An fitar da Tor Browser 11.0.2, wani kwararren mai bincike da ya mayar da hankali kan sirri, tsaro, da sirri. Lokacin amfani da Tor Browser, ana tura duk zirga-zirgar ta hanyar hanyar sadarwar Tor kawai, kuma shiga kai tsaye ta hanyar haɗin hanyar sadarwa ta tsarin yanzu ba zai yiwu ba, wanda ke hana a bin diddigin ainihin adireshin IP na mai amfani. (Idan an yi kutse a cikin burauzar, masu hari za su iya shiga sigogin hanyar sadarwar tsarin, don haka ya kamata a yi amfani da samfuran kamar Whonix don toshe duk wani ɓullar da zai iya faruwa gaba ɗaya.) An shirya gina Tor Browser don Linux, Windows и macOS.
Don samar da ƙarin tsaro, Tor Browser ya haɗa da ƙara HTTPS A Ko'ina, wanda ke ba ku damar amfani da ɓoyayyen hanya akan duk rukunin yanar gizon inda zai yiwu. Don rage barazanar hare-haren JavaScript da toshe plugins ta tsohuwa, an haɗa ƙarar NoScript. Don magance toshe hanyoyin zirga-zirga da dubawa, ana amfani da madadin sufuri. Don karewa daga haskaka takamaiman fasali na baƙo, WebGL, WebGL2, WebAudio, Social, SpeechSynthesis, Touch, AudioContext, HTMLMediaElement, Mediastream, Canvas, SharedWorker, WebAudio, Izini, MediaDevices.enumerateDevices, da screen.orientation ko APIs ba su da iyaka. Kayan aikin aika telemetry, Pocket, Viewer View, HTTP Alternative-Services, MozTCPSocket, "link rel=preconnect", libmdns ya inganta.
An daidaita sabuwar sigar da tushen lambar Firefox 91.4.0, wanda ya gyara raunin 15, 10 daga cikinsu an yiwa alama mai tsanani. Bakwai daga cikin raunin suna faruwa ne sakamakon matsalolin ƙwaƙwalwa, kamar kwararar buffer da samun damar zuwa ƙwaƙwalwar da aka saki a baya, kuma yana iya haifar da aiwatar da mummunan aiki na lambar yayin buɗe shafuka na musamman da aka ƙera. Daga ginin dandamali. Linux An cire wasu fonts na TTF, wanda amfani da su ya haifar da katsewa a cikin fassara rubutu a cikin abubuwan dubawa a cikin Fedora LinuxAn kashe saitin "network.proxy.allow_bypass", wanda ke sarrafa kariya daga amfani da Proxy API ba daidai ba a cikin ƙari. Sabuwar hanyar shiga "deusexmachina" an kunna ta tsoho don jigilar obfs4.
A halin yanzu, labarin toshewar Tor yana ci gaba a Rasha. Roskomnadzor ya canza abin rufe fuska na gidajen yanar gizo da aka toshe a cikin rajistar gidajen yanar gizo da aka haramta. yankuna Daga "www.torproject.org" zuwa "*.torproject.org" kuma an faɗaɗa jerin adiresoshin IP da za a iya toshewa. Saboda canjin, an toshe yawancin ƙananan yankuna na Tor Project, gami da blog.torproject.org, gettor.torproject.org, da support.torproject.org. Forum.torproject.net, wanda aka shirya akan kayan aikin Discourse, har yanzu yana samuwa. Gitlab.torproject.org da lists.torproject.org suna da ɗan sauƙin shiga; da farko ba a samun su amma daga baya an dawo da su, wataƙila saboda canjin adireshin IP (gitlab yanzu ana nuna shi ga mai masaukin baki gitlab-02.torproject.org).
A lokaci guda, toshe hanyoyin shiga da hanyoyin sadarwa na Tor, da kuma mai masaukin baki na ajax.aspnetcdn.com (Microsoft CDN), wanda ake amfani da shi wajen jigilar kayayyaki masu sauƙi, ya daina. A bayyane yake, gwaje-gwajen toshe hanyoyin sadarwa na Tor sun tsaya bayan an toshe gidan yanar gizon Tor. Yanayin da madubin tor.eff.org ke ci gaba da aiki, yana da rikitarwa. Gaskiyar magana ita ce madubin tor.eff.org yana da alaƙa da wannan. Adireshin IP, wanda ake amfani da shi don yankin eff.org na EFF (Gidauniyar Frontier ta EFF), don haka toshe tor.eff.org zai haifar da toshe wani ɓangare na wurin da wata ƙungiyar kare haƙƙin ɗan adam ta shahara.
Bugu da ƙari, za mu iya lura da buga wani sabon rahoto kan yuwuwar yunƙurin kai hare-hare don ɓata sunan masu amfani da Tor da ke da alaƙa da ƙungiyar KAX17, waɗanda aka gano ta takamaiman saƙon imel na ƙirƙira a cikin sigogin kumburi. A cikin Satumba da Oktoba, aikin Tor ya toshe nodes 570 masu yuwuwar mugunta. A cikin kololuwarta, ƙungiyar KAX17 ta sami damar haɓaka adadin nodes masu sarrafawa a cikin hanyar sadarwar Tor zuwa 900, masu ba da sabis daban-daban 50 suka shirya, wanda yayi daidai da kusan 14% na jimlar yawan relays (don kwatanta, a cikin 2014, maharan sun sami nasarar sami iko akan kusan rabin relays na Tor, kuma a cikin 2020 sama da kashi 23.95% na nodes ɗin fitarwa).
Sanya ɗimbin nodes ɗin da ma'aikaci ɗaya ke sarrafawa yana ba da damar cire sunan masu amfani ta amfani da harin aji Sybil, wanda za'a iya aiwatarwa idan maharan suna da iko akan nodes na farko da na ƙarshe a cikin sarkar ɓoye sunan. Kumburi na farko a cikin sarkar Tor ya san adireshin IP na mai amfani, kuma na ƙarshe ya san adireshin IP na albarkatun da ake buƙata, wanda ke ba da damar cire sunan buƙatun ta ƙara wani tambari mai ɓoye a cikin fakitin rubutun akan gefen kumburin shigarwar, wanda ya rage baya canzawa a cikin dukkan sarkar ɓoyewa, da kuma nazarin wannan lakabin a gefen kumburin fitarwa. Tare da kuɗaɗen fita da aka sarrafa, maharan kuma na iya yin canje-canje ga zirga-zirgar da ba a ɓoye ba, kamar cire turawa zuwa nau'ikan rukunin yanar gizo na HTTPS da satar abun ciki mara ɓoye.
A cewar wakilan cibiyar sadarwar Tor, yawancin nodes da aka cire a cikin fall ana amfani da su azaman tsaka-tsaki ne kawai, ba a yi amfani da su don aiwatar da buƙatun masu shigowa da masu fita ba. Wasu masu bincike sun lura cewa nodes na kowane nau'i ne kuma yuwuwar samun zuwa kumburin shigar da ƙungiyar KAX17 ke sarrafawa shine 16%, kuma zuwa kumburin fitarwa - 5%. Amma ko da haka ne, to, gabaɗayan yuwuwar mai amfani a lokaci guda ya buga shigar da nodes ɗin fitarwa na rukunin 900 nodes da KAX17 ke sarrafawa an kiyasta a 0.8%. Babu wata shaida ta kai tsaye na KAX17 nodes da ake amfani da su don kai hare-hare, amma ba za a iya kawar da yiwuwar hare-haren makamancin haka ba.
source: budenet.ru
