug: ../src/feature/hs/hs_client.c:571: send_introduce1: Non-fatal assertion !(ip == NULL) failed
- 29819 Seccomp: sandbox crash on rt_sigaction with libseccomp 0.2.4
- 30344 conn_read_callback is called on connections that are marked for closed
- 31594 Close all the log fds before aborting
- 31614 Implement clean_up_backtrace_handler()
- 31736 Stop using mutex_destroy(), when multiple threads can still access the mutex
- 32298 Make pkg-config a hard requirement for Android builds, since lzma requires it
- 32315 Can't perform reverse DNS lookup for a (binary) IPv6 address
- 32363 tor_inet_aton parsing of IPv4 literals is too lax
- 32376 test: Possible NULL deref in free_fake_orcirc()
- 32706 Tried to establish rendezvous on non-edge circuit
- 32778 Initialise pubsub in Windows NT service mode
- 32868 crash: Assertion node->rs->is_possible_guard failed in compute_weighted_bandwidths at
- 32984 Revert #32883 for now and apply #32778 (so nt services can work in 0.4.3)
- 33103 LeakSanitizer is kicking in with tor being on 39c5e1b84994c2f226a8530b930f215cc5ffb877 when closing Tor Browser
- 33104 Minor issues when handling ACTIVE control signal
- 33192 Stop assuming that /usr/bin/python exists
Thank you to everybody who made a contribution to the Bug Smash Fund. This work is critical in helping us to provide safer tools for millions of people around the world exercising their human rights to privacy and freedom online.
If you’d like to make a contribution to the Bug Smash Fund, you can do so by making a gift at donate.torproject.org: just add “Bug Smash Fund” into the comment field, and we’ll make sure it’s directed to the right place.
Comments
Please note that the comment area below has been archived.
Fixing bugs and enhancing…
Fixing bugs and enhancing security/privacy are doing good work for the cause of justice and human rights everywhere!
I just hope that TP is never ordered by a US Court (or any other court) to fail to fix a known vulnerability, which I fear is the most likely abuse which will be encouraged by the LAEDA and EARN-IT acts if these terribly dangerous bills pass the US Congress. (Note that both Drump and Biden have histories of opposition to unbackdoored civilian cryptography, so it is up to the US Congress to kill these proposals which will do irreparable harm to cybersecurity at the very time when Americans and indeed the USG most need strong cybersecurity.)
Bug-smashing is a critical…
Bug-smashing is a critical activity for all software providers, whether FOSS or commercial.
Here is a recent article from Bruce Schneier which clearly explains some of the reasons why:
theatlantic.com
The Twitter Hacks Have to Stop
Twitter and companies like it are essential to the functioning of the economy and the country. The government needs to start treating them that way, and that means both requiring them to do a better job on security and breaking them up.
18 Jul 2020
Bruce Schneier
Several points he makes echoes points made by commentators in this blog:
o endemic cyber-insecurity in consumer devices/platforms is in fact a national security threat
o part of the solution involves not only regulation but breaking up the Big Tech monsters
o "class breaks" are particularly dangerous because there is nothing the user can do to resist them
In particular, it is vitally important that Tor users understand that if the proposed LAEDA or EARN-IT Acts become law, this would have the effect of a *universal* class break simulataneously rendering all cryptographic protections untrustworthy. Disk encryption, emails, messaging, online banking. Authentication. Data at rest. Data in motion. Everything would be broken. At the same time.
The only other nightmare scenario which even comes close to such universal destruction would be the discovery of an instantly exploitable break in the Rjindael cipher (aka AES, which is still the standard solution for block and stream encryption, despite its age and continuing concerns about its rather regular algebraic structure).
There is lately much (long…
There is lately much (long overdue) discussion in US media of the role technology plays in election security. The current vulnerabilities go far beyond securing election networks themselves (e.g. the systems used to report votes from local precincts to central election bureaus), including as well candidate websites, communications by political staffers with constituents and with their colleagues, communications by get-out-the-vote activists, interference by politicized agencies subject to authoritarian pressures, such as the US Postal Service and US Census Bureau.
I would like to suggest that TP leadership brainstorm how Tor can play a positive role in addressing some of these problems.
Two books which provide key background on state-sponsored meddling in foreign elections:
o CIA meddling in Italy, Latin America, etc: Tim Weiner, Legacy of Ashes, Anchor, 2007
o CIA meddling in Russia and Russian GRU meddling in US elections: David Shimer, Rigged, Knopf, 2020.
Shimer's book is an impressive first book by a young scholar (still working on his PhD!), but I fear he has been taken in by the many former CIA leaders he interviewed who stoutly insisted that CIA ceased its election meddling years ago, a misleading claim which he appears to have bought. Far from becoming more restrained, CIA has in fact abused its ever expanding post 9/11 powers by aggressively targeting whole classes of dissidents for cyberattack, regardless of whether or not they are US citizens or persons located inside or outside US territory. The Snowden leaks shed light upon NSA abuses, but the CIA has moved far beyond what NSA was doing to US citizens living in America. All that said, his book is the first I have seen which offers a good discussion (albeit colored by what CIA wants us to believe) of RU hacking of US elections.
We need more whistleblowers, more than ever. For this reason, I urge TP to reach out to SecureDrop to try to find ways these two platforms can work with each other in ways which help the finding and closing of current vulnerabilities, rather than the inadvertent (or USG mandated) creation of new ones.
Footnote: Shimer uses "bullet-point" type summaries, a useful device which I have not seen in previous scholarly books, and he does not shy away from restating important points. Since I also use these rhetorical devices, I should state that I am not Shimer and have no ties to either Shimer or Weiner.