An gabatar da sakin wani ƙwararren masarrafa, Tor Browser 11.0.2, wanda ya mai da hankali kan tabbatar da ɓoye suna, tsaro da keɓantawa. Lokacin amfani da Tor Browser, duk zirga-zirgar ababen hawa ana jujjuya su ne kawai ta hanyar hanyar sadarwar Tor, kuma ba shi yiwuwa a shiga kai tsaye ta hanyar daidaitattun hanyoyin sadarwar tsarin na yanzu, wanda baya ba da damar bin diddigin adireshin IP na ainihi na mai amfani (idan an kutse mai binciken, maharan. na iya samun damar yin amfani da sigogin cibiyar sadarwa, don haka don cikakke Don toshe yuwuwar leaks, yakamata kuyi amfani da samfura kamar Whonix). An shirya ginin Tor Browser don Linux, Windows da macOS.
Don samar da ƙarin tsaro, Tor Browser ya haɗa da ƙara HTTPS A Ko'ina, wanda ke ba ku damar amfani da ɓoyayyen hanya akan duk rukunin yanar gizon inda zai yiwu. Don rage barazanar hare-haren JavaScript da toshe plugins ta tsohuwa, an haɗa ƙarar NoScript. Don magance toshe hanyoyin zirga-zirga da dubawa, ana amfani da madadin sufuri. Don karewa daga haskaka takamaiman fasali na baƙo, WebGL, WebGL2, WebAudio, Social, SpeechSynthesis, Touch, AudioContext, HTMLMediaElement, Mediastream, Canvas, SharedWorker, WebAudio, Izini, MediaDevices.enumerateDevices, da screen.orientation ko APIs ba su da iyaka. Kayan aikin aika telemetry, Pocket, Viewer View, HTTP Alternative-Services, MozTCPSocket, "link rel=preconnect", libmdns ya inganta.
Sabuwar sigar tana aiki tare da tushe na lambar sakin Firefox 91.4.0, wanda ya kayyade lahani 15, wanda 10 aka yiwa alama a matsayin haɗari. 7 rashin lahani yana haifar da matsaloli tare da ƙwaƙwalwar ajiya, kamar buffer overflow da samun dama ga wuraren ƙwaƙwalwar ajiya da aka riga aka warware, kuma yana iya yuwuwar haifar da aiwatar da lambar maharin lokacin buɗe shafuka na musamman. An cire wasu fonts na ttf daga ginawa don dandamali na Linux, amfani da su ya haifar da rushewar fassarar rubutu a cikin abubuwan dubawa a cikin Fedora Linux. An kashe saitin "network.proxy.allow_bypass", wanda ke sarrafa ayyukan kariya daga yin amfani da API ɗin da ba daidai ba a cikin add-ons. Don jigilar obfs4, sabuwar ƙofar "deusexmachina" tana aiki ta tsohuwa.
A halin yanzu, labarin toshe Tor a Tarayyar Rasha ya ci gaba. Roskomnadzor ya canza abin rufe fuska na wuraren da aka katange a cikin rajista na wuraren da aka haramta daga "www.torproject.org" zuwa "*.torproject.org" kuma ya fadada jerin adiresoshin IP da ke ƙarƙashin toshewa. Canjin ya sa aka toshe mafi yawan yankunan aikin Tor, gami da blog.torproject.org, gettor.torproject.org, da support.torproject.org. forum.torproject.net, wanda aka shirya akan kayan aikin Magana, ya kasance akwai. Ana samun dama ga wani yanki gitlab.torproject.org da lists.torproject.org, wanda aka rasa damar zuwa da farko, amma sai aka dawo dashi, mai yiwuwa bayan canza adiresoshin IP (an tura gitlab zuwa ga mai masaukin gitlab-02.torproject.org).
A lokaci guda, ƙofofin ƙofofin da nodes na cibiyar sadarwar Tor, da kuma mai masaukin baki ajax.aspnetcdn.com (Microsoft CDN), waɗanda aka yi amfani da su a cikin jigilar tawali'u, ba su daina toshewa. A bayyane, gwaje-gwajen tare da toshe nodes na cibiyar sadarwar Tor bayan toshe gidan yanar gizon Tor ya tsaya. Wani yanayi mai wahala ya taso tare da madubin tor.eff.org, wanda ke ci gaba da aiki. Gaskiyar ita ce, madubin tor.eff.org yana ɗaure da adireshin IP iri ɗaya da ake amfani da shi don yankin eff.org na EFF (Electronic Frontier Foundation), don haka toshe tor.eff.org zai haifar da toshe wani ɓangare na wurin shahararriyar kungiyar kare hakkin dan Adam.
Bugu da ƙari, za mu iya lura da buga wani sabon rahoto kan yuwuwar yunƙurin kai hare-hare don ɓata sunan masu amfani da Tor da ke da alaƙa da ƙungiyar KAX17, waɗanda aka gano ta takamaiman saƙon imel na ƙirƙira a cikin sigogin kumburi. A cikin Satumba da Oktoba, aikin Tor ya toshe nodes 570 masu yuwuwar mugunta. A cikin kololuwarta, ƙungiyar KAX17 ta sami damar haɓaka adadin nodes masu sarrafawa a cikin hanyar sadarwar Tor zuwa 900, masu ba da sabis daban-daban 50 suka shirya, wanda yayi daidai da kusan 14% na jimlar yawan relays (don kwatanta, a cikin 2014, maharan sun sami nasarar sami iko akan kusan rabin relays na Tor, kuma a cikin 2020 sama da kashi 23.95% na nodes ɗin fitarwa).
Sanya ɗimbin nodes ɗin da ma'aikaci ɗaya ke sarrafawa yana ba da damar cire sunan masu amfani ta amfani da harin aji Sybil, wanda za'a iya aiwatarwa idan maharan suna da iko akan nodes na farko da na ƙarshe a cikin sarkar ɓoye sunan. Kumburi na farko a cikin sarkar Tor ya san adireshin IP na mai amfani, kuma na ƙarshe ya san adireshin IP na albarkatun da ake buƙata, wanda ke ba da damar cire sunan buƙatun ta ƙara wani tambari mai ɓoye a cikin fakitin rubutun akan gefen kumburin shigarwar, wanda ya rage baya canzawa a cikin dukkan sarkar ɓoyewa, da kuma nazarin wannan lakabin a gefen kumburin fitarwa. Tare da kuɗaɗen fita da aka sarrafa, maharan kuma na iya yin canje-canje ga zirga-zirgar da ba a ɓoye ba, kamar cire turawa zuwa nau'ikan rukunin yanar gizo na HTTPS da satar abun ciki mara ɓoye.
A cewar wakilan cibiyar sadarwar Tor, yawancin nodes da aka cire a cikin fall ana amfani da su azaman tsaka-tsaki ne kawai, ba a yi amfani da su don aiwatar da buƙatun masu shigowa da masu fita ba. Wasu masu bincike sun lura cewa nodes na kowane nau'i ne kuma yuwuwar samun zuwa kumburin shigar da ƙungiyar KAX17 ke sarrafawa shine 16%, kuma zuwa kumburin fitarwa - 5%. Amma ko da haka ne, to, gabaɗayan yuwuwar mai amfani a lokaci guda ya buga shigar da nodes ɗin fitarwa na rukunin 900 nodes da KAX17 ke sarrafawa an kiyasta a 0.8%. Babu wata shaida ta kai tsaye na KAX17 nodes da ake amfani da su don kai hare-hare, amma ba za a iya kawar da yiwuwar hare-haren makamancin haka ba.
source: budenet.ru