Archive

We Gave Tor Browser a UX Overhaul

Published on 2018-09-06

// We Gave Tor Browser a UX Overhaul //

For the past year, we have been collecting feedback on how we can make Tor Browser work better for you.

Tor Browser 8.0, our first stable release based on Firefox 60 ESR, is now available. This release is all about users first.

Tor Browser 8.0 comes with a series of user experience improvements that address a set of long-term Tor Browser issues you’ve told us about. To meet our users' needs, Tor Browser has a new user onboarding experience; an updated landing page that follows our styleguide; additional language support; and new behaviors for bridge fetching, displaying a circuit, and visiting .onion sites.

For the most part, using Tor is like using any other browser (and it is based on Firefox), but there are some usage differences and cool things happening behind the scenes that users should be aware of. Our new onboarding experience aims to better let you know about unique aspects of Tor Browser and how to maximize those for your best browsing experience.

Improved Bridge Fetching

For users where Tor is blocked, we have previously offered a handful of bridges in the browser to bypass censorship. But to receive additional bridges, you had to send an email or visit a website, which posed a set of problems. To simplify how you request bridges, we now have a new bridge configuration flow when you when you launch Tor. Now all you have to do is solve a captcha in Tor Launcher, and you’ll get a bridge IP. We hope this simplification will allow more people to bypass censorship and browse the internet freely and privately.

Better Language Support

Millions of people around the world use Tor, but not everyone has been able to use Tor in their language. In Tor Browser 8, we’ve added resources and support for nine previously unsupported languages: Catalan, Irish, Indonesian, Icelandic, Norwegian, Danish, Hebrew, Swedish, and Traditional Chinese.

Collaboration Was Key

Providing this many improvements for our users could only be possible with collaboration between the Tor Browser team and Tor's UX team, Community team, Services Admin team, and our volunteers. We would like to thank everyone for working hard over the past year to bring all these new features to our users.

Learn more about it: https://blog.torproject.org/new-alpha-release-tor-browser-android Try it out: https://www.torproject.org/download/download-easy.html

// Volunteer Spotlight: Sina Rabbani Helps Activists Avoid Government Censorship //

Tor is a labor of love built by a small group of committed individuals. We’re grateful to have the support of a dedicated volunteer base who help us to make Tor the strongest privacy tool out there, and we’re highlighting their work in this series. We want to thank Sina Rabbani, one of the co-founders (and former CTO) of Access Now, a nonprofit dedicated to defending users’ digital rights, for his years of support to Tor and to the internet freedom movement.

Sina runs Faravahar, one of nine Tor directory authorities. These dedicated servers tell the millions of Tor clients which relays make up the Tor network. A talented and passionate engineer, Sina has been involved with digital rights activism for almost a decade. Today, he’s a Systems Engineer with Team Cymru, an internet security company which analyzes threat intelligence.

Free speech is something Sina doesn’t take for granted. “I was born in a country where you can be sentenced to death because of your speech,” he said. “Freedom of speech in the digital age is a basic human right. Tyranny will start by taking our ability to speak up first, then the rest of our rights.”

“Tor gives me a chance to resist tyranny in a non-violent manner, and I feel blessed and grateful for the opportunity. The hope is to one day move Faravahar to one of Iran’s universities. Until that day, Ma Hastim va Ma Bishomarim — we are, and we are countless.”

Learn more about Sina's work and how he became involved with Tor: https://blog.torproject.org/volunteer-spotlight-sina-rabbani-helps-activists-avoid-government-censorship

// More New Releases //

Tor Browser 8.0a10 Tor Browser 8.0a10 is the second alpha release based on Firefox ESR 60 and contains a number of improvements and bug fixes. It includes major updates to the user experience, and there are more to come. The stable version is slated for release next week! Full changelog: https://blog.torproject.org/new-release-tor-browser-80a10

Tor 0.3.4.7-rc Tor 0.3.4.7-rc fixes several small compilation, portability, and correctness issues in previous versions of Tor. This version is a release candidate: if no serious bugs are found, we expect that the stable 0.3.4 release will be (almost) the same as this release. Full changelog: https://blog.torproject.org/new-release-tor-0347-rc

// Upcoming Events with Tor //

Tor Meetup Ciudad de México. Mexico City. September 27, 2018. https://blog.torproject.org/events/tor-meetup-ciudad-de-mexico
Tor's Open Hack Days. Mexico City. October 2-3, 2018. https://blog.torproject.org/events/tors-open-hack-days-mexico-city

// Join Our Community //

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://trac.torproject.org/projects/tor/wiki/TorRelayGuide

Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

Donate to help keep Tor fast, strong, and secure: https://donate.torproject.org

The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject

Research Tips & Topics, Egypt Censorship Report, HOPE Vid, Events

Published on 2018-07-31

// The State of Internet Censorship in Egypt //

A groundbreaking report by OONI and AFTE uncovered anomalies on Egyptian networks including censorship and the hijacking of unencrypted HTTP connections for advertising and cryptocurrency mining. Even UN sites were redirected.

Also, more than 100 news websites are blocked in Egypt, including Al Jazeera, The Huffington Post Arabic, Mada Masr, Almesryoon, Daily News Egypt, Turk Press and Iran’s Alalam News.

“The blocking of media organizations’ websites has had a severe impact on their operations, and some have even suspended their work altogether as a result of persisting censorship,” said Mohammad El Taher, director of the AFTE research unit.

While it’s been known that Egypt has undertaken widespread censorship of websites, this is the first time a comprehensive study of the methods of censorship have been undertaken. Find out how Egypt censors: https://blog.torproject.org/egypt-internet-censorship

// How to Do Effective and Impactful Tor Research //

As we mentioned in our previous post about Tor research topics, Tor greatly benefits from the research community. When researchers work closely with the design and development of deployed systems, this not only results in better research, but also better systems. For project maintainers, research that identifies vulnerabilities, creates new solutions to existing problems, and verifies proposed designs helps improve projects and make them safer for end users. TLS 1.3 is one recent example of where a symbiotic research/practitioner relationship has improved the protocol's design and safety.

However it is all too common that good research ideas don't make their way into practice. Within Tor, we have found that integrating new research findings isn't seamless or predictable, and good ideas are often lost or deemed incompatible without significantly more analysis and research.

The purpose of this post is to discuss what good research needs to do in order to ensure it has the best chance of being adopted by Tor or any other large software project.

We have structured this post in terms of an ordered list of goals for research. Each successive goal is more difficult to accomplish than the previous one. At the end of this post, we will look at a positive example of excellent research that successfully accomplished all of these goals and give overall takeaways.

Find out your list of goals, in order of increasing difficulty, when conducting relevant research: https://blog.torproject.org/how-do-effective-and-impactful-tor-research

// Open Research Topics: 2018 Edition //

Here we update the list of open Tor research problems, to bring focus to specific areas of research that the Tor Project thinks are necessary/useful in our efforts to upgrade and improve the Tor network and associated components and software. It is organized by topic area: network performance, network security, censorship circumvention, and application research. Each topic area provides information about current and desired work and ideas. We conclude with information about doing ethical and useful research on Tor and with suggestions on how to best ensure that this work is useful and easy for us to adopt. Check them out: https://blog.torproject.org/tors-open-research-topics-2018-edition

// Watch The Onion Report from HOPE //

Find out all about what different teams at Tor have been up to by watching The Onion Report from HOPE. Filmed July 20th in NYC with Steph, Alison, George, David, and Matt: https://livestream.com/internetsociety/hope/videos/178158095

// New Onion Services Add-On: Vanguards //

Earlier this year, the Tor Project released its first stable Tor and Tor Browser releases with the new v3 onion service protocol. The protocol features many improvements, including longer and more secure onion addresses, service enumeration resistance, improved authentication, and upgraded cryptography.

However, while this new protocol closes off some attacks (particularly enumeration and related targeted DoS attacks), it does not solve any attacks that could lead to service deanonymization.

The core Vanguards functionality ensures that all onion service circuits are restricted to a set of second and third layer guards, which have randomized rotation times.

If you want to beef up the security of your onion service, this add-on is for you: https://blog.torproject.org/announcing-vanguards-add-onion-services

// New Releases //

Tor 0.3.3.8 This release backports several changes from the 0.3.4.x series, including fixes for a memory leak affecting directory authorities. Full changelog: https://blog.torproject.org/tor-0338-released

Tor Browser 8.0a7 This release features important security updates to Firefox and updates firefox to 52.8.0esr. In addition we fixed some issues with UI customization and YouTube videos play. Full changelog: https://blog.torproject.org/tor-browser-80a7-released

Tor Browser 7.5.4 This release updates Firefox to 52.8.0esr, HTTPS Everywhere to 2018.4.11, and NoScript to 5.1.8.5. In addition, we exempt .onion domains from mixed content warnings, fixed a fingerprinting issue and an issue with localized content. Full changelog: https://blog.torproject.org/tor-browser-754-released

// Upcoming Events with Tor //

Explore Tor, NYC! Meetup and Q&A with Isabela Bagueros. Brooklyn, USA. August 2, 2018. https://blog.torproject.org/events/explore-tor-nyc-meetup-qa-isa
Def Con. Las Vegas, USA. August 9-12, 2018. https://blog.torproject.org/events/roger-and-steph-and-others-def-con-las-vegas
IX Seminário de Proteção à Privacidade e aos Dados Pessoais. August 7-8, 2018. https://blog.torproject.org/events/ix-seminario-de-protecao-privacidade-e-aos-dados-pessoais
FOCI Workshop. Baltimore, USA. August 14, 2018. https://blog.torproject.org/events/foci-workshop-baltimore
USENIX. Baltimore, USA. August 15-17, 2018. https://blog.torproject.org/events/usenix-security-baltimore
RustConf. Portland, USA. August 17, 2018. https://blog.torproject.org/events/rustconf-portland

// Join Our Community //

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://trac.torproject.org/projects/tor/wiki/TorRelayGuide

Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

Donate to help keep Tor fast, strong, and secure: https://donate.torproject.org

Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject Instagram: https://instagram.com/torproject

Censorship Circumvention, Trackers, Onion Protections, New Releases, Events

Published on 2018-06-28

Breaking Through Censorship Barriers, Even When Tor Is Blocked

Last week, Venezuela blocked access to the Tor network. Prior to the block, there were over 30,000 people in Venezuela enjoying the privacy and security protections Tor provides: https://news.vice.com/en_us/article/59qvwz/venezuela-maduro-tor-network-censorship

Connecting to Tor is a luxury, but we have developed ways for people where Tor is blocked to continue to connect to the network. Using bridges and pluggable transports, people can break through censorship and continue to access the open web. For more information about using bridges, see:

https://blog.torproject.org/rompiendo-barreras-de-censura-incluso-cuando-tor-esta-bloqueado [Spanish]

https://blog.torproject.org/breaking-through-censorship-barriers-even-when-tor-blocked [English]

If you have basic command line experience, you can help out people in countries with heavy censorship by becoming a bridge operator: https://www.torproject.org/docs/pluggable-transports#operator

Don't Let Facebook or Other Trackers Follow You on The Web

In the early age of the internet, people enjoyed a high level of privacy. Webpages were just hypertext documents; almost no personalization of the user experience was offered (or forced). The web today has evolved into a system of surveillance capitalism, where advertising networks follow users while they browse the web, continuously collecting traces of personal data and surfing patterns to create profiles of users in order to target them.

Using the web today, you are a target. And because of the rampant tracking across websites, each time you use the internet, you become an easier target.

By tracking you across different applications and sites through cookies or open web sessions, your personal preferences and social connections are collected and often sold. Even if you do not accept cookies or are not logged into a service account, such as your Google, Twitter, or Facebook accounts, the web page and third-party services can still try to profile you by using third-party HTTP requests or other techniques.

Within the HTTP request, various selectors can be included to communicate user preferences or particular features, in the form of URL variables. Personalized language or fonts settings, browser extensions, in-page keywords, battery charge and status, and more can be used to identify you by restricting the pool of possible candidates among all the visitors in a certain time frame, location, profile of interests. You can then be distinguished, or fingerprinted, across multiple devices or sessions and then the profile the tracker has on you is expanded.

By the sites and applications themselves, the story is spun to sound as if they’re doing you a favor: they say this collection allows them to customize your experience. You see ads more relevant to you, Facebook and others say.

Even if you think of an advertising network as a recommendation system, this same system is also influencing what you see. It’s changing your experience of the internet.

But at what cost is this customization? When confronted with transparency around what this “customization” takes, it “poisons” the ad. So of course these companies are pushing back against transparency, but we need to keep pushing them and doing what we can to prevent them from continuing to exploit us online.

Learn about how Tor Browser can help: https://blog.torproject.org/dont-let-facebook-or-any-tracker-follow-you-web

Privacy International Protects Partners with Its Onion Address

This guest post is written by Ed Geraghty, Technologist, Privacy International.

No one shall be subjected to arbitrary interference with [their] privacy, family, home or correspondence, nor to attacks upon [their] honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

United Nations Declaration of Human Rights (UDHR) 1948, Article 12

The right to privacy is a qualified, fundamental human right. We at Privacy International (PI) work hard with our network of partners to ensure this fundamental right is protected - it is essential to autonomy, the protection of human dignity, and is the foundation upon which many other human rights are built.

This is becoming ever-more important in an age of ubiquitous, indiscriminate mass surveillance, especially as more and more aspects of our daily lives - interactions with friends, family, companies, and the state - are dependent upon technology. In order for individuals to fully participate in the modern world, developments in law and technologies must strengthen and not undermine the ability to freely enjoy this right.We challenge governments' powers by advocating and litigating for stronger protections. We lead research and investigations to shine a light on powers and capabilities, and to instigate and inform debate. We advocate for good practices and strong laws worldwide to protect people and their rights. We equip civil society organisations across the world to increase public awareness about privacy. We raise awareness about technologies and laws that place privacy at risk, to ensure that the public is informed and engaged.

Tor is an important tool in our arsenal - a technology which allows people to communicate, use the internet, and browse the web in a manner which evades censorship.

Many of our partners work in challenging environments, with massive state surveillance and/or ongoing censorship programmes. Giving them an ability to securely browse the web (both clear and onion) in a way which allows them to evade dragnet surveillance also allows them to conduct investigations securely.

Find out what else running an onion address provides the Privacy International community: https://blog.torproject.org/privacy-international-protects-partners-its-onion-address

New Releases

Tor 0.3.3.7 This release backports several changes from the 0.3.4.x series, including fixes for bugs affecting compatibility and stability. Full changelog: https://blog.torproject.org/tor-0337-released

Tor Browser 7.5.6 This release features important security updates to Firefox, updates Firefox to 52.9.0esr, and includes newer versions of NoScript and HTTPS Everywhere. Moreover, we added the latest Tor stable version, 0.3.3.7. Full changelog: https://blog.torproject.org/tor-browser-756-released-

Upcoming Events with Tor

HOPE. New York City, USA. July 20-22, 2018. https://hope.net/

The 18th Privacy Enhancing Technologies Symposium (PETS). Barcelona, Spain. July 24-27, 2018. https://petsymposium.org/2018/index.php

Tor Community Night. Barcelona, Spain. July 24, 2018. https://blog.torproject.org/events/tor-community-night-barcelona

Def Con. Las Vegas, USA. August 8-12, 2018. https://blog.torproject.org/events/roger-and-steph-and-others-def-con-las-vegas

Join Our Community

Getting involved with Tor is easy: you can help us make the network faster and more decentralized by running a relay. https://trac.torproject.org/projects/tor/wiki/TorRelayGuide

You can learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

If you want to make a contribution but don’t have the time to volunteer, your donation will help keep Tor fast, strong, and secure: https://donate.torproject.org

Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject

Domain Fronting, Relay Help, User Needs, New Interns, Events

Published on 2018-05-31

// Domain Fronting Is Critical to the Open Web //

Last month, Amazon and Google have both announced they’re pulling the plug on domain fronting, a crucial tool which helps our most vulnerable users get access to Tor when their countries don’t allow it. Users of Signal and Telegram are also affected by this block, and Access Now identified approximately a dozen “human rights-enabling technologies” which had relied on Google for this purpose: https://www.accessnow.org/google-ends-domain-fronting-a-crucial-way-for-tools-to-evade-censors/

Tor Browser protects against tracking, surveillance, and censorship, but not everyone around the world has the luxury to connect to use it. By default, Tor Browser makes all of its users look alike. However, it doesn't hide the fact you're connecting to Tor, an open network where anyone can get the list of relays. This network transparency has many benefits, but also has a downside: repressive governments and authorities can simply get the list of Tor relays and block them. We strongly oppose this censorship and believe everyone should have access to information on the open web. That’s why we developed pluggable transports to bypass censorship and connect to the Tor network.

Domain fronting is a type of pluggable transport where Tor traffic appears to be talking to a third party that is hard to block, like Amazon or Google, when it is really talking to a Tor relay. An example of this is Tor’s “meek” pluggable transport, which is described here: trac.torproject.org/projects/tor/wiki/doc/meek

Google and Amazon have both shut down domain fronting, making meek no longer usable over those CDNs. As of this writing, Microsoft’s Azure cloud still seems to be working with meek.

For the time being, we are shifting to Microsoft’s Azure cloud. But we’ve heard that option will soon be shut down, as well.

Unfortunately, it doesn’t look like there is a fast fix. We were not given advance notice of these changes, so we are thinking hard on potential solutions to ensure our friends living in repressive regimes around the world can continue to access the open web.

// Get Help Running Your Relay From Our New Advocate //

Thousands of relays make up the roots of the Tor network, and the volunteers who run them are indispensable, donating their time, infrastructure, and technical know-how to help millions of people around the world, including activists and journalists, communicate privately and securely.

Over the years, the Tor team saw there was a need for greater support of the relay operator community and heard concerns about how to better meet their needs. We now have a Relay Advocate whose job will be improving the health and happiness of the relay operator community, expanding the community, and helping improve bonds between operators. Meet Colin (Phoul) and find out what he'll be up to: https://blog.torproject.org/get-help-running-your-relay-our-new-advocate

// Tor + Tails UX: Identifying User Needs at CryptoRave 2018 //

This month during the geek CryptoRave in São Paulo, we invited Tails and Tor users to join a user needs session. We love to run sessions with groups of similar users so we can focus on their unique needs and experiences. Users of Tor and Tails have the common objective: they are looking to use private and secure tools, and their safety could be a concern.

We like to envision our community of users ultimately making the tools we build. UX is about relationships. We need to understand our users' relationship to our software. And in order to do that, we need a close relationship with our users. Find out what we're considering to address user needs we identified: https://blog.torproject.org/tor-tails-ux-identifying-user-needs-cryptorave-2018

// Meet the Tor Summer of Privacy & Outreachy Interns //

We have new contributors joining the Tor Project who come to us through two paid internship programs, Tor Summer of Privacy and Outreachy, an internship program for underrepresented groups in tech. Meet the interns and find out a few of the things they’ll be working on: blog.torproject.org/meet-tor-summer-privacy-and-outreachy-interns

// New Releases //

Tor 0.3.3.6 This is the first stable release in the 0.3.3 series. It backports several important fixes from the 0.3.4.1-alpha. The Tor 0.3.3 series includes controller support and other improvements for v3 onion services, official support for embedding Tor within other applications, and our first non-trivial module written in the Rust programming language. (Rust is still not enabled by default when building Tor.) And as usual, there are numerous other smaller bugfixes, features, and improvements. Full changelog: https://blog.torproject.org/tor-0336-released-new-stable-series

// Upcoming Events with Tor //

Mozilla All-Hands. San Francisco, USA. June 11-15, 2018. https://blog.torproject.org/events/mozilla-all-hands-san-fran

Citizen Lab Summer Institute. Toronto, Canada. June 13-15, 2018. https://blog.torproject.org/events/citizen-lab-summer-institute-toronto

The First Amendment for the 21st Century Pittsburgh, USA. June 21-22, 2018. https://blog.torproject.org/events/first-amendment-21st-century-pittsburgh

The 18th Privacy Enhancing Technologies Symposium (PETS). Barcelona, Spain. July 24-27, 2018. https://petsymposium.org/2018/index.php

// Join Our Community //

Getting involved with Tor is easy: you can help us make the network faster and more decentralized by running a relay. https://trac.torproject.org/projects/tor/wiki/TorRelayGuide

You can learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

If you want to make a contribution but don’t have the time to volunteer, your donation will help keep Tor fast, strong, and secure: https://donate.torproject.org

Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject

Our Next Executive Director, Call for HotPETS Talks, Tor Messenger, New Releases

Published on 2018-05-01

// Isabela Bagueros Will Be Our Next Executive Director //

Shari announced her retirement from the Tor Project at the end of February, and the search for our next Executive Director is already over. We didn't have to look far. Isabela Bagueros, current Tor Project Manager, will be our next Executive Director!

Isa joined the Tor Project in 2015 and has led teams in collaborative strategy building and roadmapping unprecedented at the organization. She also leads Tor’s UX team in implementing critical usability improvements and is leading an overhaul of Tor’s website.

“Isa’s contributions to Tor are too many to name here,” said Shari Steele, Tor’s current Executive Director who was brought on in 2015 to make the organization more operationally sound. “She brings global experience and perspective to privacy and censorship issues, and I could not be more confident in her ability to lead the organization into its next phase of growth and sustainability.”

Thinking of the user first has always been a priority for Isa, and during her three years with the organization, the scope of her vision for Tor has expanded to include the health of the organization and network. “I think any person on the planet should have access to the Tor network and enjoy the privacy and security it provides,” said Isa. “That means we need a healthy and scalable network and a strong and diverse organization to support that. I’m looking forward to seeing Tor gain global recognition for the privacy protections and censorship circumvention it provides.”

Now in a transition phase, Isabela will officially begin her position as Executive Director after she hires her replacement Project Manager and gets up to speed on the requirements of the job. Shari will continue as Executive Director until Isabela transitions and then plans to move into a consulting role through the end of the year. Shari will join the Tor Project Board of Directors beginning January 2019.

Congratulations, Isa! :D

Check out the post to read Isa's full bio: https://blog.torproject.org/announcing-tors-next-executive-director-isabela-bagueros

// Call for Talks: HotPETS 2018 //

The Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs) fosters new ideas and spirited debates on privacy. Held in conjunction with the 18th Privacy Enhancing Technologies Symposium (PETS), the 11th HotPETs will be held July 27, 2018 in Barcelona, Spain.

HotPETS is calling for engaging and informative 10-15 minute talks on hot topics in privacy enhancing technologies (PETs), with each talk to be followed by a 5-10 minute question period. The nature of HotPETs' discussion-oriented format is especially suited to works in progress and new ideas that have not yet been fully formed.

Last year there was an interesting discussion about whether a separate Tor network should be set up for safer research and another discussion around I2P. What idea, experience, lessons, or theories would you like to talk through? Find out some topics of interest and how to apply: https://blog.torproject.org/call-talks-hotpets-2018

// Sunsetting Tor Messenger //

In 2015, we introduced Tor Messenger, a cross-platform chat program that aimed to be secure by default by sending all of its traffic over Tor and enforcing encrypted one-to-one conversations by bundling and using OTR (Off-the-Record) messaging. The aim was to provide a chat client that supported a wide variety of transport networks like Jabber (XMPP), IRC, Google Talk, Facebook, Twitter; had an easy-to-use graphical interface; and configured most of the security and privacy settings automatically with minimal user intervention.

When we released the first version, we tried to clearly identify the limitations of such a product: Tor Messenger was meant for communicating over existing social networks. This meant that in such a client-server model, your metadata could be logged by the server, but your route to the server would be not be disclosed because it would be over Tor, and your communications would be encrypted with Off-the-Record messaging. We still thought this was a better alternative than the other products in the market, such as Pidgin, because it had safer and secure default configurations.

Eleven beta releases later, we have, sadly, decided to discontinue supporting Tor Messenger. Find out why: https://blog.torproject.org/sunsetting-tor-messenger

We apologize for any inconvenience this may have caused. We still believe in Tor's ability to be used in a messaging app, but sadly, we don't have the resources to make it happen right now. Maybe you do?

// New Releases //

Tor 0.3.3.5-rc This release fixes various bugs in earlier versions of Tor, including some that could affect reliability or correctness. This is the first release candidate in the 0.3.3 series. If no new bugs or regression is found, then the first stable 0.3.3 release will be nearly identical to this one. Full changelog: https://blog.torproject.org/tor-0335-rc-released

Tor Browser 8.0a6 This release includes newer versions of Tor (0.3.3.5-rc), OpenSSL (1.0.2o), HTTPS Everywhere (2018.4.11), and NoScript (5.1.8.5). Among other things we fixed the issue with secure cookies which were not working on http .onion pages, we made it possible to run Tor Browser without a /proc filesystem and we updated the GCC we use for building the Windows and Linux versions to 6.4.0. Full changelog: https://blog.torproject.org/tor-browser-80a6-released

TorBirdy 0.2.4 TorBirdy is an extension for Mozilla Thunderbird that configures it to make connections over the Tor network. This release adds support for Thunderbird 58 and 59, fixes a bug in Thunderbird that leaks the installed dictionary language using the "Content-Language" header (for more information see Bug 22484), updates the Enigmail keyserver settings, and adds new translations. Full changelog: https://blog.torproject.org/torbirdy-024-released

// Upcoming Events with Tor //

RightsCon. Toronto, Canada. May 16-18, 2018: Several Tor folks will be attending and will have a booth set up for a half day on either the 16th or 17th (more info to follow on the events calendar). https://rightscon.org https://blog.torproject.org/events/month

The 18th Privacy Enhancing Technologies Symposium (PETS). Barcelona, Spain. July 24-27, 2018. https://petsymposium.org/2018/index.php

// Join Our Community //

Getting involved with Tor is easy: you can help us make the network faster and more decentralized by running a relay. https://trac.torproject.org/projects/tor/wiki/TorRelayGuide

You can learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

If you want to make a contribution but don’t have the time to volunteer, your donation will help keep Tor fast, strong, and secure: https://donate.torproject.org

Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject

User Advocate (Mozilla Fellowship), Privacy Challenge, Live Styleguide, Volunteer, Releases 💜

Published on 2018-03-30

Power Digital Resistance with Tor!

“I think Tor is the most important privacy-enhancing technology project being used today.” —Edward Snowden

Friend,

Thank you so much for being a member of the Tor community. As part of the Tor Project’s end-of-year fundraising campaign, we’re highlighting how Tor powers digital resistance and promotes and protects essential human rights around the world.

And if you donate now, Mozilla will match your donation up to a total of $500,000!

MAKE A DONATION: https://donate.torproject.org

For the past decade, we’ve been building and distributing software that saves lives. Activists and journalists use Tor to alert the world to human rights abuses, people in countries that censor the internet use Tor to access critical resources, and ordinary users use Tor to evade pervasive surveillance and tracking. Millions of people rely on Tor every day for a safer, more secure way to access the internet.

This vital work is made possible thanks, in no small part, to supporters like you.

Corporate whistleblowers, health care workers, politicians, lawyers, and members of marginalized communities all depend on Tor to protect themselves. We’ve got big plans for improving Tor in 2018, bringing its privacy protections to mobile devices and encouraging more third-party developers to integrate Tor’s protection into their apps.

Let’s fight for free expression together. Donate today, get some cool swag, and have your gift matched by Mozilla’s generous matching program.

We rely on the generous support of our donors, and you can help us make the world’s strongest privacy tool even stronger by lending a hand. Whether you can give $5 or $500, you’ll be helping promote basic human rights worldwide. Join the digital resistance and support the Tor Project today!

Yours in privacy, Tommy

Tommy Collison Writer/Editor The Tor Project

MAKE A DONATION: https://donate.torproject.org

ED Search, Relay Guide, Onions for Anti-Corruption, Internships, Events

Published on 2018-02-28

// We've Launched a Search for Our Next Executive Director! //

We are going to miss her, but Shari Steele, our current Executive Director, is set to give retirement a second try at the end of 2018. After 15 years as the Executive Director of the Electronic Frontier Foundation, Shari was brought on in December 2015 to make the Tor Project more operationally sound.

“I had intended to retire after my time with EFF, but I believed strongly in the Tor Project’s mission, and I felt I could help. I look at the Tor Project organization today and feel quite confident that we’ve got the talent and the structure to continue to support the organization’s great work.” - Shari Steele

Around 35 engineers and operational support people plus many volunteers all over the world contribute to the Tor Project. Successful candidates for the Executive Director position will have a global perspective on privacy and censorship issues and be able to lead the diverse and distributed organization into its next phase of growth and sustainability.

Potential candidates can learn more about the position at the job page: https://www.torproject.org/about/jobs-execdirector.html

// Our New Guide Makes Running a Relay Easier Than Ever //

Have you considered running a relay, but didn't know where to start? Perhaps you're just looking for a way to help Tor, but you've always thought that running a relay was too complicated or technical for you and the documentation seemed daunting.

We're here to tell you that you can become one of the many thousands of relay operators powering the Tor network, if you have some basic command-line experience. Learn more and get started: https://blog.torproject.org/new-guide-running-tor-relay

// Italian Anti-Corruption Agency (ANAC) Adopts Onion Services //

ANAC software is based on a customized version of GlobaLeaks, a whistleblowing platform by the Hermes Center that integrates Tor natively. GlobaLeaks is expected to be redistributed to all Italian public agencies (~20.000 in total) to comply with Law 179/2017 and in line with the country’s recent strategic commitment to open-source software and the reuse of code.

Given that Tor is the world’s strongest internet anonymity tool, we expect to see usage of onion services for secure communication systems across all sectors continue to gain traction. Read more about laws governing whistleblowing and anti-corruption compliance and how Tor can help: https://blog.torproject.org/italian-anti-corruption-authority-anac-adopts-onion-services

// Tor + Outreachy: Internships for Underrepresented People in Tech //

The Tor Project has partnered with the Outreachy internship program, and we’ve got two internship slots for members of groups traditionally underrepresented in technology.

We’re committed to inclusion in all facets of Tor development, and having a diverse range of backgrounds, viewpoints, and experience helps us foster a healthy development community. Outreachy encourages underrepresented groups to learn new skills, meet new people in their field, and contribute to critical open source tools.

This round, we are looking for a User Advocate and a Documentation Editor. Applications are due March 22. Learn more about how to get started: https://blog.torproject.org/tor-outreachy-internships-underrepresented-people-tech

// Tor Browser 8.0a2 is Released //

The new release includes Tor 0.3.3.2-alpha, plus, we updated HTTPS Everywhere to 2018.1.29, NoScript to 5.1.8.4, and meek to 0.29. See the full changelog: blog.torproject.org/tor-browser-80a2-released

// Upcoming Events with Tor //

Nullcon with Amogh: https://nullcon.net Goa, India March 22, 2018

LibrePlanet with many Tor folks: https://www.libreplanet.org/2018/ Cambridge, MA March 24-25, 2018

Texas Library Association Conference with Alison Dallas, TX April 3, 2018

// Donate // https://donate.torproject.org

Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject

Onionize Against Censorship, Big Tor Browser Updates, Volunteer ❤, Events

Published on 2018-01-31

// Activists & News Orgs: Onionize Your Sites Against Censorship //

In many countries, censorship of websites with critical information or news is commonplace. If opinions, analysis, or facts contrary to the country’s narrative are published, repressive governments can quickly silence those voices by blocking access to those websites.

For instance, in September 2017, one day after Human Rights Watch released a report on systematic torture in Egypt’s jails, Egypt blocked access to the HRW website, curtailing its people’s access to the report and leaving them uninformed about their own countries treatment of its citizens. Egypt has also blocked numerous news sites, including Al Jazeera, so when AJ reported on Egypt’s block of HRW after the report on torture was released, the most critical audience, the Egyptian people, were less likely to be reached.

Publishing a website using onion services over the Tor network is a way to circumvent many state-led methods of censorship. These website addresses end in the TLD .onion. Similar to how the https:// protocol of a website provides more security than the http:// protocol, an onion address also appears to be the same site but gives a visitor more privacy and security through end-to-end encryption and improved authentication.

Visiting an onion address is easy. All that’s needed is Tor Browser (Tor Browser is built from Firefox and is similar to use); you visit the onion address in Tor Browser like you visit any web address.

Here’s the onion address of torproject.org: http://expyuzz4wqqyqhjn.onion/

The New York Times has an onion address: https://www.nytimes3xbfgragh.onion/

So does ProPublica: https://www.propub3r6espa33w.onion/

Download Tor Browser and check them out.

If your organization’s site is already blocked anywhere in the world, or if you are calling out injustices, sharing state-suppressed resources, or just want to provide your site and users with better privacy and security, creating an onion version of your website should be your next step.

Alec Muffett, a security researcher and longtime member of the Tor Community, has created the Enterprise Onion Toolkit (EOTK) to make it easier for you to give a public site a corresponding onion address. You can ping Alec on Twitter or join the EOTK mailing list if you have any questions about how to use it.

We want a free and open internet for all, so let’s onionize and build it.

// Tor Browser has a New Launcher & Now Supports Next-Gen Onion Services //

The Tor Browser Team proudly announced the first stable release in the 7.5 series. This release is available from the Tor Browser Project page and also from our distribution directory.

Apart from the usual Firefox security updates it contains some notable improvements compared to the 7.0 series. Here are the highlights:

Redesigned Tor Launcher

Support for the Next Generation of Onion Services

Enabled content sandboxing on Windows

Moved away from Gitian/tor-browser-bundle as the base of our reproducible builds environment

Learn more about the improvements and checkout the full changelog: https://blog.torproject.org/tor-browser-75-released

// Volunteer Spotlights //

Alec Helps Companies Activate Onion Services

Alec has worked in security for 30 years, and has long recognized the importance of distributed systems and Tor’s onion routing features: “Enabling two peers to communicate with nobody 'getting between' them was part of the intention of the original internet. Nowadays there's a saying: 'if you want to share a photo with a friend, why do you have to give it to a multi-billion-dollar corporation, first?'; but Tor offers a disintermediation solution for this, and perhaps all similar, problems."

He continues: "I believe that disintermediated communication is an important capability, and so I built the Enterprise Onion Toolkit to assist publishers, writers, and virtual communities to connect directly, securely, efficiently, and without intermediaries, to their audiences and membership.” Read more about Alec and the EOTK: https://blog.torproject.org/volunteer-spotlight-alec-helps-companies-activate-onion-services

Kat, a Privacy Activism Veteran, Has Been Around Tor People Longer than There's Been a Tor

We like to thank our volunteer relay operators by sending them a Tor t-shirt, and Kat helps Jon get those t-shirts out the door. She’s also helping with the website, as we begin our redesign and revamp our support and community portals. As if all that wasn’t enough, Kat has also set up her own relay, making the Tor network faster, more reliable, and more decentralized.

Setting up a relay is easy, she says. “I'd encourage anyone who has access to a server, some bandwidth, and reasonable sysadmin skills to give it a go. More relays mean a stronger Tor network, which means we can better protect the privacy of Tor users around the world.”

“I want everyone to be able to communicate freely so they can work together to make their worlds better places,” she says. “I care deeply about privacy, both in the ‘right to be let alone’ sense and in the ‘space to build and nurture one's identity’ sense.” Read more about Kat and her work with Tor: https://blog.torproject.org/volunteer-spotlight-kat-privacy-activism-veteran

DONATE NOW: donate.torproject.org

// Upcoming Events with Tor //

Explore Tor, NYC! Meetup and Q&A, NYU Tandon, February 15, 2017: https://blog.torproject.org/explore-tor-nyc-meetup-feb-15

Scholar and Feminist Conference Self-Defense Lab with Alison, Barnard College, February 16, 2017: https://blog.torproject.org/events/barnard-college-scholar-and-feminist-conference-self-defense-lab-alison

LibrePlanet, Cambridge, March 24-25, 2017: https://blog.torproject.org/events/many-tor-people-cambridge-libreplanet

// Thanks to the 3260 donors who made our end-of-year campaign such a success! //

With Mozilla's generous matching grant, we raised $420,522.84 in less than three months. You can still take a stand against tracking, surveillance, and censorship. Donate to the Tor Project today, and power the digital resistance: donate.torproject.org

Twitter: twitter.com/torproject Facebook: facebook.com/torproject

Volunteer Love, LatAm & NYC Meetups + Upcoming Event

Published on 2017-12-31

// We <3 Tor Volunteers! //

Tor is a labor of love, built by a small group of committed individuals, but we’re lucky to have the support of a dedicated volunteer base who help us make Tor the strongest anonymity tool out there.

Damian Johnson, aka atagar, has been contributing to Tor since 2009, when he was developing a real-time relay which started as a Google’s Summer of Code application. Damian has since become central to Tor.

In the past eight years, he has continued to develop arm (which just got a big overhaul, and is now called Nyx) and Stem, a Python controller library to use with Tor. He also graduated to running Google’s Summer of Code for six years, runs DocTor, a tool which monitors relay consensus health, and helps us run Tor’s many mailing lists, and helps onboard new core Tor members.

We’re grateful to Damian’s commitment to internet freedom, and for rolling up his sleeves and helping to improve Tor. Thank you, Damian!

We want to keep showing our volunteers some love, so if we don't reach out to you and you'd like to be featured in a volunteer spotlight, let Steph or Tommy know.

// Explore Tor, NYC! A New Meetup Starting December 7 //

The Tor community is vast and deep yet remains a virtual entity outside periodic physical events. In NYC on December 7, we are going to start to change that with a new meetup happening every two months: Explore Tor, NYC! Our first topic of discussion will be Running a Relay.

Current and future Tor relay operators will assemble on the 20th floor of 150 Broadway, in the LMHQ shared meeting space, at 6:45 PM. This face-to-face gathering is an opportunity to meet others who run Tor relays in NYC, and for those investigating the possibility of running a relay or a bridge. NYC apartments and offices are filled with high-bandwidth connections, and there is plenty to spare to help users around the world facing censorship and surveillance. Learn more about the meetup: https://blog.torproject.org/explore-tor-new-york-city-new-meetup-starting-dec-7

We hope you'll consider running a relay, especially if you live in a part of the world where we don’t have a lot of relays yet. We'll be releasing what we want to become a comprehensive guide to running a relay in the next few weeks and look forward to your questions and feedback.

// The Intersection of Technology, Culture, and Politics in LatAm //

Last weekend, a Tor meetup was held during the Primavera Hacker festival (hacker spring), a yearly free gathering organized in Santiago de Chile around the relationships between technology, politics, and culture in every aspect of contemporary life. It's necessary and urgent to open up the discussion on the use, design, and development of technology, how it is incorporated in daily life, and to encourage the development of alternative solutions that come from the communities themselves.

The context in Latin America has many faces and shapes. Extreme capitalism, femicides, and wide spread corruption are just a few. Sadly, some of these issues are also replicated into the digital world.

Tor offers a set of tools that can help people protect themselves and challenge some of these issues. The interception of communications, corporate surveillance, and digital threats are just around the corner. But there are yet many other communities to reach and contexts to be discovered, such as academic and technical groups.

The Tor meetup in Santiago, along with other meetups held in the region, is a tiny step in the effort to fill this gap. Join the Tor global south mailing list to stay tuned about other meetups and activities: https://lists.torproject.org/cgi-bin/mailman/listinfo/global-south

// Tor is a vital tool for protecting privacy and resisting repressive censorship and surveillance around the world, and you can help us make it stronger. //

Mozilla is generously matching every donation up to $500,000, so now’s your chance to double your impact towards a more free and open internet for all.

DONATE NOW: donate.torproject.org

// Upcoming Events with Tor //

[Explore Tor, NYC!] Running a Relay; December 7, 2017: https://blog.torproject.org/events/running-relay-explore-tor-nyc

Library Freedom Project training with Alison; Free Library of Philadelphia; December 8, 2017: https://blog.torproject.org/events/alison-does-library-freedom-project-training-free-library-philadelphia

Cyber Challenges to International Human Rights; Jerusalem; December 11-12, 2017: https://blog.torproject.org/events/roger-does-two-tor-talks-israel

34C3; Leipzig, Germany; December 27-30, 2017: https://blog.torproject.org/events/many-tor-people-leipzig-ccc

Twitter: twitter.com/torproject Facebook: facebook.com/torproject

Next-Gen Onions, Bastet, KIST, Mobile Browsing, Events

Published on 2017-11-08

We've got a lot to tell you.

To keep you informed with updates and opportunities from across the organization, we’re starting Tor News again and will send it around once a month to start. This format is a little different than what some of you originally signed up for, but we hope you’ll stick around and hear what Tor is doing to protect internet freedom. We're now using CiviCRM to send Tor News, and as in the past, we will not publish, sell, trade, share, or rent any information about you. If you’d rather unsubscribe, you can in the footer below. As always, we have team-specific mailing lists you can join.

Here’s what we’ve been up to.

Our New Harvest: the Next Generation of Onion Services

We are hyped to present the next generation of onion services! We've been working on this project non-stop for the past 4 years and we officially launched it a couple weeks ago by publishing our first alpha releases.

We are assuming you are familiar with traditional onion services: fun little sites that look like nytimes3xbfgragh.onion. Onion services have been around for over 10 years and are used for all sorts of tasty things. News organizations use them for private information disclosure (see SecureDrop). Websites use them to defeat censorship and provide a secure gateway for their users (e.g. ProPublica). The cryptocurrency ecosystem uses them to perform private transactions and mining. People use them for their reachability and permanent onion address if they are behind NAT or dynamic IP.

We believe that being able to express yourself and publish content with privacy is as important as being able to browse the web privately, and hence we consider onion services a critical part of the internet.

So let's get a taste of the improvements these next generation onions provide us with:

On the cryptography side, we are looking at cutting-edge crypto algorithms and improved authentication schemes. On the protocol end, we redesigned the directory system to defend against info leaks and reduce the overall attack surface. Read more: blog.torproject.org/tors-fall-harvest-next-generation-onion-services

Introducing Bastet: Our New Directory Authority

How does the network choose the route that Tor traffic takes through the network? How does every Tor user get the same information on relays? How does Tor authenticate the connection to any given relay?

The answer is through directory authorities — dedicated servers which tell Tor clients which relays make up the Tor network. Information about these directory authorities, located around the world and maintained by super trusted we-know-you-and-have-had-many-beers-with-you Tor volunteers, are hard-coded into Tor. Every hour, these volunteer-run directory authorities vote on and reach a consensus on the relays that make up the Tor network.

We added a new directory authority last month, increasing the diversity and stability of the directory authority system. The latest authority, named “Bastet” after the ancient Egyptian goddess, is run by Tor contributor Stefani. Continue reading: blog.torproject.org/introducing-bastet-our-new-directory-authority

Tor's Traffic Got KIST

Starting with Tor 0.3.2.1-alpha, we've had a new feature to address traffic congestion in the Tor network. The new algorithm —Kernel Informed Socket Transport (KIST)— prevents connections between Tor relays from becoming overwhelmed by changing how traffic is distributed throughout the Tor network.

The previous design often meant too much data was being written to each Tor relay connection, which would overwhelm relays and lead to traffic delays. KIST, on the other hand, intelligently considers how to write data across all connections to other relays in a way that allows traffic to pass through the network more quickly. Clients can run KIST, but the benefits accrue when it’s widely used by relays. Currently, KIST is only available on Linux-like systems because of how they handle TCP information, but a variant, KISTlite, runs on all systems. Learn more: blog.torproject.org/kist-and-tell-tors-new-traffic-scheduling-feature

We're Upping Our Support to Mobile Browsing

Around a year ago, folks from the Tor Project and the Guardian Project met to discuss the future of Tor Browser on mobile devices. The discussion began with Orfox, a Google Summer of Code (GSoC) project for mobile browsing over the Tor network. Since then, we have been working towards Orfox having similar functionality and security guarantees as Tor Browser for desktop.

Our first improvement was to port the Security Slider from Tor Browser desktop to Orfox. To adapt this feature from a desktop application into a mobile application, we had to change how the UI works for the mobile screen. Learn more about our plans for mobile: blog.torproject.org/blog/upping-support-mobile-browsing

Upcoming Events with Tor: https://blog.torproject.org/events/month

Vasilis at ENUCOMP, Parnaíba, Brazil; November 15-17, 2017 Alison at the International Forum Freedom of Research; Paris, France; November 16-18, 201 Vasilis at V INTERNATIONAL SYMPOSIUM LAVITS 2017, Santiago, Chile; November 29, 2017 - December 01, 2017 ilv, gus, vasilis and others at Primavera Hacker 17, Santiago, Chile; December 02-03, 2017

Take a Stand Against Tracking, Censorship, and Surveillance

There's never been a better time to donate to the Tor Project. Give today, and Mozilla will match your donation. We're standing up for privacy and powering digital resistance. Join us: https://www.torproject.org/donate-email2

« Previous | 1 | Next »