Newbie Reflections, Mozilla's Match, Events
// Reflections From a Tor Meeting Newbie //
When I joined the Tor Project in July as Fundraising Director, I quickly learned that most questions I had about Tor'97what it does, its history, what makes up the greater ecosystem, even detailed notes from all past meetings'97can be found online. The beauty of a free and open source culture became apparent to me immediately. I learned this month at my first meeting in Mexico City that there is one aspect of Tor that cannot be encapsulated in documentation'97the people.
I heard many voices at the meeting reflect on how the Tor Project has grown and changed in positive ways over the past few years. Without a doubt, this is a testament to the quality of the people working on Tor and the values we share. These values'97knowledge, engagement, inclusivity, collaboration, and fluidity'97were apparent throughout my five days in Mexico.
The people of Tor'97staff, volunteers, friends, and community partners'97are not only knowledgeable about privacy and security, they are citizens of the world and are eager to talk about philosophy, politics, and the ways in which people interact with systems and power. Without exception, the attendees of every session I went to were attentive and engaged.
The people of Tor are intentional about making everyone feel welcome and valued. From adherence to preferred pronouns to making sessions accessible to non-English speakers, these efforts to enhance accessibility could be seen and felt everywhere. Each session began with a reminder to make space for all types of people to speak and be heard. Although I was meeting most of the attendees for the first time, I was welcomed with open arms and never once felt excluded.
This meeting was inspirational in its engagement of local attendees on the public days. Many sessions were led in English and Spanish, including the State of the Onion address. Members of Tor teams, including myself, talked about what they'92d been up to and what was on the horizon, and we took questions from the group. The questions were intimate and thoughtful, and this opening session set an inclusive and collaborative tone for the public days.
I have never witnessed collaboration be so effective and efficient. People who have been working on Tor since the very beginning shared a space at the table with community members and people who were just hired. Roadmaps were created and new ideas were hatched.
Everyone I met was genuinely happy to be there. Old friends and new laughed, shared stories, and during the midweek party, we toasted mezcal and compared dance moves. People also connected through games of Mario Kart and Magic the Gathering.
All of these values coalesce around the ultimate goal of Tor'97making the world a better place. Essential human rights cannot be achieved without private and safe access to the internet. The work we do at Tor saves lives. Meeting our Tor community in Mexico City energized me and made me proud of the small part I play in this essential work.
// Mozilla Is Matching All Donations to Tor //
We have a bold mission: to take a stand against invasive and restrictive online practices and bring privacy and freedom to internet users around the world. But we can'92t do it alone.
Your support, along with the support of many others, can ensure the Tor Project'92s success into the future. Mozilla has already joined us in our fight and will be matching all donations until the end of the year.
This year, with your support, we can:
Increase the capacity, modularization, and scalability of the Tor network, making improvements and integrations into other privacy and circumvention tools easier and more reliable;
Better test for, measure, and design solutions around internet censorship, allowing people around the world living under repressive governments to access the open web safely and privately; and
Strengthen our development of Tor Browser for Android, now in alpha, and make sure it'92s in tip top shape to reach the rising number of people around the world who only access the internet from a mobile device that may have low bandwidth and a costly connection.
As part of our year end fundraising campaign, Mozilla will be matching every dollar donated to Tor, so your impact will be doubled.
Donate: https://torproject.org/donate/donate-sin-tn1
Make a donation today, and you can be counted as one of the stakeholders bringing safe and private internet access to people worldwide.
// New Releases //
Tor Browser 8.0.3 Tor Browser 8.0.3 includes newer NoScript and HTTPS Everywhere versions. Moreover, it ships with a donation banner for our end of the year campaign and includes another round of smaller fixes for Tor Browser 8 issues on Linux systems. We also switched to a newer API for our NoScript <-> Torbutton communication, which we need for the Security Slider. Full changelog: https://blog.torproject.org/new-release-tor-browser-803
Tor Browser 8.5a4 Highlights in Tor Browser 8.5a4 are a new Tor alpha version, 0.3.5.3-alpha, a fixed layout of our macOS installer window and Stylo (Mozilla's new CSS engine) being enabled on macOS after fixing a reproducibility issues. Full changelog: https://blog.torproject.org/new-release-tor-browser-85a4
Tor 0.3.5.3-alpha Tor 0.3.5.3-alpha fixes several bugs, mostly from previous 0.3.5.x versions. One important fix for relays addresses a problem with rate- limiting code from back in 0.3.4.x: If the fix works out, we'll be backporting it soon.Full changelog: https://blog.torproject.org/new-release-tor-0353-alpha
// Upcoming Events with Tor //
Internet Freedom Hack. Brisbane. November 9-11, 2018. https://blog.torproject.org/events/internet-freedom-hack-brisbane
Anonymous Browsing with Tor. Toronto Public Library. November 14, 2018. https://blog.torproject.org/events/anonymous-browsing-tor-toronto-public-library
GNU Health CON. Los Palmas, Spain. November 23-25, 2018. https://blog.torproject.org/events/gnu-health-con-los-palmas-spain
// Join Our Community //
Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://trac.torproject.org/projects/tor/wiki/TorRelayGuide
Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams
Donate to help keep Tor fast, strong, and secure: https://torproject.org/donate/donate-sin-tn1
--
The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.
Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject
Tor Browser for Android (alpha), We're Hiring, Share Your Tor Story, Open Days
// New Release: Tor Browser for Android (Alpha) //
Mobile browsing is on the rise around the world, and in some parts, it is commonly the only way people access the internet. In these same areas, there is often heavy surveillance and censorship online, so in the past year, we've focused on better supporting these users.
There's never been an official Tor Browser on mobile. Until now.
Introducing Tor Browser for Android (alpha), the mobile browser with the highest privacy protections ever available and on par with Tor Browser for desktop. You can download the alpha release on GooglePlay, or you can get the apk directly from our download page. The stable release is slated for early 2019.
Note: For this release, you also need to install Orbot, a proxy application that will connect Tor Browser for Android with the Tor network. For the upcoming Tor Browser for Android stable release, our goal is for Orbot not to be necessary to connect to Tor.
Learn about its features and try it out: https://blog.torproject.org/new-alpha-release-tor-browser-android
// We're Hiring: Software Developer, Anti-Censorship Team //
To strengthen our fight against censorship worldwide, we're forming a new Anti-Censorship Team. We need to hire a developer to help improve the user process of finding alternate routes to the Tor network when access is blocked.
Extensive experience writing and evaluating code in Python and Go is required. Experience with Rust, internet security, and obfuscation technologies would be a big help.
Learn more and apply: https://www.torproject.org/about/jobs-developer-anti-censorship.html.en
// How Has Tor Helped You? We Need Your Stories //
It's an understatement to say a lot has happened related to privacy and freedom online over the past seven years! Surveillance and crackdowns on free speech have increased around the world, and vast amounts of personal data have been collected and sold. Tools like Tor are needed more than ever to allow people to browse the web freely and privately.
It's been seven years since we last asked, so we want to know: What do you use Tor for? Why do you need it? What has Tor done for you? What could have happened if you weren't able to use Tor? We need your stories!
We know these examples exist, and we reference them in our talks around the world, but these stories are more powerful when they come as a quotable personal narrative from you. Read some example stories and tell us yours.
https://blog.torproject.org/how-has-tor-helped-you-we-need-your-stories
// Hack With Us in Mexico City //
Tor folks from around the world are heading out now to convene in Mexico City for one of our biannual meetings. We'll discuss the future of Tor as an organization and decide what protocols and features to focus our efforts on.
As part of this meeting, we're also having two open hack days everyone is welcome to join. The open days for the Mexico meeting will be Tuesday, October 2 and Wednesday, October 3 at the Sheraton Mar'eda Isabel.
Find out more: https://blog.torproject.org/hack-us-mexico-city-hackea-con-tor-en-mexico
// More New Releases //
Tor Browser 8.5a2 This alpha version contains the same bug fixes and improvements introduced in version 8.0.1. In addition we are updating Tor to 0.3.5.2-alpha, and are fixing some 8.0 issues. Full changelog: https://blog.torproject.org/new-release-tor-browser-85a2
Tor Browser 8.0.1 Tor Browser 8.0.1 ships the first stable Tor in the 0.3.4 series which solves a crash bug on older macOS systems (10.9.x). Also, thx to Alex from Cliqz for finding an issue with Torbutton. Full changelog: https://blog.torproject.org/new-release-tor-browser-801
Tor 0.3.4.8 (also other stable updates: 0.2.9.17, 0.3.2.12, and 0.3.3.10) This is the first stable release in its series; it includes compilation and portability fixes and improvements for running Tor in low-power and embedded environments, which should help performance in general. Full changelog: https://blog.torproject.org/new-release-tor-0348-also-other-stable-updates-02917-03212-and-03310
// Upcoming Events with Tor //
Tor Meetup Ciudad de M'e9xico. Mexico City. September 27, 2018. https://blog.torproject.org/events/tor-meetup-ciudad-de-mexico
Tor's Open Hack Days. Mexico City. October 2-3, 2018. https://blog.torproject.org/events/tors-open-hack-days-mexico-city
Tormenta: di'e1logos feministas para las libertades y autocuidados. Mexico City. October 4, 2018. https://blog.torproject.org/events/tormenta-dialogos-feministas-para-las-libertades-y-autocuidados
// Join Our Community //
Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://trac.torproject.org/projects/tor/wiki/TorRelayGuide
Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams
Donate to help keep Tor fast, strong, and secure: https://donate.torproject.org
--
The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.
Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject Instagram: https://instagram.com/torproject
We Gave Tor Browser a UX Overhaul
// We Gave Tor Browser a UX Overhaul //
For the past year, we have been collecting feedback on how we can make Tor Browser work better for you.
Tor Browser 8.0, our first stable release based on Firefox 60 ESR, is now available. This release is all about users first.
Tor Browser 8.0 comes with a series of user experience improvements that address a set of long-term Tor Browser issues youâve told us about. To meet our users' needs, Tor Browser has a new user onboarding experience; an updated landing page that follows our styleguide; additional language support; and new behaviors for bridge fetching, displaying a circuit, and visiting .onion sites.
For the most part, using Tor is like using any other browser (and it is based on Firefox), but there are some usage differences and cool things happening behind the scenes that users should be aware of. Our new onboarding experience aims to better let you know about unique aspects of Tor Browser and how to maximize those for your best browsing experience.
Improved Bridge Fetching
For users where Tor is blocked, we have previously offered a handful of bridges in the browser to bypass censorship. But to receive additional bridges, you had to send an email or visit a website, which posed a set of problems. To simplify how you request bridges, we now have a new bridge configuration flow when you when you launch Tor. Now all you have to do is solve a captcha in Tor Launcher, and youâll get a bridge IP. We hope this simplification will allow more people to bypass censorship and browse the internet freely and privately.
Better Language Support
Millions of people around the world use Tor, but not everyone has been able to use Tor in their language. In Tor Browser 8, weâve added resources and support for nine previously unsupported languages: Catalan, Irish, Indonesian, Icelandic, Norwegian, Danish, Hebrew, Swedish, and Traditional Chinese.
Collaboration Was Key
Providing this many improvements for our users could only be possible with collaboration between the Tor Browser team and Tor's UX team, Community team, Services Admin team, and our volunteers. We would like to thank everyone for working hard over the past year to bring all these new features to our users.
Learn more about it: https://blog.torproject.org/new-alpha-release-tor-browser-android Try it out: https://www.torproject.org/download/download-easy.html
// Volunteer Spotlight: Sina Rabbani Helps Activists Avoid Government Censorship //
Tor is a labor of love built by a small group of committed individuals. Weâre grateful to have the support of a dedicated volunteer base who help us to make Tor the strongest privacy tool out there, and weâre highlighting their work in this series. We want to thank Sina Rabbani, one of the co-founders (and former CTO) of Access Now, a nonprofit dedicated to defending usersâ digital rights, for his years of support to Tor and to the internet freedom movement.
Sina runs Faravahar, one of nine Tor directory authorities. These dedicated servers tell the millions of Tor clients which relays make up the Tor network. A talented and passionate engineer, Sina has been involved with digital rights activism for almost a decade. Today, heâs a Systems Engineer with Team Cymru, an internet security company which analyzes threat intelligence.
Free speech is something Sina doesnât take for granted. âI was born in a country where you can be sentenced to death because of your speech,â he said. âFreedom of speech in the digital age is a basic human right. Tyranny will start by taking our ability to speak up first, then the rest of our rights.â
âTor gives me a chance to resist tyranny in a non-violent manner, and I feel blessed and grateful for the opportunity. The hope is to one day move Faravahar to one of Iranâs universities. Until that day, Ma Hastim va Ma Bishomarim â we are, and we are countless.â
Learn more about Sina's work and how he became involved with Tor: https://blog.torproject.org/volunteer-spotlight-sina-rabbani-helps-activists-avoid-government-censorship
// More New Releases //
Tor Browser 8.0a10 Tor Browser 8.0a10 is the second alpha release based on Firefox ESR 60 and contains a number of improvements and bug fixes. It includes major updates to the user experience, and there are more to come. The stable version is slated for release next week! Full changelog: https://blog.torproject.org/new-release-tor-browser-80a10
Tor 0.3.4.7-rc Tor 0.3.4.7-rc fixes several small compilation, portability, and correctness issues in previous versions of Tor. This version is a release candidate: if no serious bugs are found, we expect that the stable 0.3.4 release will be (almost) the same as this release. Full changelog: https://blog.torproject.org/new-release-tor-0347-rc
// Upcoming Events with Tor //
Tor Meetup Ciudad de MĂ©xico. Mexico City. September 27, 2018. https://blog.torproject.org/events/tor-meetup-ciudad-de-mexico
Tor's Open Hack Days. Mexico City. October 2-3, 2018. https://blog.torproject.org/events/tors-open-hack-days-mexico-city
// Join Our Community //
Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://trac.torproject.org/projects/tor/wiki/TorRelayGuide
Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams
Donate to help keep Tor fast, strong, and secure: https://donate.torproject.org
--
The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.
Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject
Research Tips & Topics, Egypt Censorship Report, HOPE Vid, Events
// The State of Internet Censorship in Egypt //
A groundbreaking report by OONI and AFTE uncovered anomalies on Egyptian networks including censorship and the hijacking of unencrypted HTTP connections for advertising and cryptocurrency mining. Even UN sites were redirected.
Also, more than 100 news websites are blocked in Egypt, including Al Jazeera, The Huffington Post Arabic, Mada Masr, Almesryoon, Daily News Egypt, Turk Press and Iranâs Alalam News.
âThe blocking of media organizationsâ websites has had a severe impact on their operations, and some have even suspended their work altogether as a result of persisting censorship,â said Mohammad El Taher, director of the AFTE research unit.
While itâs been known that Egypt has undertaken widespread censorship of websites, this is the first time a comprehensive study of the methods of censorship have been undertaken. Find out how Egypt censors: https://blog.torproject.org/egypt-internet-censorship
// How to Do Effective and Impactful Tor Research //
As we mentioned in our previous post about Tor research topics, Tor greatly benefits from the research community. When researchers work closely with the design and development of deployed systems, this not only results in better research, but also better systems. For project maintainers, research that identifies vulnerabilities, creates new solutions to existing problems, and verifies proposed designs helps improve projects and make them safer for end users. TLS 1.3 is one recent example of where a symbiotic research/practitioner relationship has improved the protocol's design and safety.
However it is all too common that good research ideas don't make their way into practice. Within Tor, we have found that integrating new research findings isn't seamless or predictable, and good ideas are often lost or deemed incompatible without significantly more analysis and research.
The purpose of this post is to discuss what good research needs to do in order to ensure it has the best chance of being adopted by Tor or any other large software project.
We have structured this post in terms of an ordered list of goals for research. Each successive goal is more difficult to accomplish than the previous one. At the end of this post, we will look at a positive example of excellent research that successfully accomplished all of these goals and give overall takeaways.
Find out your list of goals, in order of increasing difficulty, when conducting relevant research: https://blog.torproject.org/how-do-effective-and-impactful-tor-research
// Open Research Topics: 2018 Edition //
Here we update the list of open Tor research problems, to bring focus to specific areas of research that the Tor Project thinks are necessary/useful in our efforts to upgrade and improve the Tor network and associated components and software. It is organized by topic area: network performance, network security, censorship circumvention, and application research. Each topic area provides information about current and desired work and ideas. We conclude with information about doing ethical and useful research on Tor and with suggestions on how to best ensure that this work is useful and easy for us to adopt. Check them out: https://blog.torproject.org/tors-open-research-topics-2018-edition
// Watch The Onion Report from HOPE //
Find out all about what different teams at Tor have been up to by watching The Onion Report from HOPE. Filmed July 20th in NYC with Steph, Alison, George, David, and Matt: https://livestream.com/internetsociety/hope/videos/178158095
// New Onion Services Add-On: Vanguards //
Earlier this year, the Tor Project released its first stable Tor and Tor Browser releases with the new v3 onion service protocol. The protocol features many improvements, including longer and more secure onion addresses, service enumeration resistance, improved authentication, and upgraded cryptography.
However, while this new protocol closes off some attacks (particularly enumeration and related targeted DoS attacks), it does not solve any attacks that could lead to service deanonymization.
The core Vanguards functionality ensures that all onion service circuits are restricted to a set of second and third layer guards, which have randomized rotation times.
If you want to beef up the security of your onion service, this add-on is for you: https://blog.torproject.org/announcing-vanguards-add-onion-services
// New Releases //
Tor 0.3.3.8 This release backports several changes from the 0.3.4.x series, including fixes for a memory leak affecting directory authorities. Full changelog: https://blog.torproject.org/tor-0338-released
Tor Browser 8.0a7 This release features important security updates to Firefox and updates firefox to 52.8.0esr. In addition we fixed some issues with UI customization and YouTube videos play. Full changelog: https://blog.torproject.org/tor-browser-80a7-released
Tor Browser 7.5.4 This release updates Firefox to 52.8.0esr, HTTPS Everywhere to 2018.4.11, and NoScript to 5.1.8.5. In addition, we exempt .onion domains from mixed content warnings, fixed a fingerprinting issue and an issue with localized content. Full changelog: https://blog.torproject.org/tor-browser-754-released
// Upcoming Events with Tor //
Explore Tor, NYC! Meetup and Q&A with Isabela Bagueros. Brooklyn, USA. August 2, 2018. https://blog.torproject.org/events/explore-tor-nyc-meetup-qa-isa
Def Con. Las Vegas, USA. August 9-12, 2018. https://blog.torproject.org/events/roger-and-steph-and-others-def-con-las-vegas
IX Seminårio de Proteção à Privacidade e aos Dados Pessoais. August 7-8, 2018. https://blog.torproject.org/events/ix-seminario-de-protecao-privacidade-e-aos-dados-pessoais
FOCI Workshop. Baltimore, USA. August 14, 2018. https://blog.torproject.org/events/foci-workshop-baltimore
USENIX. Baltimore, USA. August 15-17, 2018. https://blog.torproject.org/events/usenix-security-baltimore
RustConf. Portland, USA. August 17, 2018. https://blog.torproject.org/events/rustconf-portland
// Join Our Community //
Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://trac.torproject.org/projects/tor/wiki/TorRelayGuide
Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams
Donate to help keep Tor fast, strong, and secure: https://donate.torproject.org
--
The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.
Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject Instagram: https://instagram.com/torproject
Censorship Circumvention, Trackers, Onion Protections, New Releases, Events
Breaking Through Censorship Barriers, Even When Tor Is Blocked
Last week, Venezuela blocked access to the Tor network. Prior to the block, there were over 30,000 people in Venezuela enjoying the privacy and security protections Tor provides: https://news.vice.com/en_us/article/59qvwz/venezuela-maduro-tor-network-censorship
Connecting to Tor is a luxury, but we have developed ways for people where Tor is blocked to continue to connect to the network. Using bridges and pluggable transports, people can break through censorship and continue to access the open web. For more information about using bridges, see:
https://blog.torproject.org/rompiendo-barreras-de-censura-incluso-cuando-tor-esta-bloqueado [Spanish]
https://blog.torproject.org/breaking-through-censorship-barriers-even-when-tor-blocked [English]
If you have basic command line experience, you can help out people in countries with heavy censorship by becoming a bridge operator: https://www.torproject.org/docs/pluggable-transports#operator
Don't Let Facebook or Other Trackers Follow You on The Web
In the early age of the internet, people enjoyed a high level of privacy. Webpages were just hypertext documents; almost no personalization of the user experience was offered (or forced). The web today has evolved into a system of surveillance capitalism, where advertising networks follow users while they browse the web, continuously collecting traces of personal data and surfing patterns to create profiles of users in order to target them.
Using the web today, you are a target. And because of the rampant tracking across websites, each time you use the internet, you become an easier target.
By tracking you across different applications and sites through cookies or open web sessions, your personal preferences and social connections are collected and often sold. Even if you do not accept cookies or are not logged into a service account, such as your Google, Twitter, or Facebook accounts, the web page and third-party services can still try to profile you by using third-party HTTP requests or other techniques.
Within the HTTP request, various selectors can be included to communicate user preferences or particular features, in the form of URL variables. Personalized language or fonts settings, browser extensions, in-page keywords, battery charge and status, and more can be used to identify you by restricting the pool of possible candidates among all the visitors in a certain time frame, location, profile of interests. You can then be distinguished, or fingerprinted, across multiple devices or sessions and then the profile the tracker has on you is expanded.
By the sites and applications themselves, the story is spun to sound as if theyâre doing you a favor: they say this collection allows them to customize your experience. You see ads more relevant to you, Facebook and others say.
Even if you think of an advertising network as a recommendation system, this same system is also influencing what you see. Itâs changing your experience of the internet.
But at what cost is this customization? When confronted with transparency around what this âcustomizationâ takes, it âpoisonsâ the ad. So of course these companies are pushing back against transparency, but we need to keep pushing them and doing what we can to prevent them from continuing to exploit us online.
Learn about how Tor Browser can help: https://blog.torproject.org/dont-let-facebook-or-any-tracker-follow-you-web
Privacy International Protects Partners with Its Onion Address
This guest post is written by Ed Geraghty, Technologist, Privacy International.
No one shall be subjected to arbitrary interference with [their] privacy, family, home or correspondence, nor to attacks upon [their] honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
- United Nations Declaration of Human Rights (UDHR) 1948, Article 12
The right to privacy is a qualified, fundamental human right. We at Privacy International (PI) work hard with our network of partners to ensure this fundamental right is protected - it is essential to autonomy, the protection of human dignity, and is the foundation upon which many other human rights are built.
This is becoming ever-more important in an age of ubiquitous, indiscriminate mass surveillance, especially as more and more aspects of our daily lives - interactions with friends, family, companies, and the state - are dependent upon technology. In order for individuals to fully participate in the modern world, developments in law and technologies must strengthen and not undermine the ability to freely enjoy this right.We challenge governments' powers by advocating and litigating for stronger protections. We lead research and investigations to shine a light on powers and capabilities, and to instigate and inform debate. We advocate for good practices and strong laws worldwide to protect people and their rights. We equip civil society organisations across the world to increase public awareness about privacy. We raise awareness about technologies and laws that place privacy at risk, to ensure that the public is informed and engaged.
Tor is an important tool in our arsenal - a technology which allows people to communicate, use the internet, and browse the web in a manner which evades censorship.
Many of our partners work in challenging environments, with massive state surveillance and/or ongoing censorship programmes. Giving them an ability to securely browse the web (both clear and onion) in a way which allows them to evade dragnet surveillance also allows them to conduct investigations securely.
Find out what else running an onion address provides the Privacy International community: https://blog.torproject.org/privacy-international-protects-partners-its-onion-address
New Releases
Tor 0.3.3.7 This release backports several changes from the 0.3.4.x series, including fixes for bugs affecting compatibility and stability. Full changelog: https://blog.torproject.org/tor-0337-released
Tor Browser 7.5.6 This release features important security updates to Firefox, updates Firefox to 52.9.0esr, and includes newer versions of NoScript and HTTPS Everywhere. Moreover, we added the latest Tor stable version, 0.3.3.7. Full changelog: https://blog.torproject.org/tor-browser-756-released-
Upcoming Events with Tor
HOPE. New York City, USA. July 20-22, 2018. https://hope.net/
The 18th Privacy Enhancing Technologies Symposium (PETS). Barcelona, Spain. July 24-27, 2018. https://petsymposium.org/2018/index.php
Tor Community Night. Barcelona, Spain. July 24, 2018. https://blog.torproject.org/events/tor-community-night-barcelona
Def Con. Las Vegas, USA. August 8-12, 2018. https://blog.torproject.org/events/roger-and-steph-and-others-def-con-las-vegas
Join Our Community
Getting involved with Tor is easy: you can help us make the network faster and more decentralized by running a relay. https://trac.torproject.org/projects/tor/wiki/TorRelayGuide
You can learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams
If you want to make a contribution but donât have the time to volunteer, your donation will help keep Tor fast, strong, and secure: https://donate.torproject.org
--
The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.
Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject
Domain Fronting, Relay Help, User Needs, New Interns, Events
// Domain Fronting Is Critical to the Open Web //
Last month, Amazon and Google have both announced theyâre pulling the plug on domain fronting, a crucial tool which helps our most vulnerable users get access to Tor when their countries donât allow it. Users of Signal and Telegram are also affected by this block, and Access Now identified approximately a dozen âhuman rights-enabling technologiesâ which had relied on Google for this purpose: https://www.accessnow.org/google-ends-domain-fronting-a-crucial-way-for-tools-to-evade-censors/
Tor Browser protects against tracking, surveillance, and censorship, but not everyone around the world has the luxury to connect to use it. By default, Tor Browser makes all of its users look alike. However, it doesn't hide the fact you're connecting to Tor, an open network where anyone can get the list of relays. This network transparency has many benefits, but also has a downside: repressive governments and authorities can simply get the list of Tor relays and block them. We strongly oppose this censorship and believe everyone should have access to information on the open web. Thatâs why we developed pluggable transports to bypass censorship and connect to the Tor network.
Domain fronting is a type of pluggable transport where Tor traffic appears to be talking to a third party that is hard to block, like Amazon or Google, when it is really talking to a Tor relay. An example of this is Torâs âmeekâ pluggable transport, which is described here: trac.torproject.org/projects/tor/wiki/doc/meek
Google and Amazon have both shut down domain fronting, making meek no longer usable over those CDNs. As of this writing, Microsoftâs Azure cloud still seems to be working with meek.
For the time being, we are shifting to Microsoftâs Azure cloud. But weâve heard that option will soon be shut down, as well.
Unfortunately, it doesnât look like there is a fast fix. We were not given advance notice of these changes, so we are thinking hard on potential solutions to ensure our friends living in repressive regimes around the world can continue to access the open web.
// Get Help Running Your Relay From Our New Advocate //
Thousands of relays make up the roots of the Tor network, and the volunteers who run them are indispensable, donating their time, infrastructure, and technical know-how to help millions of people around the world, including activists and journalists, communicate privately and securely.
Over the years, the Tor team saw there was a need for greater support of the relay operator community and heard concerns about how to better meet their needs. We now have a Relay Advocate whose job will be improving the health and happiness of the relay operator community, expanding the community, and helping improve bonds between operators. Meet Colin (Phoul) and find out what he'll be up to: https://blog.torproject.org/get-help-running-your-relay-our-new-advocate
// Tor + Tails UX: Identifying User Needs at CryptoRave 2018 //
This month during the geek CryptoRave in SĂŁo Paulo, we invited Tails and Tor users to join a user needs session. We love to run sessions with groups of similar users so we can focus on their unique needs and experiences. Users of Tor and Tails have the common objective: they are looking to use private and secure tools, and their safety could be a concern.
We like to envision our community of users ultimately making the tools we build. UX is about relationships. We need to understand our users' relationship to our software. And in order to do that, we need a close relationship with our users. Find out what we're considering to address user needs we identified: https://blog.torproject.org/tor-tails-ux-identifying-user-needs-cryptorave-2018
// Meet the Tor Summer of Privacy & Outreachy Interns //
We have new contributors joining the Tor Project who come to us through two paid internship programs, Tor Summer of Privacy and Outreachy, an internship program for underrepresented groups in tech. Meet the interns and find out a few of the things theyâll be working on: blog.torproject.org/meet-tor-summer-privacy-and-outreachy-interns
// New Releases //
Tor 0.3.3.6 This is the first stable release in the 0.3.3 series. It backports several important fixes from the 0.3.4.1-alpha. The Tor 0.3.3 series includes controller support and other improvements for v3 onion services, official support for embedding Tor within other applications, and our first non-trivial module written in the Rust programming language. (Rust is still not enabled by default when building Tor.) And as usual, there are numerous other smaller bugfixes, features, and improvements. Full changelog: https://blog.torproject.org/tor-0336-released-new-stable-series
Tor Browser 8.0a7 This release features important security updates to Firefox and updates firefox to 52.8.0esr. In addition we fixed some issues with UI customization and YouTube videos play. Full changelog: https://blog.torproject.org/tor-browser-80a7-released
Tor Browser 7.5.4 This release updates Firefox to 52.8.0esr, HTTPS Everywhere to 2018.4.11, and NoScript to 5.1.8.5. In addition, we exempt .onion domains from mixed content warnings, fixed a fingerprinting issue and an issue with localized content. Full changelog: https://blog.torproject.org/tor-browser-754-released
// Upcoming Events with Tor //
Mozilla All-Hands. San Francisco, USA. June 11-15, 2018. https://blog.torproject.org/events/mozilla-all-hands-san-fran
Citizen Lab Summer Institute. Toronto, Canada. June 13-15, 2018. https://blog.torproject.org/events/citizen-lab-summer-institute-toronto
The First Amendment for the 21st Century Pittsburgh, USA. June 21-22, 2018. https://blog.torproject.org/events/first-amendment-21st-century-pittsburgh
The 18th Privacy Enhancing Technologies Symposium (PETS). Barcelona, Spain. July 24-27, 2018. https://petsymposium.org/2018/index.php
// Join Our Community //
Getting involved with Tor is easy: you can help us make the network faster and more decentralized by running a relay. https://trac.torproject.org/projects/tor/wiki/TorRelayGuide
You can learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams
If you want to make a contribution but donât have the time to volunteer, your donation will help keep Tor fast, strong, and secure: https://donate.torproject.org
--
The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.
Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject
Our Next Executive Director, Call for HotPETS Talks, Tor Messenger, New Releases
// Isabela Bagueros Will Be Our Next Executive Director //
Shari announced her retirement from the Tor Project at the end of February, and the search for our next Executive Director is already over. We didn't have to look far. Isabela Bagueros, current Tor Project Manager, will be our next Executive Director!
Isa joined the Tor Project in 2015 and has led teams in collaborative strategy building and roadmapping unprecedented at the organization. She also leads Torâs UX team in implementing critical usability improvements and is leading an overhaul of Torâs website.
âIsaâs contributions to Tor are too many to name here,â said Shari Steele, Torâs current Executive Director who was brought on in 2015 to make the organization more operationally sound. âShe brings global experience and perspective to privacy and censorship issues, and I could not be more confident in her ability to lead the organization into its next phase of growth and sustainability.â
Thinking of the user first has always been a priority for Isa, and during her three years with the organization, the scope of her vision for Tor has expanded to include the health of the organization and network. âI think any person on the planet should have access to the Tor network and enjoy the privacy and security it provides,â said Isa. âThat means we need a healthy and scalable network and a strong and diverse organization to support that. Iâm looking forward to seeing Tor gain global recognition for the privacy protections and censorship circumvention it provides.â
Now in a transition phase, Isabela will officially begin her position as Executive Director after she hires her replacement Project Manager and gets up to speed on the requirements of the job. Shari will continue as Executive Director until Isabela transitions and then plans to move into a consulting role through the end of the year. Shari will join the Tor Project Board of Directors beginning January 2019.
Congratulations, Isa! :D
Check out the post to read Isa's full bio: https://blog.torproject.org/announcing-tors-next-executive-director-isabela-bagueros
// Call for Talks: HotPETS 2018 //
The Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs) fosters new ideas and spirited debates on privacy. Held in conjunction with the 18th Privacy Enhancing Technologies Symposium (PETS), the 11th HotPETs will be held July 27, 2018 in Barcelona, Spain.
HotPETS is calling for engaging and informative 10-15 minute talks on hot topics in privacy enhancing technologies (PETs), with each talk to be followed by a 5-10 minute question period. The nature of HotPETs' discussion-oriented format is especially suited to works in progress and new ideas that have not yet been fully formed.
Last year there was an interesting discussion about whether a separate Tor network should be set up for safer research and another discussion around I2P. What idea, experience, lessons, or theories would you like to talk through? Find out some topics of interest and how to apply: https://blog.torproject.org/call-talks-hotpets-2018
// Sunsetting Tor Messenger //
In 2015, we introduced Tor Messenger, a cross-platform chat program that aimed to be secure by default by sending all of its traffic over Tor and enforcing encrypted one-to-one conversations by bundling and using OTR (Off-the-Record) messaging. The aim was to provide a chat client that supported a wide variety of transport networks like Jabber (XMPP), IRC, Google Talk, Facebook, Twitter; had an easy-to-use graphical interface; and configured most of the security and privacy settings automatically with minimal user intervention.
When we released the first version, we tried to clearly identify the limitations of such a product: Tor Messenger was meant for communicating over existing social networks. This meant that in such a client-server model, your metadata could be logged by the server, but your route to the server would be not be disclosed because it would be over Tor, and your communications would be encrypted with Off-the-Record messaging. We still thought this was a better alternative than the other products in the market, such as Pidgin, because it had safer and secure default configurations.
Eleven beta releases later, we have, sadly, decided to discontinue supporting Tor Messenger. Find out why: https://blog.torproject.org/sunsetting-tor-messenger
We apologize for any inconvenience this may have caused. We still believe in Tor's ability to be used in a messaging app, but sadly, we don't have the resources to make it happen right now. Maybe you do?
// New Releases //
Tor 0.3.3.5-rc This release fixes various bugs in earlier versions of Tor, including some that could affect reliability or correctness. This is the first release candidate in the 0.3.3 series. If no new bugs or regression is found, then the first stable 0.3.3 release will be nearly identical to this one. Full changelog: https://blog.torproject.org/tor-0335-rc-released
Tor Browser 8.0a6 This release includes newer versions of Tor (0.3.3.5-rc), OpenSSL (1.0.2o), HTTPS Everywhere (2018.4.11), and NoScript (5.1.8.5). Among other things we fixed the issue with secure cookies which were not working on http .onion pages, we made it possible to run Tor Browser without a /proc filesystem and we updated the GCC we use for building the Windows and Linux versions to 6.4.0. Full changelog: https://blog.torproject.org/tor-browser-80a6-released
TorBirdy 0.2.4 TorBirdy is an extension for Mozilla Thunderbird that configures it to make connections over the Tor network. This release adds support for Thunderbird 58 and 59, fixes a bug in Thunderbird that leaks the installed dictionary language using the "Content-Language" header (for more information see Bug 22484), updates the Enigmail keyserver settings, and adds new translations. Full changelog: https://blog.torproject.org/torbirdy-024-released
// Upcoming Events with Tor //
RightsCon. Toronto, Canada. May 16-18, 2018: Several Tor folks will be attending and will have a booth set up for a half day on either the 16th or 17th (more info to follow on the events calendar). https://rightscon.org https://blog.torproject.org/events/month
The 18th Privacy Enhancing Technologies Symposium (PETS). Barcelona, Spain. July 24-27, 2018. https://petsymposium.org/2018/index.php
// Join Our Community //
Getting involved with Tor is easy: you can help us make the network faster and more decentralized by running a relay. https://trac.torproject.org/projects/tor/wiki/TorRelayGuide
You can learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams
If you want to make a contribution but donât have the time to volunteer, your donation will help keep Tor fast, strong, and secure: https://donate.torproject.org
--
The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.
Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject
User Advocate (Mozilla Fellowship), Privacy Challenge, Live Styleguide, Volunteer, Releases đ
Power Digital Resistance with Tor!
âI think Tor is the most important privacy-enhancing technology project being used today.â âEdward Snowden
Friend,
Thank you so much for being a member of the Tor community. As part of the Tor Projectâs end-of-year fundraising campaign, weâre highlighting how Tor powers digital resistance and promotes and protects essential human rights around the world.
And if you donate now, Mozilla will match your donation up to a total of $500,000!
MAKE A DONATION: https://donate.torproject.org
For the past decade, weâve been building and distributing software that saves lives. Activists and journalists use Tor to alert the world to human rights abuses, people in countries that censor the internet use Tor to access critical resources, and ordinary users use Tor to evade pervasive surveillance and tracking. Millions of people rely on Tor every day for a safer, more secure way to access the internet.
This vital work is made possible thanks, in no small part, to supporters like you.
Corporate whistleblowers, health care workers, politicians, lawyers, and members of marginalized communities all depend on Tor to protect themselves. Weâve got big plans for improving Tor in 2018, bringing its privacy protections to mobile devices and encouraging more third-party developers to integrate Torâs protection into their apps.
Letâs fight for free expression together. Donate today, get some cool swag, and have your gift matched by Mozillaâs generous matching program.
We rely on the generous support of our donors, and you can help us make the worldâs strongest privacy tool even stronger by lending a hand. Whether you can give $5 or $500, youâll be helping promote basic human rights worldwide. Join the digital resistance and support the Tor Project today!
Yours in privacy, Tommy
Tommy Collison Writer/Editor The Tor Project
MAKE A DONATION: https://donate.torproject.org
ED Search, Relay Guide, Onions for Anti-Corruption, Internships, Events
// We've Launched a Search for Our Next Executive Director! //
We are going to miss her, but Shari Steele, our current Executive Director, is set to give retirement a second try at the end of 2018. After 15 years as the Executive Director of the Electronic Frontier Foundation, Shari was brought on in December 2015 to make the Tor Project more operationally sound.
âI had intended to retire after my time with EFF, but I believed strongly in the Tor Projectâs mission, and I felt I could help. I look at the Tor Project organization today and feel quite confident that weâve got the talent and the structure to continue to support the organizationâs great work.â - Shari Steele
Around 35 engineers and operational support people plus many volunteers all over the world contribute to the Tor Project. Successful candidates for the Executive Director position will have a global perspective on privacy and censorship issues and be able to lead the diverse and distributed organization into its next phase of growth and sustainability.
Potential candidates can learn more about the position at the job page: https://www.torproject.org/about/jobs-execdirector.html
// Our New Guide Makes Running a Relay Easier Than Ever //
Have you considered running a relay, but didn't know where to start? Perhaps you're just looking for a way to help Tor, but you've always thought that running a relay was too complicated or technical for you and the documentation seemed daunting.
We're here to tell you that you can become one of the many thousands of relay operators powering the Tor network, if you have some basic command-line experience. Learn more and get started: https://blog.torproject.org/new-guide-running-tor-relay
// Italian Anti-Corruption Agency (ANAC) Adopts Onion Services //
ANAC software is based on a customized version of GlobaLeaks, a whistleblowing platform by the Hermes Center that integrates Tor natively. GlobaLeaks is expected to be redistributed to all Italian public agencies (~20.000 in total) to comply with Law 179/2017 and in line with the countryâs recent strategic commitment to open-source software and the reuse of code.
Given that Tor is the worldâs strongest internet anonymity tool, we expect to see usage of onion services for secure communication systems across all sectors continue to gain traction. Read more about laws governing whistleblowing and anti-corruption compliance and how Tor can help: https://blog.torproject.org/italian-anti-corruption-authority-anac-adopts-onion-services
// Tor + Outreachy: Internships for Underrepresented People in Tech //
The Tor Project has partnered with the Outreachy internship program, and weâve got two internship slots for members of groups traditionally underrepresented in technology.
Weâre committed to inclusion in all facets of Tor development, and having a diverse range of backgrounds, viewpoints, and experience helps us foster a healthy development community. Outreachy encourages underrepresented groups to learn new skills, meet new people in their field, and contribute to critical open source tools.
This round, we are looking for a User Advocate and a Documentation Editor. Applications are due March 22. Learn more about how to get started: https://blog.torproject.org/tor-outreachy-internships-underrepresented-people-tech
// Tor Browser 8.0a2 is Released //
The new release includes Tor 0.3.3.2-alpha, plus, we updated HTTPS Everywhere to 2018.1.29, NoScript to 5.1.8.4, and meek to 0.29. See the full changelog: blog.torproject.org/tor-browser-80a2-released
// Upcoming Events with Tor //
Nullcon with Amogh: https://nullcon.net Goa, India March 22, 2018
LibrePlanet with many Tor folks: https://www.libreplanet.org/2018/ Cambridge, MA March 24-25, 2018
Texas Library Association Conference with Alison Dallas, TX April 3, 2018
// Donate // https://donate.torproject.org
The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.
Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject
Onionize Against Censorship, Big Tor Browser Updates, Volunteer â€, Events
// Activists & News Orgs: Onionize Your Sites Against Censorship //
In many countries, censorship of websites with critical information or news is commonplace. If opinions, analysis, or facts contrary to the countryâs narrative are published, repressive governments can quickly silence those voices by blocking access to those websites.
For instance, in September 2017, one day after Human Rights Watch released a report on systematic torture in Egyptâs jails, Egypt blocked access to the HRW website, curtailing its peopleâs access to the report and leaving them uninformed about their own countries treatment of its citizens. Egypt has also blocked numerous news sites, including Al Jazeera, so when AJ reported on Egyptâs block of HRW after the report on torture was released, the most critical audience, the Egyptian people, were less likely to be reached.
Publishing a website using onion services over the Tor network is a way to circumvent many state-led methods of censorship. These website addresses end in the TLD .onion. Similar to how the https:// protocol of a website provides more security than the http:// protocol, an onion address also appears to be the same site but gives a visitor more privacy and security through end-to-end encryption and improved authentication.
Visiting an onion address is easy. All thatâs needed is Tor Browser (Tor Browser is built from Firefox and is similar to use); you visit the onion address in Tor Browser like you visit any web address.
Hereâs the onion address of torproject.org: http://expyuzz4wqqyqhjn.onion/
The New York Times has an onion address: https://www.nytimes3xbfgragh.onion/
So does ProPublica: https://www.propub3r6espa33w.onion/
Download Tor Browser and check them out.
If your organizationâs site is already blocked anywhere in the world, or if you are calling out injustices, sharing state-suppressed resources, or just want to provide your site and users with better privacy and security, creating an onion version of your website should be your next step.
Alec Muffett, a security researcher and longtime member of the Tor Community, has created the Enterprise Onion Toolkit (EOTK) to make it easier for you to give a public site a corresponding onion address. You can ping Alec on Twitter or join the EOTK mailing list if you have any questions about how to use it.
We want a free and open internet for all, so letâs onionize and build it.
// Tor Browser has a New Launcher & Now Supports Next-Gen Onion Services //
The Tor Browser Team proudly announced the first stable release in the 7.5 series. This release is available from the Tor Browser Project page and also from our distribution directory.
Apart from the usual Firefox security updates it contains some notable improvements compared to the 7.0 series. Here are the highlights:
Redesigned Tor Launcher
Support for the Next Generation of Onion Services
Enabled content sandboxing on Windows
Moved away from Gitian/tor-browser-bundle as the base of our reproducible builds environment
Learn more about the improvements and checkout the full changelog: https://blog.torproject.org/tor-browser-75-released
// Volunteer Spotlights //
Alec Helps Companies Activate Onion Services
Alec has worked in security for 30 years, and has long recognized the importance of distributed systems and Torâs onion routing features: âEnabling two peers to communicate with nobody 'getting between' them was part of the intention of the original internet. Nowadays there's a saying: 'if you want to share a photo with a friend, why do you have to give it to a multi-billion-dollar corporation, first?'; but Tor offers a disintermediation solution for this, and perhaps all similar, problems."
He continues: "I believe that disintermediated communication is an important capability, and so I built the Enterprise Onion Toolkit to assist publishers, writers, and virtual communities to connect directly, securely, efficiently, and without intermediaries, to their audiences and membership.â Read more about Alec and the EOTK: https://blog.torproject.org/volunteer-spotlight-alec-helps-companies-activate-onion-services
Kat, a Privacy Activism Veteran, Has Been Around Tor People Longer than There's Been a Tor
We like to thank our volunteer relay operators by sending them a Tor t-shirt, and Kat helps Jon get those t-shirts out the door. Sheâs also helping with the website, as we begin our redesign and revamp our support and community portals. As if all that wasnât enough, Kat has also set up her own relay, making the Tor network faster, more reliable, and more decentralized.
Setting up a relay is easy, she says. âI'd encourage anyone who has access to a server, some bandwidth, and reasonable sysadmin skills to give it a go. More relays mean a stronger Tor network, which means we can better protect the privacy of Tor users around the world.â
âI want everyone to be able to communicate freely so they can work together to make their worlds better places,â she says. âI care deeply about privacy, both in the âright to be let aloneâ sense and in the âspace to build and nurture one's identityâ sense.â Read more about Kat and her work with Tor: https://blog.torproject.org/volunteer-spotlight-kat-privacy-activism-veteran
DONATE NOW: donate.torproject.org
// Upcoming Events with Tor //
Explore Tor, NYC! Meetup and Q&A, NYU Tandon, February 15, 2017: https://blog.torproject.org/explore-tor-nyc-meetup-feb-15
Scholar and Feminist Conference Self-Defense Lab with Alison, Barnard College, February 16, 2017: https://blog.torproject.org/events/barnard-college-scholar-and-feminist-conference-self-defense-lab-alison
LibrePlanet, Cambridge, March 24-25, 2017: https://blog.torproject.org/events/many-tor-people-cambridge-libreplanet
// Thanks to the 3260 donors who made our end-of-year campaign such a success! //
With Mozilla's generous matching grant, we raised $420,522.84 in less than three months. You can still take a stand against tracking, surveillance, and censorship. Donate to the Tor Project today, and power the digital resistance: donate.torproject.org
--
The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.
Twitter: twitter.com/torproject Facebook: facebook.com/torproject