New Board Member, Internet Freedom Threats, Events, New Releases

Published on 2018-11-30

We're in the middle of our year-end education and fundraising campaign, Strength in Numbers. Learn more about it or support our work: https://torproject.org/donate/donate-sin-tn2

// Growing Our Board of Directors //

Like most nonprofit organizations, the Tor Project relies on its Board of Directors to provide fiscal and corporate oversight to our important work. Over the past two years, the Tor Project has been focused on growing our board to reflect the diversity of cultures of people who build and use Tor.

We are proud to welcome the newest member of our Board of Directors, Nighat Dad. Nighat is the founder and Executive Director of Digital Rights Foundation, Pakistan. She is an accomplished lawyer and human rights activist, and she is one of the pioneers campaigning for access to a safe and open internet in Pakistan. Watch her TED talk to hear the amazing story of how she set up Pakistan's first cyber harassment helpline to support women who face serious threats online--a major problem in Pakistan: https://www.ted.com/talks/nighat_dad_how_pakistani_women_are_taking_the_internet_back

\'93Nighat brings an abundance of expertise and experience campaigning for digital rights in Pakistan and beyond,\'94 said Isabela Bagueros, Executive Director of the Tor Project. \'93She has strong ties to the communities we serve and our most at-risk users.\'94

Our board has eight members representing four continents: North America, Europe, Africa, and now Asia. Over the past year, the board held 16 official meetings plus several committee meetings during our searches for a new Executive Director and new board members.

In the coming year, we hope to continue to grow our board in number and in diversity. Like everyone involved with Tor, our Board of Directors all share a common commitment to internet freedom and human rights.

As we challenge major threats to internet freedom around the world, there is strength in numbers -- our numbers keep us strong as we challenge those threats. And our diversity gives us the understanding to fight with compassion.

// Internet Freedom Is on the Line //

The Tor Project believes that everyone should have private access to an uncensored web, but digital authoritarianism is on the rise. For the 8th year in a row, internet freedom has declined around the world, including in the United States.

"Of the 65 countries assessed, 26 have been on an overall decline since June 2017," reveals a new report by Freedom House: https://freedomhouse.org/report/freedom-net/freedom-net-2018

A huge factor in this decline is government censorship, a growing problem in many countries. Freedom to publish, share, and access information online is critical for a healthy society, yet governments and entities around the world are denying people this universal human right, and their tactics for doing so are becoming more advanced.

In many countries around the world, people are only permitted to access state-sponsored news, where the stories always spin a nation's government and leadership in favorable lights.

Internet controls in China have reached new extremes, and China is exporting its methods to other governments. China, Egypt, Iran, Venezuela, Ethiopia, Turkey, and a few other countries now block the Tor network.

Join Our Community

Getting involved with Tor is easy: you can help us make the network faster and more decentralized by running a relay. https://trac.torproject.org/projects/tor/wiki/TorRelayGuide

You can learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

If you want to make a contribution but don’t have the time to volunteer, your donation will help keep Tor fast, strong, and secure: https://donate.torproject.org

--

The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject

Newbie Reflections, Mozilla's Match, Events

Published on 2018-10-31

// Reflections From a Tor Meeting Newbie //

When I joined the Tor Project in July as Fundraising Director, I quickly learned that most questions I had about Tor'97what it does, its history, what makes up the greater ecosystem, even detailed notes from all past meetings'97can be found online. The beauty of a free and open source culture became apparent to me immediately. I learned this month at my first meeting in Mexico City that there is one aspect of Tor that cannot be encapsulated in documentation'97the people.

I heard many voices at the meeting reflect on how the Tor Project has grown and changed in positive ways over the past few years. Without a doubt, this is a testament to the quality of the people working on Tor and the values we share. These values'97knowledge, engagement, inclusivity, collaboration, and fluidity'97were apparent throughout my five days in Mexico.

The people of Tor'97staff, volunteers, friends, and community partners'97are not only knowledgeable about privacy and security, they are citizens of the world and are eager to talk about philosophy, politics, and the ways in which people interact with systems and power. Without exception, the attendees of every session I went to were attentive and engaged.

The people of Tor are intentional about making everyone feel welcome and valued. From adherence to preferred pronouns to making sessions accessible to non-English speakers, these efforts to enhance accessibility could be seen and felt everywhere. Each session began with a reminder to make space for all types of people to speak and be heard. Although I was meeting most of the attendees for the first time, I was welcomed with open arms and never once felt excluded.

This meeting was inspirational in its engagement of local attendees on the public days. Many sessions were led in English and Spanish, including the State of the Onion address. Members of Tor teams, including myself, talked about what they'92d been up to and what was on the horizon, and we took questions from the group. The questions were intimate and thoughtful, and this opening session set an inclusive and collaborative tone for the public days.

I have never witnessed collaboration be so effective and efficient. People who have been working on Tor since the very beginning shared a space at the table with community members and people who were just hired. Roadmaps were created and new ideas were hatched.

Everyone I met was genuinely happy to be there. Old friends and new laughed, shared stories, and during the midweek party, we toasted mezcal and compared dance moves. People also connected through games of Mario Kart and Magic the Gathering.

All of these values coalesce around the ultimate goal of Tor'97making the world a better place. Essential human rights cannot be achieved without private and safe access to the internet. The work we do at Tor saves lives. Meeting our Tor community in Mexico City energized me and made me proud of the small part I play in this essential work.

// Mozilla Is Matching All Donations to Tor //

We have a bold mission: to take a stand against invasive and restrictive online practices and bring privacy and freedom to internet users around the world. But we can'92t do it alone.

Your support, along with the support of many others, can ensure the Tor Project'92s success into the future. Mozilla has already joined us in our fight and will be matching all donations until the end of the year.

This year, with your support, we can:

  • Increase the capacity, modularization, and scalability of the Tor network, making improvements and integrations into other privacy and circumvention tools easier and more reliable;

  • Better test for, measure, and design solutions around internet censorship, allowing people around the world living under repressive governments to access the open web safely and privately; and

  • Strengthen our development of Tor Browser for Android, now in alpha, and make sure it'92s in tip top shape to reach the rising number of people around the world who only access the internet from a mobile device that may have low bandwidth and a costly connection.

As part of our year end fundraising campaign, Mozilla will be matching every dollar donated to Tor, so your impact will be doubled.

Donate: https://torproject.org/donate/donate-sin-tn1

Make a donation today, and you can be counted as one of the stakeholders bringing safe and private internet access to people worldwide.

// New Releases //

Tor Browser 8.0.3 Tor Browser 8.0.3 includes newer NoScript and HTTPS Everywhere versions. Moreover, it ships with a donation banner for our end of the year campaign and includes another round of smaller fixes for Tor Browser 8 issues on Linux systems. We also switched to a newer API for our NoScript <-> Torbutton communication, which we need for the Security Slider. Full changelog: https://blog.torproject.org/new-release-tor-browser-803

Tor Browser 8.5a4 Highlights in Tor Browser 8.5a4 are a new Tor alpha version, 0.3.5.3-alpha, a fixed layout of our macOS installer window and Stylo (Mozilla's new CSS engine) being enabled on macOS after fixing a reproducibility issues. Full changelog: https://blog.torproject.org/new-release-tor-browser-85a4

Tor 0.3.5.3-alpha Tor 0.3.5.3-alpha fixes several bugs, mostly from previous 0.3.5.x versions. One important fix for relays addresses a problem with rate- limiting code from back in 0.3.4.x: If the fix works out, we'll be backporting it soon.Full changelog: https://blog.torproject.org/new-release-tor-0353-alpha

// Upcoming Events with Tor //

// Join Our Community //

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://trac.torproject.org/projects/tor/wiki/TorRelayGuide

Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

Donate to help keep Tor fast, strong, and secure: https://torproject.org/donate/donate-sin-tn1

--

The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject

Tor Browser for Android (alpha), We're Hiring, Share Your Tor Story, Open Days

Published on 2018-09-27

// New Release: Tor Browser for Android (Alpha) //

Mobile browsing is on the rise around the world, and in some parts, it is commonly the only way people access the internet. In these same areas, there is often heavy surveillance and censorship online, so in the past year, we've focused on better supporting these users.

There's never been an official Tor Browser on mobile. Until now.

Introducing Tor Browser for Android (alpha), the mobile browser with the highest privacy protections ever available and on par with Tor Browser for desktop. You can download the alpha release on GooglePlay, or you can get the apk directly from our download page. The stable release is slated for early 2019.

Note: For this release, you also need to install Orbot, a proxy application that will connect Tor Browser for Android with the Tor network. For the upcoming Tor Browser for Android stable release, our goal is for Orbot not to be necessary to connect to Tor.

Learn about its features and try it out: https://blog.torproject.org/new-alpha-release-tor-browser-android

// We're Hiring: Software Developer, Anti-Censorship Team //

To strengthen our fight against censorship worldwide, we're forming a new Anti-Censorship Team. We need to hire a developer to help improve the user process of finding alternate routes to the Tor network when access is blocked.

Extensive experience writing and evaluating code in Python and Go is required. Experience with Rust, internet security, and obfuscation technologies would be a big help.

Learn more and apply: https://www.torproject.org/about/jobs-developer-anti-censorship.html.en

// How Has Tor Helped You? We Need Your Stories //

It's an understatement to say a lot has happened related to privacy and freedom online over the past seven years! Surveillance and crackdowns on free speech have increased around the world, and vast amounts of personal data have been collected and sold. Tools like Tor are needed more than ever to allow people to browse the web freely and privately.

It's been seven years since we last asked, so we want to know: What do you use Tor for? Why do you need it? What has Tor done for you? What could have happened if you weren't able to use Tor? We need your stories!

We know these examples exist, and we reference them in our talks around the world, but these stories are more powerful when they come as a quotable personal narrative from you. Read some example stories and tell us yours.

https://blog.torproject.org/how-has-tor-helped-you-we-need-your-stories

// Hack With Us in Mexico City //

Tor folks from around the world are heading out now to convene in Mexico City for one of our biannual meetings. We'll discuss the future of Tor as an organization and decide what protocols and features to focus our efforts on.

As part of this meeting, we're also having two open hack days everyone is welcome to join. The open days for the Mexico meeting will be Tuesday, October 2 and Wednesday, October 3 at the Sheraton Mar'eda Isabel.

Find out more: https://blog.torproject.org/hack-us-mexico-city-hackea-con-tor-en-mexico

// More New Releases //

Tor Browser 8.5a2 This alpha version contains the same bug fixes and improvements introduced in version 8.0.1. In addition we are updating Tor to 0.3.5.2-alpha, and are fixing some 8.0 issues. Full changelog: https://blog.torproject.org/new-release-tor-browser-85a2

Tor Browser 8.0.1 Tor Browser 8.0.1 ships the first stable Tor in the 0.3.4 series which solves a crash bug on older macOS systems (10.9.x). Also, thx to Alex from Cliqz for finding an issue with Torbutton. Full changelog: https://blog.torproject.org/new-release-tor-browser-801

Tor 0.3.4.8 (also other stable updates: 0.2.9.17, 0.3.2.12, and 0.3.3.10) This is the first stable release in its series; it includes compilation and portability fixes and improvements for running Tor in low-power and embedded environments, which should help performance in general. Full changelog: https://blog.torproject.org/new-release-tor-0348-also-other-stable-updates-02917-03212-and-03310

// Upcoming Events with Tor //

// Join Our Community //

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://trac.torproject.org/projects/tor/wiki/TorRelayGuide

Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

Donate to help keep Tor fast, strong, and secure: https://donate.torproject.org

--

The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject Instagram: https://instagram.com/torproject

We Gave Tor Browser a UX Overhaul

Published on 2018-09-06

// We Gave Tor Browser a UX Overhaul //

For the past year, we have been collecting feedback on how we can make Tor Browser work better for you.

Tor Browser 8.0, our first stable release based on Firefox 60 ESR, is now available. This release is all about users first.

Tor Browser 8.0 comes with a series of user experience improvements that address a set of long-term Tor Browser issues you’ve told us about. To meet our users' needs, Tor Browser has a new user onboarding experience; an updated landing page that follows our styleguide; additional language support; and new behaviors for bridge fetching, displaying a circuit, and visiting .onion sites.

For the most part, using Tor is like using any other browser (and it is based on Firefox), but there are some usage differences and cool things happening behind the scenes that users should be aware of. Our new onboarding experience aims to better let you know about unique aspects of Tor Browser and how to maximize those for your best browsing experience.

Improved Bridge Fetching

For users where Tor is blocked, we have previously offered a handful of bridges in the browser to bypass censorship. But to receive additional bridges, you had to send an email or visit a website, which posed a set of problems. To simplify how you request bridges, we now have a new bridge configuration flow when you when you launch Tor. Now all you have to do is solve a captcha in Tor Launcher, and you’ll get a bridge IP. We hope this simplification will allow more people to bypass censorship and browse the internet freely and privately.

Better Language Support

Millions of people around the world use Tor, but not everyone has been able to use Tor in their language. In Tor Browser 8, we’ve added resources and support for nine previously unsupported languages: Catalan, Irish, Indonesian, Icelandic, Norwegian, Danish, Hebrew, Swedish, and Traditional Chinese.

Collaboration Was Key

Providing this many improvements for our users could only be possible with collaboration between the Tor Browser team and Tor's UX team, Community team, Services Admin team, and our volunteers. We would like to thank everyone for working hard over the past year to bring all these new features to our users.

Learn more about it: https://blog.torproject.org/new-alpha-release-tor-browser-android Try it out: https://www.torproject.org/download/download-easy.html

// Volunteer Spotlight: Sina Rabbani Helps Activists Avoid Government Censorship //

Tor is a labor of love built by a small group of committed individuals. We’re grateful to have the support of a dedicated volunteer base who help us to make Tor the strongest privacy tool out there, and we’re highlighting their work in this series. We want to thank Sina Rabbani, one of the co-founders (and former CTO) of Access Now, a nonprofit dedicated to defending users’ digital rights, for his years of support to Tor and to the internet freedom movement.

Sina runs Faravahar, one of nine Tor directory authorities. These dedicated servers tell the millions of Tor clients which relays make up the Tor network. A talented and passionate engineer, Sina has been involved with digital rights activism for almost a decade. Today, he’s a Systems Engineer with Team Cymru, an internet security company which analyzes threat intelligence.

Free speech is something Sina doesn’t take for granted. “I was born in a country where you can be sentenced to death because of your speech,” he said. “Freedom of speech in the digital age is a basic human right. Tyranny will start by taking our ability to speak up first, then the rest of our rights.”

“Tor gives me a chance to resist tyranny in a non-violent manner, and I feel blessed and grateful for the opportunity. The hope is to one day move Faravahar to one of Iran’s universities. Until that day, Ma Hastim va Ma Bishomarim — we are, and we are countless.”

Learn more about Sina's work and how he became involved with Tor: https://blog.torproject.org/volunteer-spotlight-sina-rabbani-helps-activists-avoid-government-censorship

// More New Releases //

Tor Browser 8.0a10 Tor Browser 8.0a10 is the second alpha release based on Firefox ESR 60 and contains a number of improvements and bug fixes. It includes major updates to the user experience, and there are more to come. The stable version is slated for release next week! Full changelog: https://blog.torproject.org/new-release-tor-browser-80a10

Tor 0.3.4.7-rc Tor 0.3.4.7-rc fixes several small compilation, portability, and correctness issues in previous versions of Tor. This version is a release candidate: if no serious bugs are found, we expect that the stable 0.3.4 release will be (almost) the same as this release. Full changelog: https://blog.torproject.org/new-release-tor-0347-rc

// Upcoming Events with Tor //

// Join Our Community //

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://trac.torproject.org/projects/tor/wiki/TorRelayGuide

Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

Donate to help keep Tor fast, strong, and secure: https://donate.torproject.org

--

The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject

Research Tips & Topics, Egypt Censorship Report, HOPE Vid, Events

Published on 2018-07-31

// The State of Internet Censorship in Egypt //

A groundbreaking report by OONI and AFTE uncovered anomalies on Egyptian networks including censorship and the hijacking of unencrypted HTTP connections for advertising and cryptocurrency mining. Even UN sites were redirected.

Also, more than 100 news websites are blocked in Egypt, including Al Jazeera, The Huffington Post Arabic, Mada Masr, Almesryoon, Daily News Egypt, Turk Press and Iran’s Alalam News.

“The blocking of media organizations’ websites has had a severe impact on their operations, and some have even suspended their work altogether as a result of persisting censorship,” said Mohammad El Taher, director of the AFTE research unit.

While it’s been known that Egypt has undertaken widespread censorship of websites, this is the first time a comprehensive study of the methods of censorship have been undertaken. Find out how Egypt censors: https://blog.torproject.org/egypt-internet-censorship

// How to Do Effective and Impactful Tor Research //

As we mentioned in our previous post about Tor research topics, Tor greatly benefits from the research community. When researchers work closely with the design and development of deployed systems, this not only results in better research, but also better systems. For project maintainers, research that identifies vulnerabilities, creates new solutions to existing problems, and verifies proposed designs helps improve projects and make them safer for end users. TLS 1.3 is one recent example of where a symbiotic research/practitioner relationship has improved the protocol's design and safety.

However it is all too common that good research ideas don't make their way into practice. Within Tor, we have found that integrating new research findings isn't seamless or predictable, and good ideas are often lost or deemed incompatible without significantly more analysis and research.

The purpose of this post is to discuss what good research needs to do in order to ensure it has the best chance of being adopted by Tor or any other large software project.

We have structured this post in terms of an ordered list of goals for research. Each successive goal is more difficult to accomplish than the previous one. At the end of this post, we will look at a positive example of excellent research that successfully accomplished all of these goals and give overall takeaways.

Find out your list of goals, in order of increasing difficulty, when conducting relevant research: https://blog.torproject.org/how-do-effective-and-impactful-tor-research

// Open Research Topics: 2018 Edition //

Here we update the list of open Tor research problems, to bring focus to specific areas of research that the Tor Project thinks are necessary/useful in our efforts to upgrade and improve the Tor network and associated components and software. It is organized by topic area: network performance, network security, censorship circumvention, and application research. Each topic area provides information about current and desired work and ideas. We conclude with information about doing ethical and useful research on Tor and with suggestions on how to best ensure that this work is useful and easy for us to adopt. Check them out: https://blog.torproject.org/tors-open-research-topics-2018-edition

// Watch The Onion Report from HOPE //

Find out all about what different teams at Tor have been up to by watching The Onion Report from HOPE. Filmed July 20th in NYC with Steph, Alison, George, David, and Matt: https://livestream.com/internetsociety/hope/videos/178158095

// New Onion Services Add-On: Vanguards //

Earlier this year, the Tor Project released its first stable Tor and Tor Browser releases with the new v3 onion service protocol. The protocol features many improvements, including longer and more secure onion addresses, service enumeration resistance, improved authentication, and upgraded cryptography.

However, while this new protocol closes off some attacks (particularly enumeration and related targeted DoS attacks), it does not solve any attacks that could lead to service deanonymization.

The core Vanguards functionality ensures that all onion service circuits are restricted to a set of second and third layer guards, which have randomized rotation times.

If you want to beef up the security of your onion service, this add-on is for you: https://blog.torproject.org/announcing-vanguards-add-onion-services

// New Releases //

Tor 0.3.3.8 This release backports several changes from the 0.3.4.x series, including fixes for a memory leak affecting directory authorities. Full changelog: https://blog.torproject.org/tor-0338-released

Tor Browser 8.0a7 This release features important security updates to Firefox and updates firefox to 52.8.0esr. In addition we fixed some issues with UI customization and YouTube videos play. Full changelog: https://blog.torproject.org/tor-browser-80a7-released

Tor Browser 7.5.4 This release updates Firefox to 52.8.0esr, HTTPS Everywhere to 2018.4.11, and NoScript to 5.1.8.5. In addition, we exempt .onion domains from mixed content warnings, fixed a fingerprinting issue and an issue with localized content. Full changelog: https://blog.torproject.org/tor-browser-754-released

// Upcoming Events with Tor //

// Join Our Community //

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://trac.torproject.org/projects/tor/wiki/TorRelayGuide

Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

Donate to help keep Tor fast, strong, and secure: https://donate.torproject.org

--

The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject Instagram: https://instagram.com/torproject

Censorship Circumvention, Trackers, Onion Protections, New Releases, Events

Published on 2018-06-28

Breaking Through Censorship Barriers, Even When Tor Is Blocked

Last week, Venezuela blocked access to the Tor network. Prior to the block, there were over 30,000 people in Venezuela enjoying the privacy and security protections Tor provides: https://news.vice.com/en_us/article/59qvwz/venezuela-maduro-tor-network-censorship

Connecting to Tor is a luxury, but we have developed ways for people where Tor is blocked to continue to connect to the network. Using bridges and pluggable transports, people can break through censorship and continue to access the open web. For more information about using bridges, see:

https://blog.torproject.org/rompiendo-barreras-de-censura-incluso-cuando-tor-esta-bloqueado [Spanish]

https://blog.torproject.org/breaking-through-censorship-barriers-even-when-tor-blocked [English]

If you have basic command line experience, you can help out people in countries with heavy censorship by becoming a bridge operator: https://www.torproject.org/docs/pluggable-transports#operator

Don't Let Facebook or Other Trackers Follow You on The Web

In the early age of the internet, people enjoyed a high level of privacy. Webpages were just hypertext documents; almost no personalization of the user experience was offered (or forced). The web today has evolved into a system of surveillance capitalism, where advertising networks follow users while they browse the web, continuously collecting traces of personal data and surfing patterns to create profiles of users in order to target them.

Using the web today, you are a target. And because of the rampant tracking across websites, each time you use the internet, you become an easier target.

By tracking you across different applications and sites through cookies or open web sessions, your personal preferences and social connections are collected and often sold. Even if you do not accept cookies or are not logged into a service account, such as your Google, Twitter, or Facebook accounts, the web page and third-party services can still try to profile you by using third-party HTTP requests or other techniques.

Within the HTTP request, various selectors can be included to communicate user preferences or particular features, in the form of URL variables. Personalized language or fonts settings, browser extensions, in-page keywords, battery charge and status, and more can be used to identify you by restricting the pool of possible candidates among all the visitors in a certain time frame, location, profile of interests. You can then be distinguished, or fingerprinted, across multiple devices or sessions and then the profile the tracker has on you is expanded.

By the sites and applications themselves, the story is spun to sound as if they’re doing you a favor: they say this collection allows them to customize your experience. You see ads more relevant to you, Facebook and others say.

Even if you think of an advertising network as a recommendation system, this same system is also influencing what you see. It’s changing your experience of the internet.

But at what cost is this customization? When confronted with transparency around what this “customization” takes, it “poisons” the ad. So of course these companies are pushing back against transparency, but we need to keep pushing them and doing what we can to prevent them from continuing to exploit us online.

Learn about how Tor Browser can help: https://blog.torproject.org/dont-let-facebook-or-any-tracker-follow-you-web

Privacy International Protects Partners with Its Onion Address

This guest post is written by Ed Geraghty, Technologist, Privacy International.

No one shall be subjected to arbitrary interference with [their] privacy, family, home or correspondence, nor to attacks upon [their] honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

  • United Nations Declaration of Human Rights (UDHR) 1948, Article 12

The right to privacy is a qualified, fundamental human right. We at Privacy International (PI) work hard with our network of partners to ensure this fundamental right is protected - it is essential to autonomy, the protection of human dignity, and is the foundation upon which many other human rights are built.

This is becoming ever-more important in an age of ubiquitous, indiscriminate mass surveillance, especially as more and more aspects of our daily lives - interactions with friends, family, companies, and the state - are dependent upon technology. In order for individuals to fully participate in the modern world, developments in law and technologies must strengthen and not undermine the ability to freely enjoy this right.We challenge governments' powers by advocating and litigating for stronger protections. We lead research and investigations to shine a light on powers and capabilities, and to instigate and inform debate. We advocate for good practices and strong laws worldwide to protect people and their rights. We equip civil society organisations across the world to increase public awareness about privacy. We raise awareness about technologies and laws that place privacy at risk, to ensure that the public is informed and engaged.

Tor is an important tool in our arsenal - a technology which allows people to communicate, use the internet, and browse the web in a manner which evades censorship.

Many of our partners work in challenging environments, with massive state surveillance and/or ongoing censorship programmes. Giving them an ability to securely browse the web (both clear and onion) in a way which allows them to evade dragnet surveillance also allows them to conduct investigations securely.

Find out what else running an onion address provides the Privacy International community: https://blog.torproject.org/privacy-international-protects-partners-its-onion-address

New Releases

Tor 0.3.3.7 This release backports several changes from the 0.3.4.x series, including fixes for bugs affecting compatibility and stability. Full changelog: https://blog.torproject.org/tor-0337-released

Tor Browser 7.5.6 This release features important security updates to Firefox, updates Firefox to 52.9.0esr, and includes newer versions of NoScript and HTTPS Everywhere. Moreover, we added the latest Tor stable version, 0.3.3.7. Full changelog: https://blog.torproject.org/tor-browser-756-released-

Upcoming Events with Tor

HOPE. New York City, USA. July 20-22, 2018. https://hope.net/

The 18th Privacy Enhancing Technologies Symposium (PETS). Barcelona, Spain. July 24-27, 2018. https://petsymposium.org/2018/index.php

Tor Community Night. Barcelona, Spain. July 24, 2018. https://blog.torproject.org/events/tor-community-night-barcelona

Def Con. Las Vegas, USA. August 8-12, 2018. https://blog.torproject.org/events/roger-and-steph-and-others-def-con-las-vegas

Join Our Community

Getting involved with Tor is easy: you can help us make the network faster and more decentralized by running a relay. https://trac.torproject.org/projects/tor/wiki/TorRelayGuide

You can learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

If you want to make a contribution but don’t have the time to volunteer, your donation will help keep Tor fast, strong, and secure: https://donate.torproject.org

--

The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject

Domain Fronting, Relay Help, User Needs, New Interns, Events

Published on 2018-05-31

// Domain Fronting Is Critical to the Open Web //

Last month, Amazon and Google have both announced they’re pulling the plug on domain fronting, a crucial tool which helps our most vulnerable users get access to Tor when their countries don’t allow it. Users of Signal and Telegram are also affected by this block, and Access Now identified approximately a dozen “human rights-enabling technologies” which had relied on Google for this purpose: https://www.accessnow.org/google-ends-domain-fronting-a-crucial-way-for-tools-to-evade-censors/

Tor Browser protects against tracking, surveillance, and censorship, but not everyone around the world has the luxury to connect to use it. By default, Tor Browser makes all of its users look alike. However, it doesn't hide the fact you're connecting to Tor, an open network where anyone can get the list of relays. This network transparency has many benefits, but also has a downside: repressive governments and authorities can simply get the list of Tor relays and block them. We strongly oppose this censorship and believe everyone should have access to information on the open web. That’s why we developed pluggable transports to bypass censorship and connect to the Tor network.

Domain fronting is a type of pluggable transport where Tor traffic appears to be talking to a third party that is hard to block, like Amazon or Google, when it is really talking to a Tor relay. An example of this is Tor’s “meek” pluggable transport, which is described here: trac.torproject.org/projects/tor/wiki/doc/meek

Google and Amazon have both shut down domain fronting, making meek no longer usable over those CDNs. As of this writing, Microsoft’s Azure cloud still seems to be working with meek.

For the time being, we are shifting to Microsoft’s Azure cloud. But we’ve heard that option will soon be shut down, as well.

Unfortunately, it doesn’t look like there is a fast fix. We were not given advance notice of these changes, so we are thinking hard on potential solutions to ensure our friends living in repressive regimes around the world can continue to access the open web.

// Get Help Running Your Relay From Our New Advocate //

Thousands of relays make up the roots of the Tor network, and the volunteers who run them are indispensable, donating their time, infrastructure, and technical know-how to help millions of people around the world, including activists and journalists, communicate privately and securely.

Over the years, the Tor team saw there was a need for greater support of the relay operator community and heard concerns about how to better meet their needs. We now have a Relay Advocate whose job will be improving the health and happiness of the relay operator community, expanding the community, and helping improve bonds between operators. Meet Colin (Phoul) and find out what he'll be up to: https://blog.torproject.org/get-help-running-your-relay-our-new-advocate

// Tor + Tails UX: Identifying User Needs at CryptoRave 2018 //

This month during the geek CryptoRave in São Paulo, we invited Tails and Tor users to join a user needs session. We love to run sessions with groups of similar users so we can focus on their unique needs and experiences. Users of Tor and Tails have the common objective: they are looking to use private and secure tools, and their safety could be a concern.

We like to envision our community of users ultimately making the tools we build. UX is about relationships. We need to understand our users' relationship to our software. And in order to do that, we need a close relationship with our users. Find out what we're considering to address user needs we identified: https://blog.torproject.org/tor-tails-ux-identifying-user-needs-cryptorave-2018

// Meet the Tor Summer of Privacy & Outreachy Interns //

We have new contributors joining the Tor Project who come to us through two paid internship programs, Tor Summer of Privacy and Outreachy, an internship program for underrepresented groups in tech. Meet the interns and find out a few of the things they’ll be working on: blog.torproject.org/meet-tor-summer-privacy-and-outreachy-interns

// New Releases //

Tor 0.3.3.6 This is the first stable release in the 0.3.3 series. It backports several important fixes from the 0.3.4.1-alpha. The Tor 0.3.3 series includes controller support and other improvements for v3 onion services, official support for embedding Tor within other applications, and our first non-trivial module written in the Rust programming language. (Rust is still not enabled by default when building Tor.) And as usual, there are numerous other smaller bugfixes, features, and improvements. Full changelog: https://blog.torproject.org/tor-0336-released-new-stable-series

Tor Browser 8.0a7 This release features important security updates to Firefox and updates firefox to 52.8.0esr. In addition we fixed some issues with UI customization and YouTube videos play. Full changelog: https://blog.torproject.org/tor-browser-80a7-released

Tor Browser 7.5.4 This release updates Firefox to 52.8.0esr, HTTPS Everywhere to 2018.4.11, and NoScript to 5.1.8.5. In addition, we exempt .onion domains from mixed content warnings, fixed a fingerprinting issue and an issue with localized content. Full changelog: https://blog.torproject.org/tor-browser-754-released

// Upcoming Events with Tor //

Mozilla All-Hands. San Francisco, USA. June 11-15, 2018. https://blog.torproject.org/events/mozilla-all-hands-san-fran

Citizen Lab Summer Institute. Toronto, Canada. June 13-15, 2018. https://blog.torproject.org/events/citizen-lab-summer-institute-toronto

The First Amendment for the 21st Century Pittsburgh, USA. June 21-22, 2018. https://blog.torproject.org/events/first-amendment-21st-century-pittsburgh

The 18th Privacy Enhancing Technologies Symposium (PETS). Barcelona, Spain. July 24-27, 2018. https://petsymposium.org/2018/index.php

// Join Our Community //

Getting involved with Tor is easy: you can help us make the network faster and more decentralized by running a relay. https://trac.torproject.org/projects/tor/wiki/TorRelayGuide

You can learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

If you want to make a contribution but don’t have the time to volunteer, your donation will help keep Tor fast, strong, and secure: https://donate.torproject.org

--

The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject

Our Next Executive Director, Call for HotPETS Talks, Tor Messenger, New Releases

Published on 2018-05-01

// Isabela Bagueros Will Be Our Next Executive Director //

Shari announced her retirement from the Tor Project at the end of February, and the search for our next Executive Director is already over. We didn't have to look far. Isabela Bagueros, current Tor Project Manager, will be our next Executive Director!

Isa joined the Tor Project in 2015 and has led teams in collaborative strategy building and roadmapping unprecedented at the organization. She also leads Tor’s UX team in implementing critical usability improvements and is leading an overhaul of Tor’s website.

“Isa’s contributions to Tor are too many to name here,” said Shari Steele, Tor’s current Executive Director who was brought on in 2015 to make the organization more operationally sound. “She brings global experience and perspective to privacy and censorship issues, and I could not be more confident in her ability to lead the organization into its next phase of growth and sustainability.”

Thinking of the user first has always been a priority for Isa, and during her three years with the organization, the scope of her vision for Tor has expanded to include the health of the organization and network. “I think any person on the planet should have access to the Tor network and enjoy the privacy and security it provides,” said Isa. “That means we need a healthy and scalable network and a strong and diverse organization to support that. I’m looking forward to seeing Tor gain global recognition for the privacy protections and censorship circumvention it provides.”

Now in a transition phase, Isabela will officially begin her position as Executive Director after she hires her replacement Project Manager and gets up to speed on the requirements of the job. Shari will continue as Executive Director until Isabela transitions and then plans to move into a consulting role through the end of the year. Shari will join the Tor Project Board of Directors beginning January 2019.

Congratulations, Isa! :D

Check out the post to read Isa's full bio: https://blog.torproject.org/announcing-tors-next-executive-director-isabela-bagueros

// Call for Talks: HotPETS 2018 //

The Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs) fosters new ideas and spirited debates on privacy. Held in conjunction with the 18th Privacy Enhancing Technologies Symposium (PETS), the 11th HotPETs will be held July 27, 2018 in Barcelona, Spain.

HotPETS is calling for engaging and informative 10-15 minute talks on hot topics in privacy enhancing technologies (PETs), with each talk to be followed by a 5-10 minute question period. The nature of HotPETs' discussion-oriented format is especially suited to works in progress and new ideas that have not yet been fully formed.

Last year there was an interesting discussion about whether a separate Tor network should be set up for safer research and another discussion around I2P. What idea, experience, lessons, or theories would you like to talk through? Find out some topics of interest and how to apply: https://blog.torproject.org/call-talks-hotpets-2018

// Sunsetting Tor Messenger //

In 2015, we introduced Tor Messenger, a cross-platform chat program that aimed to be secure by default by sending all of its traffic over Tor and enforcing encrypted one-to-one conversations by bundling and using OTR (Off-the-Record) messaging. The aim was to provide a chat client that supported a wide variety of transport networks like Jabber (XMPP), IRC, Google Talk, Facebook, Twitter; had an easy-to-use graphical interface; and configured most of the security and privacy settings automatically with minimal user intervention.

When we released the first version, we tried to clearly identify the limitations of such a product: Tor Messenger was meant for communicating over existing social networks. This meant that in such a client-server model, your metadata could be logged by the server, but your route to the server would be not be disclosed because it would be over Tor, and your communications would be encrypted with Off-the-Record messaging. We still thought this was a better alternative than the other products in the market, such as Pidgin, because it had safer and secure default configurations.

Eleven beta releases later, we have, sadly, decided to discontinue supporting Tor Messenger. Find out why: https://blog.torproject.org/sunsetting-tor-messenger

We apologize for any inconvenience this may have caused. We still believe in Tor's ability to be used in a messaging app, but sadly, we don't have the resources to make it happen right now. Maybe you do?

// New Releases //

Tor 0.3.3.5-rc This release fixes various bugs in earlier versions of Tor, including some that could affect reliability or correctness. This is the first release candidate in the 0.3.3 series. If no new bugs or regression is found, then the first stable 0.3.3 release will be nearly identical to this one. Full changelog: https://blog.torproject.org/tor-0335-rc-released

Tor Browser 8.0a6 This release includes newer versions of Tor (0.3.3.5-rc), OpenSSL (1.0.2o), HTTPS Everywhere (2018.4.11), and NoScript (5.1.8.5). Among other things we fixed the issue with secure cookies which were not working on http .onion pages, we made it possible to run Tor Browser without a /proc filesystem and we updated the GCC we use for building the Windows and Linux versions to 6.4.0. Full changelog: https://blog.torproject.org/tor-browser-80a6-released

TorBirdy 0.2.4 TorBirdy is an extension for Mozilla Thunderbird that configures it to make connections over the Tor network. This release adds support for Thunderbird 58 and 59, fixes a bug in Thunderbird that leaks the installed dictionary language using the "Content-Language" header (for more information see Bug 22484), updates the Enigmail keyserver settings, and adds new translations. Full changelog: https://blog.torproject.org/torbirdy-024-released

// Upcoming Events with Tor //

RightsCon. Toronto, Canada. May 16-18, 2018: Several Tor folks will be attending and will have a booth set up for a half day on either the 16th or 17th (more info to follow on the events calendar). https://rightscon.org https://blog.torproject.org/events/month

The 18th Privacy Enhancing Technologies Symposium (PETS). Barcelona, Spain. July 24-27, 2018. https://petsymposium.org/2018/index.php

// Join Our Community //

Getting involved with Tor is easy: you can help us make the network faster and more decentralized by running a relay. https://trac.torproject.org/projects/tor/wiki/TorRelayGuide

You can learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

If you want to make a contribution but don’t have the time to volunteer, your donation will help keep Tor fast, strong, and secure: https://donate.torproject.org

--

The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject

User Advocate (Mozilla Fellowship), Privacy Challenge, Live Styleguide, Volunteer, Releases 💜

Published on 2018-03-30

Power Digital Resistance with Tor!

“I think Tor is the most important privacy-enhancing technology project being used today.” —Edward Snowden

Friend,

Thank you so much for being a member of the Tor community. As part of the Tor Project’s end-of-year fundraising campaign, we’re highlighting how Tor powers digital resistance and promotes and protects essential human rights around the world.

And if you donate now, Mozilla will match your donation up to a total of $500,000!

MAKE A DONATION: https://donate.torproject.org

For the past decade, we’ve been building and distributing software that saves lives. Activists and journalists use Tor to alert the world to human rights abuses, people in countries that censor the internet use Tor to access critical resources, and ordinary users use Tor to evade pervasive surveillance and tracking. Millions of people rely on Tor every day for a safer, more secure way to access the internet.

This vital work is made possible thanks, in no small part, to supporters like you.

Corporate whistleblowers, health care workers, politicians, lawyers, and members of marginalized communities all depend on Tor to protect themselves. We’ve got big plans for improving Tor in 2018, bringing its privacy protections to mobile devices and encouraging more third-party developers to integrate Tor’s protection into their apps.

Let’s fight for free expression together. Donate today, get some cool swag, and have your gift matched by Mozilla’s generous matching program.

We rely on the generous support of our donors, and you can help us make the world’s strongest privacy tool even stronger by lending a hand. Whether you can give $5 or $500, you’ll be helping promote basic human rights worldwide. Join the digital resistance and support the Tor Project today!

Yours in privacy, Tommy

Tommy Collison Writer/Editor The Tor Project

MAKE A DONATION: https://donate.torproject.org

ED Search, Relay Guide, Onions for Anti-Corruption, Internships, Events

Published on 2018-02-28

// We've Launched a Search for Our Next Executive Director! //

We are going to miss her, but Shari Steele, our current Executive Director, is set to give retirement a second try at the end of 2018. After 15 years as the Executive Director of the Electronic Frontier Foundation, Shari was brought on in December 2015 to make the Tor Project more operationally sound.

“I had intended to retire after my time with EFF, but I believed strongly in the Tor Project’s mission, and I felt I could help. I look at the Tor Project organization today and feel quite confident that we’ve got the talent and the structure to continue to support the organization’s great work.” - Shari Steele

Around 35 engineers and operational support people plus many volunteers all over the world contribute to the Tor Project. Successful candidates for the Executive Director position will have a global perspective on privacy and censorship issues and be able to lead the diverse and distributed organization into its next phase of growth and sustainability.

Potential candidates can learn more about the position at the job page: https://www.torproject.org/about/jobs-execdirector.html

// Our New Guide Makes Running a Relay Easier Than Ever //

Have you considered running a relay, but didn't know where to start? Perhaps you're just looking for a way to help Tor, but you've always thought that running a relay was too complicated or technical for you and the documentation seemed daunting.

We're here to tell you that you can become one of the many thousands of relay operators powering the Tor network, if you have some basic command-line experience. Learn more and get started: https://blog.torproject.org/new-guide-running-tor-relay

// Italian Anti-Corruption Agency (ANAC) Adopts Onion Services //

ANAC software is based on a customized version of GlobaLeaks, a whistleblowing platform by the Hermes Center that integrates Tor natively. GlobaLeaks is expected to be redistributed to all Italian public agencies (~20.000 in total) to comply with Law 179/2017 and in line with the country’s recent strategic commitment to open-source software and the reuse of code.

Given that Tor is the world’s strongest internet anonymity tool, we expect to see usage of onion services for secure communication systems across all sectors continue to gain traction. Read more about laws governing whistleblowing and anti-corruption compliance and how Tor can help: https://blog.torproject.org/italian-anti-corruption-authority-anac-adopts-onion-services

// Tor + Outreachy: Internships for Underrepresented People in Tech //

The Tor Project has partnered with the Outreachy internship program, and we’ve got two internship slots for members of groups traditionally underrepresented in technology.

We’re committed to inclusion in all facets of Tor development, and having a diverse range of backgrounds, viewpoints, and experience helps us foster a healthy development community. Outreachy encourages underrepresented groups to learn new skills, meet new people in their field, and contribute to critical open source tools.

This round, we are looking for a User Advocate and a Documentation Editor. Applications are due March 22. Learn more about how to get started: https://blog.torproject.org/tor-outreachy-internships-underrepresented-people-tech

// Tor Browser 8.0a2 is Released //

The new release includes Tor 0.3.3.2-alpha, plus, we updated HTTPS Everywhere to 2018.1.29, NoScript to 5.1.8.4, and meek to 0.29. See the full changelog: blog.torproject.org/tor-browser-80a2-released

// Upcoming Events with Tor //

Nullcon with Amogh: https://nullcon.net Goa, India March 22, 2018

LibrePlanet with many Tor folks: https://www.libreplanet.org/2018/ Cambridge, MA March 24-25, 2018

Texas Library Association Conference with Alison Dallas, TX April 3, 2018

// Donate // https://donate.torproject.org

The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject