COVID-19's impact on Tor

Published on 2020-05-06

COVID-19's impact on Tor

https://blog.torproject.org/covid19-impact-tor

Tor, like much of the world, has been caught up in the COVID-19 crisis. Like many other nonprofits and small businesses, the crisis has hit us hard, and we have had to make some difficult decisions.

We had to let go of 13 great people who helped make Tor available to millions of people around the world. We will move forward with a core team of 22 people, and remain dedicated to continuing our work on Tor Browser and the Tor software ecosystem.

The world won’t be the same after this crisis, and the need for privacy and secure access to information will become more urgent. In these times, being online is critical and many people face ongoing obstacles to getting and sharing needed information. We are taking today’s difficult steps to ensure the Tor Project continues to exist and our technology stays available.

We are terribly sad to lose such valuable teammates, and we want to let all our users and supporters know that Tor will continue to provide privacy, security, and censorship circumvention services to anyone who needs them.  This won't affect our releases, Tor network and Tor Browser releases will continue as scheduled.

The most impactful way to help the Tor Project at this time is to become a monthly donor. Reoccurring, unrestricted income makes our budget more predictable and sustainable. If you'd like to make a donation, please consider monthly giving.

https://donate.torproject.org/monthly-giving

New Releases

Tor 0.4.3.4-rc 

This is the first release candidate in its series. It fixes several bugs from earlier versions, including one affecting DoS defenses on bridges using pluggable transports.

https://blog.torproject.org/new-release-candidate-tor-0434-rc

Tor Browser 9.5a11

This release updates Firefox to 68.7.0esr, NoScript to 11.0.23, and OpenSSL to 1.1.1f. In addition, this update features important security fixes to Firefox and it includes improved usability for onion services.

https://blog.torproject.org/new-release-tor-browser-95a11

Tor Browser 9.0.9

This release features important security fixes to Firefox. Please make sure you update your Tor Browser.

https://blog.torproject.org/new-release-tor-browser-909

Tails 4.5

The Tails team is happy to publish Tails 4.5, the first version of Tails to support Secure Boot. This release also fixes many security vulnerabilities. You should upgrade as soon as possible.

https://blog.torproject.org/new-release-tails-45

Tor Browser 9.5a10

This release features important security fixes to Firefox. Please make sure you update your Tor Browser.

https://blog.torproject.org/new-release-tor-browser-95a10

Tor Browser 9.0.8

This release features important security fixes to Firefox. Please make sure you update your Tor Browser. Full changelog. https://blog.torproject.org/new-release-tor-browser-908

What We're Reading

Upcoming Events with Tor

  • Postponed. BSides. Barcelona, Spain. May 08, 2020.

  • Postponed. CryptoRave, São Paulo, Brazil. May 15, 2020 - May 16, 2020.

Join Our Community

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay

Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet

Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org

--

The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject

Facebook: https://facebook.com/torproject

Instagram: https://instagram.com/torproject

Mastodon: http://mastodon.social/@torproject

Remote Work and Personal Safety

Published on 2020-03-31

Remote Work and Personal Safety

English: https://blog.torproject.org/remote-work-personal-safety

Spanish: https://blog.torproject.org/Conectadas-seguras-tiempos-cuarentena

Portuguese: https://blog.torproject.org/trabalho-remoto-seguranca-pessoal

Italian: https://blog.torproject.org/lavoro-remoto-sicurezza-personale

This is a novel and troubling situation we’re in globally. As a remote, international organization developing tools for online safety, we’d like to share some of our tips about working from home and retaining your rights to privacy and freedom of expression.

Remote Working

Since incorporated in 2006, the Tor Project and its community have largely operated remotely. Whenever possible, we use free and open source tools that share our commitment to advancing the human rights to privacy and freedom of expression online. Here’s what we’re using now to stay connected:

IRC. The bulk of our online conversations happen in open channels on IRC, like #tor-project, #tor-dev, and #tor-www among others. If you want to chat with us about Tor, you can find us in #tor. No matter what chat tool your organization may use, we recommend setting up an off-topic channel or direct messaging the person you want to connect with. The opportunity to interact on a more personal level by sharing news and just bantering without interfering with core channel topics is invaluable. You don’t need to share an email address or personal identifying information to register or use IRC.

Nextcloud. This productivity platform could be your alternative to G Suite. We use it for collaborative docs, calendars, and file storage.

Riseup pads. We use these for agendas, taking notes, and drafting blog posts. They don’t save indefinitely, so this isn’t for storage, but ephemerality can keep sensitive information safe. There’s no account needed, only a web browser.

For people working with at-risk groups or sensitive information, these will be particularly helpful:

Tor Browser. Using Tor Browser for searches, logging into accounts, or collaborating protects you from trackers on websites, surveillance from your ISP or anyone monitoring your network, and from censorship enacted by your ISP or government. If you are a health provider or first responder conducting sensitive searches that could be tied to people visiting you or other more easily monitorable activities, Tor Browser is a tool that can protect you and the people you serve.

"I'm a doctor in a very political town. When I have to do research on diseases and treatment or look into aspects of my patients' histories, I am well aware that my search histories might be correlated to patient visits and leak information about their health, families, and personal lives. I use Tor to do much of my research when I think there is a risk of correlating it to patient visits." - Anonymous Tor User

Signal. For 1:1 messaging, calls, and small group chats, we use Signal, the open source messaging app. It’s end-to-end encrypted, and you can set messages containing sensitive information to expire.

Jitsi Meet. For voice and video meetings, Jitsi Meet is a staple. It’s open source, encrypted, and no accounts are necessary to use it. Just choose a meeting address, say https://meet.jit.si/onionsforall, and share that link. Try this before turning to Zoom, which has come under scrutiny for its lack of transparency.

OnionShare. OnionShare allows you to securely and anonymously share a file of any size without any third parties. If you need to share critical resources with individuals or groups, the latest version of OnionShare also allows you to spin up an onion site only accessible over the Tor network.

share.riseup.net. This is a web-based tool for speedily sharing smaller files (up to 50mb). We frequently drop riseup links into our IRC channels to share photos and screenshots.

If you’re still not finding the right tool to fit your coworking needs, anarcat, SysAdmin at the Tor Project, has more recommendations for Remote presence tools for social distancing: https://anarc.at/blog/2020-03-15-remote-tools/

Personal Safety

Home isn’t a safe space for everyone. We realize that there are many people who are suddenly at home more often and in relationships that put them at risk of harm. If you are seeking help in a relationship or are in contact with someone who needs help, we recommend using Tor Browser to seek information or assistance without leaving a trace of that search or browsing history. The National Network to End Domestic Violence has additional recommendations you can follow.

The same goes for anyone researching sensitive personal topics, be they womens’ health resources, immigration resources, or information about medical or mental health conditions: Using Tor Browser, in combination with its default search engine DuckDuckGo, can help you keep your personal information to yourself, empower you with the ability to choose what you share, and allow you to access critical information and resources that may be blocked or under scrutiny.

"I use Tor Browser to research about mental diseases, e.g. depression, that occur in our family. I don't want anyone to know about these diseases who I don't want to tell. That's why I use Tor for researching about anything related to these diseases." - Anonymous Tor User

Many of the tools for coworking we outlined above, including Jitsi, Signal, and OnionShare, can help you communicate more safely in difficult circumstances.

Stay Connected

These are uncertain times, and it’s critical we stay connected and do our part to keep each other safe. If you have any questions about Tor, how Tor or any of these other tools may be helpful to you, join us in #tor on IRC.

If you want to get involved with our work, we welcome you to join our community. We are a small nonprofit organization with a big mission: to make privacy and freedom the default online, and our work is made possible by countless volunteer contributors around the world. We hope you'll join us.

We are just one of countless online communities where you could make an impact, so if you’re not finding the right fit, keep exploring. This could also be an opportunity to start your own.

Cooking with Onions: Reclaiming the Onionbalance //

https://blog.torproject.org/cooking-onions-reclaiming-onionbalance

Onionbalance is one of the standard ways onion service administrators can load balance onion services, but it didn't work for v3 onions. Until now. We just released a new version of Onionbalance that supports v3 onion services.

The core functionality remains the same: Onionbalance allows onion service operators to achieve the property of high availability by allowing multiple machines to handle requests for an onion service.

If you are already familiar with configuring Tor onion services, setting up Onionbalance is simple. Check the precise setup instructions on our documentation page. Read more: https://blog.torproject.org/cooking-onions-reclaiming-onionbalance

New Releases

Tor Browser 9.0.7 https://blog.torproject.org/new-release-tor-browser-907

This release updates Tor to 0.4.2.7 and NoScript to 11.0.19. In addition, this release disables Javascript for the entire browser when the Safest security level is selected. This may be a breaking change for your workflow if you previously allowed Javascript on some sites using NoScript.

Tor 0.3.5.10, 0.4.1.9, and 0.4.2.7

https://blog.torproject.org/new-releases-03510-0419-0427

This is the third stable release in the 0.4.2.x series. It backports numerous fixes from later releases, including a fix for TROVE-2020-002, a major denial-of-service vulnerability that affected all released Tor instances since 0.2.1.5-alpha.

Tor 0.4.3.3-alpha

https://blog.torproject.org/new-release-tor-04330-alpha

Tor 0.4.3.3-alpha fixes several bugs in previous releases, including TROVE-2020-002, a major denial-of-service vulnerability that affected all released Tor instances since 0.2.1.5-alpha.

Tor Browser 9.5a8

https://blog.torproject.org/new-release-tor-browser-95a8

This release updates Firefox to 68.6.0esr and NoScript to 11.0.15.

Tor Browser 9.0.6

https://blog.torproject.org/new-release-tor-browser-906

This release updates Firefox to 68.6.0esr and NoScript to 11.0.15.

Tor Browser 9.5a7

https://blog.torproject.org/new-release-tor-browser-95a7

This release resolves breakage introduced in version 9.5a6 where non-en-US versions are not starting up.

What We're Reading

"As Coronavirus Surveillance Escalates, Personal Privacy Plummets," NYTimes.

https://nytimes.com/2020/03/23/technology/coronavirus-surveillance-tracking-privacy.html

https://www.nytimes3xbfgragh.onion/2020/03/23/technology/coronavirus-surveillance-tracking-privacy.html

"Expertos en privacidad admiten que la crisis permite un uso excepcional de datos personales," El Pais.

https://elpais.com/tecnologia/2020-03-21/expertos-en-privacidad-admiten-que-la-crisis-permite-un-uso-excepcional-de-datos-personales.html

"How to use the Tor Browser’s tools to protect your privacy," The Verge.

https://www.theverge.com/2020/2/21/21138403/tor-privacy-tools-private-network-browser-settings-security

"Locked-Down Lawyers Warned Alexa Is Hearing Confidential Calls," Bloomberg.

https://www.bloomberg.com/news/articles/2020-03-20/locked-down-lawyers-warned-alexa-is-hearing-confidential-calls

Upcoming Events with Tor //

Join Our Community

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://trac.torproject.org/projects/tor/wiki/TorRelayGuide

Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet

Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org

--

The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject

Facebook: https://facebook.com/torproject

Instagram: https://instagram.com/torproject

Mastodon: http://mastodon.social/@torproject

Tor in the News, We're Hiring, IFF CFP, Releases

Published on 2020-02-27

Tor in the Media: 2019

https://blog.torproject.org/tor-media-2019

In 2019, mainstream coverage of privacy wins and challenges increased, and with that, so did coverage of the Tor Project. We are proud of what we accomplished last year and proud that our work advancing human rights to privacy and freedom online has caught the attention of outlets such as BBC, WIRED, Deutsche Welle, and NPR. Not only did they write about us, but some of these big names also began using and promoting our tools.

We’ve broken down 2019 coverage into sections: Tor’s Reach and Accessibility, Anti-Censorship, Onion Adoption, Ecosystem Impact, Cryptocurrency, and Advocacy. Check out the more comprehensive list of coverage.

Tor’s Reach and Accessibility

Inspired by major advancements in Tor Browser’s design, integration of Tor tabs in Brave browser, and the alpha release of Tor Browser for Android, Lily Hay Newman at Wired declared 2019 the year to try Tor.

"In truth, Tor has been relatively accessible for years now, largely because of the Tor Browser,
which works almost exactly like a regular browser and does all the complicated stuff for you in
the background. But in 2018 a slew of new offerings and integrations vastly expanded the available
tools, making 2019 the year to finally try Tor. You may even end up using the network without realizing it."

As people become more aware of how tech giants exploit their information, Tor was also cited as privacy-first alternative to Chrome.

As part of our goal to make Tor available to everyone online who needs it, we knew we needed to meet people where they are using the internet: on their mobile devices. In 2019, we made it "easier than ever" for people to use Tor by making it available on Android, and this development was written about by several publications.

Anti-Censorship

In addition to improved accessibility and privacy protections, our anti-censorship work made headlines. OONI, a project under Tor, was recognized for its contributions to documenting evidence of internet censorship worldwide.

Several outlets promoted Snowflake, an extension we released, now in an experimental stage, which empowers users of those browsers to help Tor users circumvent censorship.

Onion Adoption

To help users in censored countries reach their content, BBC, Deutsche Welle, and Mada Masr have joined ProPublica, The New York Times, and BuzzFeed News to set up onion addresses using Tor onion services. In addition to those outlets promoting their onion mirrors, other news sites also picked up on the BBC announcement. Due to the enhanced privacy and security properties onion addresses provide, in addition to their ability to help censored users bypass blocks, we expect this trend to continue. We will be focusing on scaling to meet this demand in 2020.

Ecosystem

Not all Tor benefits come from directly connecting to the network, using Tor Browser, or implementing onion services. Our innovations and techniques also help to raise the bar for privacy and security in other technologies and were written about for doing so. Firefox users now benefit from our security and privacy features, including an anti-fingerprint technique called "letterboxing." Mozilla is also exploring using Tor for a ‘Super Private Browsing’ mode. In 2019, Mozilla announced a research grant regarding Tor integration to Firefox. Currently the Firefox team is exploring testing a prototype using an add-on integration.

Cryptocurrency

This year, we were a trailblazing nonprofit organization regarding our acceptance of cryptocurrency donations. Many people in the cryptocurrency community share Tor's values of privacy and freedom online and expressed excitement about contributing to Tor through a variety of new cryptocurrencies. As one of the first nonprofits to accept cryptocurrencies on such a wide scale, we also set an example for other organizations to follow.

Advocacy

Our mission extends beyond developing tools that advance the human rights to privacy and freedom online; we also advocate for their use and other relevant critical issues necessary for a world where Tor thrives. We are proud to have joined in several campaigns in 2019 to uphold our values and speak out against dangerous demands to weaken encryption and increase surveillance.

2019 was a big year in the news for Tor, and as the demand for privacy online increases, we expect the stories to continue in 2020 as we focus on promoting our tools as the backbone of an internet that puts privacy first, by design.

Check out a more comprehensive list of Tor's media coverage: https://blog.torproject.org/tor-media-2019

We're Hiring an Executive Assistant

https://www.torproject.org/about/jobs/executive-assistant/

The Executive Assistant is responsible for providing high-level administrative support to the Executive Director. This position will actively manage the ED’s schedule, handle internal and external executive-level communications, and coordinate special projects and events. This position is full-time and remote; someone in the Eastern time zone strongly preferred.

Tor Village at IFF: Call for Proposals

During this year's Internet Freedom Festival (IFF), we're organizing a village with activities on privacy, anonymity, and anti-censorship based around Tor. IFF will take place from April 20 - 24 2020 in Valencia, Spain, and the Tor Village will take place on the last two days, April 23 and 24. Proposals can be made in English or Spanish. Proposals should be sent by March 10th at 23:59 UTC to iff@torproject.org. Proposals sent after the deadline or by other means will not be accepted.

Check out some activity ideas and how to submit: https://blog.torproject.org/tor-village-iff-2020-call-proposals

New Releases

BridgeDB 0.9.3

https://blog.torproject.org/new-release-bridgedb-093

When ISPs or governments block access to the Tor network, our users rely on bridges to connect. With BridgeDB, we tackle the problem of how to get bridges to censored users while making it difficult for censors to get all bridges. We recently released BridgeDB version 0.9.3, which comes with bug fixes and new features.

Tor Browser 9.5a5

https://blog.torproject.org/new-release-tor-browser-95a5

This release updates Firefox to 68.5.0esr, NoScript to 11.0.13, and on desktop, Tor to 0.4.3.2-alpha. We also added a new default bridge.

Tor Browser 9.0.5

https://blog.torproject.org/new-release-tor-browser-905

This release updates Firefox to 68.5.0esr, NoScript to 11.0.13, and on desktop, Tor to 0.4.2.6. We also added a new default bridge and backported a few improvements from the alpha series.

Tor 0.4.3.2-alpha

https://blog.torproject.org/new-release-tor-0432-alpha

This is the second stable alpha release in the Tor 0.4.3.x series. It fixes several bugs present in the previous alpha release. Anybody running the previous alpha should upgrade and look for bugs in this one instead.

What We're Reading

"Hacker Eva Galperin Has a Plan to Eradicate Stalkerware," Andy Greenberg, WIRED.

https://www.wired.com/story/eva-galperin-stalkerware-kaspersky-antivirus/

"Brazilian Judge Declines to Move Forward With Charges Against Glenn Greenwald 'for Now,'" Murtaza Hussain, The Intercept.

https://theintercept.com/2020/02/06/glenn-greenwald-intercept-brazil-charges/

"How schools are using kids' phones to track and surveil them," Alfred Ng, CNET.

https://www.cnet.com/news/how-schools-are-using-kids-phones-to-track-and-surveil-them/

Upcoming Events with Tor

Netdev 0x14. Vancouver, Canada. March 17, 2020 - March 20, 2020. https://blog.torproject.org/net-dev-vancouver

Bitcoin2020. San Francisco, USA. March 27, 2020 - March 28, 2020. https://blog.torproject.org/bitcoin2020-sanfrancisco

IFF and Tor Village. Valencia, Spain. April 20, 2020 - April 24, 2020. https://blog.torproject.org/iff-tor-village-valencia

BSides. Barcelona, Spain. May 08, 2020. https://blog.torproject.org/b-sides-barcelona-2020

CryptoRave, São Paulo, Brazil. May 15, 2020 - May 16, 2020. https://blog.torproject.org/cryptorave-sao-paulo-2020

Join Our Community

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://trac.torproject.org/projects/tor/wiki/TorRelayGuide

Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet

Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org

--

The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject

Facebook: https://facebook.com/torproject

Instagram: https://instagram.com/torproject

Mastodon: http://mastodon.social/@torproject

Bug Smash, Advocacy, What We're Reading, Events

Published on 2020-01-30

Tor's Bug Smash Fund: Progress So Far

https://blog.torproject.org/tor-bug-smash-fund-progress

At the beginning of August 2019, we asked you to help us build our very first Bug Smash Fund. This fund will ensure that the Tor Project has a healthy reserve earmarked for maintenance work and smashing the bugs necessary to keep Tor Browser, the Tor network, and the many tools that rely on Tor strong, safe, and running smoothly. Together we raised $86,081.

So far, we've marked 77 tickets with BugSmashFund. As of today, 56 of those tickets have been closed, and 21 of them are still in progress. With this reserve, we've been able to fix bugs and complete necessary maintenance on core tor, bridgedb, Snowflake, and Metrics, as well as complete the Tor Browser ESR 68 migration. Roughly half of the Bug Smash Fund remains available for allocation, and we will continue to tag relevant maintenance work and bug fixing tickets that will be covered with this reserve. Thank you for supporting this work. Find out what tickets we've closed so far: https://blog.torproject.org/tor-bug-smash-fund-progress

Help Stop the Sale of Public Interest Registry to a Private Equity Firm

https://act.eff.org/action/help-stop-the-sale-of-public-interest-registry-to-a-private-equity-firm

Last month it was suddenly announced that the nonprofit that owns the .ORG domain registry was planning to sell it to a private equity firm, Ethos Capital. This could impact the millions of individuals and organizations that have a .ORG website, including the Tor Project, subjecting them to potential censorship and leaving the door open for price increases on domain registration and renewals.

Please take action today and add your name to the twenty-thousand individuals who have opposed the sale.

Buying a smart phone on the cheap? Privacy might be the price you have to pay

https://privacyinternational.org/advocacy/3320/open-letter-google

https://privacyintyqcroe.onion/advocacy/3320/open-letter-google

Research by Privacy International shows that cheap smartphones come with a hidden cost: pre-installed apps that can't be deleted and that leak your data.

We're telling Google it's time to take action on pre-installed apps. Add your voice here: https://privacyinternational.org/petition.

Privacy isn't about having something to hide.

We believe technology must be designed in an ethical way that respects people's digital rights. Privacy cannot be an afterthought with room for interpretation by businesses that thrive on exploiting us online. Privacy must be the default.

https://www.nytimes.com/2019/12/29/technology/california-privacy-law.html

https://www.nytimes3xbfgragh.onion/2019/12/29/technology/california-privacy-law.html

New Releases

Tor 0.4.3.1-alpha

https://blog.torproject.org/new-alpha-release-tor-0431-alpha

This is the first alpha release in the 0.4.3.x series. It includes improved support for application integration of onion services, support for building in a client-only mode, and newly improved internal documentation (online at https://src-ref.docs.torproject.org/tor/). It also has numerous other small bugfixes and features, as well as improvements to our code's internal organization that should help us write better code in the future.

Tor Browser 9.5a4

https://blog.torproject.org/new-release-tor-browser-95a4

This new alpha release picks up security fixes for Firefox 68.4.0esr and 68.4.1esr. In addition, this release updates the bundled NoScript extension to its latest version.

Tor Browser 9.0.3 & 9.0.4

https://blog.torproject.org/new-release-tor-browser-903

https://blog.torproject.org/new-release-tor-browser-904

9.0.4 fixes a critical security issue in Firefox: CVE-2019-17026.

9.0.3 picks up security fixes for Firefox 68.4.0esr. We also updated Tor to 0.4.2.5 for the desktop versions. On Android we fixed a possible crash after the bootstrap.

Stem 1.8

https://blog.torproject.org/new-release-stem-18

Stem is a Python library for interacting with Tor. With it you can script against your relay, descriptor data, or even write applications like Nyx.

What We're Reading

"Reporters Face New Threats From the Governments They Cover," James Risen, The New York Times. [.onion]

https://nytimes3xbfgragh.onion/2020/01/26/opinion/greenwald-brazil-reporter.html

https://nytimes.com/2020/01/26/opinion/greenwald-brazil-reporter.html

"Both the Trump administration and the right-wing Brazilian government of President Jair Bolsonaro seem to have decided to experiment with such draconian anti-press tactics..."

"The Trump Administration's Lies About Encryption Are Putting Our Privacy in Danger," Trevor Timm.

http://gen.medium.com/the-trump-administrations-lies-about-encryption-are-putting-our-privacy-in-danger-1291d5582283

"The Trump administration is now engaged in a multipronged effort to pressure tech companies to weaken encryption protecting the privacy of billions of people. And make no mistake: They are blatantly lying about it to try to get their way."

"You Are Now Remotely Controlled," Shoshana Zuboff, The New York Times.

https://www.nytimes3xbfgragh.onion/2020/01/24/opinion/sunday/surveillance-capitalism.html

https://nytimes.com/2020/01/24/opinion/sunday/surveillance-capitalism.html

"Surveillance capitalists exploit the widening inequity of knowledge for the sake of profits. They manipulate the economy, our society and even our lives with impunity, endangering not just individual privacy but democracy itself."

Upcoming Events with Tor

FOSDEM. Belgium, Brussels. 1-2 February 2020. https://blog.torproject.org/tor-fosdem-2020-brussels

FOSDEM's Interview with Pili, Tor Project, Project Manager: https://fosdem.org/2020/interviews/pili-guerra/

Join Our Community

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://trac.torproject.org/projects/tor/wiki/TorRelayGuide

Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet

Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org

--

The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject

Facebook: https://facebook.com/torproject

Instagram: https://instagram.com/torproject

Mastodon: http://mastodon.social/@torproject

Digital Rights are Human Rights

Published on 2019-12-26

Interview with Cindy Cohn, EFF Executive Director & Tor Board Member

https://blog.torproject.org/interview-cindy-cohn-eff-executive-director

Cindy Cohn, Executive Director of the Electronic Frontier Foundation (EFF) and Board Member of the Tor Project, was named one of America's Top 50 Women in Tech 2018 by Forbes. As a tireless defender of digital rights, we wanted to get her take on the state of the internet today, recent victories and challenges ahead, and Tor’s role in taking back the internet.

How would you describe the internet today?

Disempowering. Between surveillance business models, national security surveillance, and ineffective legal and technical protections, many people feel that they have no power to protect their security and privacy.

But the good news is that we can regain control and more people than ever are demanding a course change. Tor is a critical tool to helping us make that shift.

What do you think are some key victories that have happened in the past year to advance privacy and freedom online?

Tor and the Tor network just keeps getting stronger, more important, and easier to use. That’s amazing and a testament to the fierce, powerful and smart people who develop, support, maintain, and protect it.

I’m also heartened by the growing recognition across the world that privacy and security are linked and that technical, legal, and policy work is all needed to protect them.

I’m biased, but I think that a major step toward protecting people’s privacy as they cross the US border came in the Alasaad case EFF and the ACLU handled, where the court agreed with us that the US government needs reasonable suspicion to search the devices that people carry.

The ongoing efforts to encrypt the web and increase awareness about security tools and practices are also cause for celebration.

What challenges do you think privacy advocates and developers will face in the next year online?

I think the rise of authoritarianism around the world will continue to present challenges for privacy advocates and developers. One of the key things that would-be dictators know is that they have to prevent the people from being able to speak and learn things confidentially. This means more attacks on encryption.

I think that advocates and developers will need to continue to stand up for encryption and also ultimately will have to address the need to re-decentralize the internet. The pressures on the tech giants to make sure that no one can have a private conversation online will continue. We need to be ready and build out alternatives.

What is the internet you would like to see in the future?

We need to build a world where everyone has free (as in speech) access to read, speak, create, and control their experience, including creating their own tools and protecting their own privacy. A world where humans have the legal, policy, and cultural support and protection to do so. Where individuals have the strength and processing power to take on larger organizations, whether government or corporate, as well as to be protected from them. A world where our technology, whether as simple as an email or as complex as an AI system, is trustworthy and loyal to us.

Why do you think people should support and care about Tor?

If you care about maintaining (or creating) a society that can change — where ideas can grow and information can be learned free of control by governments or corporations — then Tor is one of the critical tools that you should support and care about.

Tor protects the canaries in the coal mines.

Even if you personally don’t need the protection that Tor offers, standing up for Tor is standing with the people who take risks to keep the rest of us informed about some of the most dangerous and important facts and issues facing the planet.

The Next Chapter of Anti-Censorship

https://blog.torproject.org/next-chapter-anti-censorship

The video from the Tor Project Co-Founder Roger Dingledine's DEF CON 2019 talk ("The Tor Censorship Arms Race: The Next Chapter") is now up.

  • YouTube version (for those who can tolerate surveillance capitalism): https://www.youtube.com/watch?v=ZB8ODpw_om8
  • Original mp4 from DEF CON's onion service (download it and play it locally, since playing it in a browser doesn't display video): m6rqq6kocsyugo2laitup5nn32bwm3lh677chuodjfmggczoafzwfcad.onion/DEF%20CON%2027/DEF%20CON%2027%20video%20and%20slides/DEF%20CON%2027%20Conference%20-%20Roger%20Dingledine%20-%20The%20Tor%20Censorship%20Arms%20Race%20The%20Next%20Chapter.mp4
  • Backup mp4 for those who can't reach onion services: freehaven.net/~arma/DEF%20CON%2027%20Conference%20-%20Roger%20Dingledine%20-%20The%20Tor%20Censorship%20Arms%20Race%20The%20Next%20Chapter.mp4
  • Slides (pdf): freehaven.net/~arma/slides-dc19.pdf

This talk gets you up to speed on all the ways governments have tried to block Tor, walks through our upcoming steps to stay ahead of the arms race, and gives you some new—easier—ways that let you help censored users reach the internet safely.

Digital Rights are Human Rights

https://blog.torproject.org/digital-rights-are-human-rights

At the Tor Project, we build technologies that defend and promote the human rights to privacy and freedom. More than just a way to exercise an individual right, it’s a collective collaboration and movement that generates a common good for all. Everyone can use this open and secure network as infrastructure that has privacy as a default feature of its design. The Tor network promotes a radical decentralization with onion services, so you can run your own service without a dedicated IP address or having a domain name, all done privately and securely. Tor also promotes net neutrality, since it doesn't modify the traffic based on who is accessing it or which sites they are visiting. In other words, it's what we've always wanted the internet to be. Find out about how we've been working directly with human rights defenders to help them protect themselves online.

Modularizing Key Aspects of the Tor Network, Supported by MOSS

https://blog.torproject.org/modularizing-key-aspects-tor-network-moss

In 2018, the Tor Project was awarded a grant from Mozilla’s Open Source Support (MOSS) program’s Mission Partners track to improve Tor's codebase. The network team spent the last 12 months working on creating a Tor network codebase that is:

  • Easier to scale, more flexible, and faster in order to handle more users;
  • Easier for Tor developers, third-party developers, and researchers to navigate; and
  • Easier to adopt, contribute to, and improve.

In order to reach towards those goals, the network team:

  • Reduced module complexity and maintenance burden;
    • Developed new architecture for several key Tor modules;
  • Implemented better tooling;
  • Improved testing for several key Tor modules; and
  • Improved our documentation.

The biggest change introduced thanks to this project is a generic publish-subscribe mechanism for delivering messages internally. It is meant to help us improve the modularity of our code by avoiding direct coupling between modules that don't actually need to invoke one another.

For example, there are numerous parts of our code that might need to take action when a circuit is completed: a controller might need to be informed, an onion service negotiation might need to be attached, a guard might need to be marked as working, or a client connection might need to be attached. But many of those actions occur at a higher layer than circuit completion: calling them directly is a layering violation and makes our code harder to understand and analyze. With message-passing, we can invert this layering violation: circuit completion can become a "message" that the circuit code publishes, and to which higher-level layers subscribe. This means that circuit handling can be decoupled from higher-level modules and stay nice and simple.

The network team also continued earlier work that began in Tor 0.3.5 to make our code behave more modularly with its startup and teardown logic. Many tor modules now function as "subsystems" that are initialized, shut down, and updated with a standard interface, rather than with the confusing system of calls that was used before. Read more: https://blog.torproject.org/modularizing-key-aspects-tor-network-moss

Take Back the Internet with Us

"Technology doesn't need to come at the expense of privacy. Connectivity doesn't need to cost us our self-determination. With your help, we can keep Tor growing and improving to be what the world needs: a way to help take back the internet for freedom and human rights." - Nick Mathewson, Co-Founder, The Tor Project

Donate today, and Mozilla will match your donation. https://torproject.org/donate/donate-tbi-tn3

New Releases

Tor Browser 9.5a3 https://blog.torproject.org/new-release-tor-browser-95a3 This new alpha release picks up security fixes for Firefox 68.3.0esr and updates our external extensions (NoScript and HTTPS Everywhere) to their latest versions. Among other things, we made some cleanups in torbutton and fixed localization in the Android bundles. We also add three new locales: lt (Lithuanian), ms (Maylay), and th (Thai).

Tor 0.4.2.5 (also 0.4.1.7, 0.4.0.6, and 0.3.5.9) https://blog.torproject.org/new-release-0425-also-0417-0406-and-0359 This is the first stable release in the 0.4.2.x series. This series improves reliability and stability, and includes several stability and correctness improvements for onion services. It also fixes many smaller bugs present in previous series.

Tor Browser 9.0.2 https://blog.torproject.org/new-release-tor-browser-902 This new stable release is picks up security fixes for Firefox 68.3.0esr and updates our external extensions (NoScript and HTTPS Everywhere) to their latest versions. Apart from backports for patches that already landed in alpha releases and fixing an error in our circuit display and improving our letterboxing support, Tor Browser 9.0.2 provides properly localized Android bundles again as well.

Upcoming Events with Tor

Censorship Resistance für den Anonymisierungsdienst Tor. Hagenberg, Austria. 9 January 2020. https://blog.torproject.org/events/censorship-resistance-fur-den-anonymisierungsdienst-tor-hagenberg

Join Our Community

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://trac.torproject.org/projects/tor/wiki/TorRelayGuide

Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet

Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

Donate to help keep Tor fast, strong, and secure. https://torproject.org/donate/donate-tbi-tn2

--

The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject

Facebook: https://facebook.com/torproject

Instagram: https://instagram.com/torproject

Mastodon: http://mastodon.social/@torproject

A Surveillance-Free Internet, Events, New Releases

Published on 2019-11-21

We Can Choose an Internet Without Surveillance

https://blog.torproject.org/we-can-choose-internet-without-surveillance

The surveillance dystopia is building up all around us, and the business model that has taken over the internet is largely to blame. In the surveillance economy, whenever we choose to use an application or a device, we are often forced to subject ourselves to unrestricted abuse of our private data. ISPs and big corporations are not only logging our activities, but often selling that information to third party data analysis and marketing companies like Cambridge Analytica and Dataminr.

The effects of the surveillance economy are terrifying. Our online activity has been used to influence elections by shaping how politically motivated entities can spread personally targeted misinformation. We have also seen these companies sign contracts with law enforcement and authoritarian governments to use this information to unjustly target activists, minorities, and at-risk communities.

Even if you have not immediately felt or experienced a direct consequence of being surveilled, the idea you may be surveilled can have chilling consequences on your daily life.

PEN America surveyed over 520 American writers to understand if and how surveillance was influencing their work. 1 in 6 writers said they had avoided speaking or writing on a topic they thought would subject them to surveillance.

Just the fear of surveillance can turn us into self-censors. This fear can stop us from exercising intellectual freedom and curiosity. If we think we are being watched, our behavior changes. Our mental state changes as well. According to research conducted by Christopher Burr at the Digital Ethics Lab at the University of Oxford, the effects of surveillance on the brain can "be just as mentally taxing as mental disorders like depression, and can even cause symptoms similar to post-traumatic stress disorder."

The spread of surveillance is not inevitable. We can fight against facial recognition technology and invasive searches, stand up for encryption, and demand privacy by design from service providers.

The internet is not just a network of computers—it's a network of people. We hold great power in deciding its future.

Our Website + Tor Browser Now Available in Catalan

Sabem que és més fàcil utilitzar alguna cosa en el vostre propi idioma. Si mai no heu provat el navegador Tor, avui és el dia. Prova-ho ara: https://torproject.org/ca

Take Back the Internet with Us

https://torproject.org/donate/donate-tbi-tn2

Donate today, and Mozilla will match your donation.

New Releases

Tor Browser 9.5a2 https://blog.torproject.org/new-release-tor-browser-95a2 This new alpha release contains various bug fixes and improvements. Among them, we improved the letterboxing experience.

Tor 0.4.2.4-rc https://blog.torproject.org/new-release-candidate-tor-0424-rc Tor 0.4.2.4-rc is the first release candidate in its series. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely by Dec 3.

Tor Browser 9.0.1 https://blog.torproject.org/new-release-tor-browser-901 This release fixes regressions and improves upon our 9.0 release.

Upcoming Events with Tor

V Jornades Internacionals de dones en el sector TIC. Barcelona, Spain. 22 November 2019. https://blog.torproject.org/events/v-jornades-internacionals-de-dones-en-el-sector-tic-barcelona

WoSec and InfoSecGirls Workshop. Pune, India. 30 November 2019. https://blog.torproject.org/events/wosec-and-infosecgirls-workshop-pune

Reproducible Builds Summit. Marrakesh, Morocco. 3-5 December 2019. https://blog.torproject.org/events/reproducible-builds-summit-marrakesh-2019

Hackers Next Door. Brooklyn, New York. 14-15 December 2019. https://blog.torproject.org/events/hackers-next-door-brooklyn

What We're Reading

Federal Court Rules Suspicionless Searches of Travelers' Phones and Laptops Unconstitutional. EFF. "In a major victory for privacy rights at the border, a federal court in Boston ruled today that suspicionless searches of travelers' electronic devices by federal agents at airports and other U.S. ports of entry are unconstitutional." https://www.eff.org/press/releases/federal-court-rules-suspicionless-searches-travelers-phones-and-laptops

Join Our Community

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://trac.torproject.org/projects/tor/wiki/TorRelayGuide

Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet

Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

Donate to help keep Tor fast, strong, and secure. https://torproject.org/donate/donate-tbi-tn2

--

The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject

Facebook: https://facebook.com/torproject

Instagram: https://instagram.com/torproject

Mastodon: http://mastodon.social/@torproject

Big Changes to Tor Browser, New Job Opening, Events

Published on 2019-10-30

We Brought Big UX and Localization Improvements to Tor Browser

https://blog.torproject.org/new-release-tor-browser-90

We want everyone in the world to be able to enjoy the privacy and freedom online Tor provides, and that's why over the past couple years, we've been working hard to boost our UX and localization efforts, with the biggest gains first visible in Tor Browser 8.0.

In Tor Browser 9.0, we continued to build upon those efforts with sleeker integration and additional localization support so Tor Browser can work better for you.

Goodbye, Onion Button

We want your experience using Tor to be fully integrated within the browser so how you use Tor is more intuitive. That's why now, rather than using the onion button that was in the toolbar, you can see your path through the Tor network and request a New Circuit through the Tor network in [i] on the URL bar.

Hello, New Identity Button

Instead of going into the onion button to request a New Identity, we've made this important feature easier to access by giving it its own button in the toolbar.

You can also request a New Identity, and a New Circuit, from within the [=] menu on the toolbar.

Torbutton and Tor Launcher Integration

Now that both extensions are tightly integrated into Tor Browser, they'll no longer be found on the about:addons page.

Rather than being a submenu behind the onion button, Tor Network Settings, including the ability to fetch bridges to bypass censorship where Tor is blocked, are easier to access on about:preferences#tor.

Better Localization Support

If we want all people around the world to be able to use our software, then we need to make sure it's speaking their language. Since 8.0, Tor Browser has been available in 25 languages, and we added 5 locales more in Tor Browser 8.5. We added support for two additional languages: Macedonian (mk) and Romanian (ro), bringing the number of supported languages to 32.

We also fixed bugs in our previously shipped localized bundles (such as ar and ko).

Many thanks to everyone who helped with these, in particular to our translators.

And that's not all. Find out what else is new in Tor Browser 9: https://blog.torproject.org/new-release-tor-browser-90

Publish Anonymous, Uncensorable Websites with OnionShare

https://blog.torproject.org/new-version-onionshare-makes-it-easy-anyone-publish-anonymous-uncensorable-websites-0

OnionShare is an open source tool that lets you securely and anonymously share a file of any size.

In addition to the "Share Files" and "Receive Files" tabs, OnionShare 2.2 introduces the "Publish Website" tab. You drag all of the files that make up your website into the OnionShare window and click "Start sharing." It will start a web server to host your static website and give you a .onion URL. This website is only accessible from the Tor network, so people will need Tor Browser to visit it. People who visit your website will have no idea who you are \'96 they won\'92t have access to your IP address, and they won\'92t know your identity or your location. And, so long as your website visitors are able to access the Tor network, the website can\'92t be censored.

Read more about it and try it out: https://blog.torproject.org/new-version-onionshare-makes-it-easy-anyone-publish-anonymous-uncensorable-websites-0

We're Hiring a Shadow Simulation Developer

https://blog.torproject.org/were-hiring-shadow-simulation-developer

We are seeking an experienced programmer to help us develop cutting-edge network simulation / emulation software. This person will be responsible for the implementation, documentation, and testing of software to support research into privacy-enhancing technologies. In particular, this person will be contributing to software that constructs large, realistic, high fidelity simulations of anonymity networks, allowing other researchers to run existing software (e.g., Tor) on top of a virtualized network. As such, this person should be comfortable working with established codebases (github.com/shadow) and incrementally improving them through modular design.

The ideal candidate will have significant practical programming skills, specifically, expertise in parallel program design and development.

Learn more and how to apply: https://blog.torproject.org/were-hiring-shadow-simulation-developer

Take Back the Internet with Us

Donate today, and Mozilla will match your donation. https://torproject.org/donate/donate-tbi-tn1

More New Releases

Tor 0.4.2.3-alpha

https://blog.torproject.org/new-alpha-release-tor-0423-alpha

This release fixes several bugs from the previous alpha release, and from earlier versions of Tor.

Tor Browser 9.5a1

https://blog.torproject.org/new-release-tor-browser-95a1

This is the first alpha release in the 0.4.2.x series. It adds new defenses for denial-of-service attacks against onion services. It also includes numerous kinds of bugfixes and refactoring to help improve Tor's stability and ease of development.

Tails 4.0

https://blog.torproject.org/new-release-tails-40

The Tails team is especially proud to present you Tails 4.0, the first version of Tails based on Debian 10 (Buster). It brings new versions of most of the software included in Tails and some important usability and performance improvements. Tails 4.0 introduces more changes than any other version since years. This release also fixes many security issues.

Upcoming Events with Tor

Tor Sharing. Taipei, Taiwan. 31 October 2019. https://blog.torproject.org/events/tor-sharing-taipei

Driving IT. Copenhagen, Denmark. 1 November 2019. https://blog.torproject.org/events/driving-it-copenhagen

Internet e anonimato: la rete Tor. Firenze, Italy. 6 November 2019. https://blog.torproject.org/events/internet-e-anonimato-la-rete-tor-firenze

Tor Meetup. Brussels, Belgium. 8 November 2019. https://blog.torproject.org/events/tor-meetup-brussels

CriptoDunas. Fortaleza, Brazil. 11 November 2019 - 14 November 2019. https://blog.torproject.org/events/criptodunas-fortaleza-brazil

The Future of Speech Online. Washington, DC, USA. 15 November 2019. https://blog.torproject.org/events/future-speech-online-dc

What We're Reading

BBC Launches Tor Mirror Site To Thwart Media Censorship. NPR. "In an effort to fight media censorship, the BBC has made a version of its website available on Tor, a privacy-focused browser that makes it more difficult to monitor a user's online activity." https://www.npr.org/2019/10/24/773060596/bbc-launches-tor-mirror-site-to-thwart-media-censorship

These watchdogs track secret online censorship across the globe. CNET. "Researchers at OONI use a collection of network signals submitted by volunteers that mean little individually but can point to interference when combined. The signs can seem like random quirks of the internet: 404 error messages and odd pop-up windows. OONI's researchers, however, use their data to uncover the techniques behind censorship. This lets them map what's been made invisible." https://www.cnet.com/features/the-watchdogs-tracking-secret-online-censorship-across-the-globe-ooni/?ftag=COS-05-10aaa0b

Join Our Community

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://trac.torproject.org/projects/tor/wiki/TorRelayGuide

Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet

Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org

--

The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject

Facebook: https://facebook.com/torproject

Instagram: https://instagram.com/torproject

Mastodon: http://mastodon.social/@torproject

Reaching People Where They Are

Published on 2019-10-02

Reaching People Where They Are

https://blog.torproject.org/reaching-people-where-they-are

Part of the Tor Project's mission is to further the popular understanding of privacy technologies, and we believe we can achieve it by combining educational efforts with usability efforts. Popular understanding is to not only be aware of such privacy technologies but to also be able to use and control them.

With that in mind, we decided to integrate user experience research into our digital security training with a single program called 'User Feedback Program '92.

When we first launched this program two years ago, we aimed at a diverse and engaged audience of human rights defenders in the Global South. We are happy to share that, in a moderate estimate, these activities reached an audience of 800 people through 71 activities in 22 cities and seven countries: Brazil, Colombia, Mexico, India, Indonesia, Kenya, Uganda.

This was our first major effort to establish a training cycle aimed to strengthen and expand the understanding of privacy technologies and the Tor community in the Global South. Members of the UX and Community teams conducted these trainings in partnership with local non-profits, who helped us reach the communities from their countries who needed this type of education the most.

The results of interviews and usability tests were processed and analyzed by our UX team, and their work with users has led to different projects: a collection of personas to help guide our decisions when working on our tools, interface improvements, bugs fixed, and new features already deployed by the Tor Project developers. We are proud to say that today, the Tor Project has a software development cycle that puts the user at the center while respecting privacy.

That is a huge gain, but is not all we set out to do. We learned a lot running these trainings, and we don '92t want to keep it to ourselves. We also want to share some insights into our experiences running trainings in the Global South to empower others to do the same. We know we can '92t scale if we need to travel to these locations every time a group needs digital security training.

We must share our skills with our partners and help build local capacity that can help these communities on a continuous basis. Find out what we've learned so far: https://blog.torproject.org/reaching-people-where-they-are

Honoring Translators

https://blog.torproject.org/honoring-translators

We believe everyone should have private access to the open internet. That is what our tools aim to provide, but they're not doing any good if people are not able to use them in their own language.

As a small nonprofit organization, we are fortunate to have a community of volunteers who help us with many aspects of Tor, including running relays, research, outreach, and more.

To celebrate International Translation Day 30 September, the Tor Project would like to acknowledge all of the dedicated volunteer translators that contribute to the Tor Project on a daily basis. You help us make our software relevant for people who need it around the world. Thank you.

Browser Fingerprinting: An Introduction and the Challenges Ahead

https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead

In the past few years, a technique called browser fingerprinting has received a lot of attention because of the risks it can pose to privacy. If one attribute of your browser fingerprint (or the combination of several) is unique, your device can be identified and tracked online. We started to guard against this since 2007, before the term "browser fingerprinting" was coined.

Find out what it is, how it is used, and what we're doing to protect against it.

Tor's Bug Smash Fund: $86K Raised!

https://blog.torproject.org/tors-bug-smash-fund-86k-raised

To the Tor community: we owe you a thank you!

At the beginning of August, we asked you to help us build our very first Bug Smash Fund. This fund will ensure that the Tor Project has a healthy reserve earmarked for maintenance work and smashing the bugs necessary to keep Tor Browser, the Tor network, and the many tools that rely on Tor strong, safe, and running smoothly.

Together we raised $86,081. You made the Bug Smash Fund campaign more successful than we could have predicted. Here's what's next: https://blog.torproject.org/tors-bug-smash-fund-86k-raised

New Releases

Tor 0.4.1.6

https://blog.torproject.org/new-release-tor-0416

This release backports several bugfixes to improve stability and correctness. Anyone experiencing build problems or crashes with 0.4.1.5, or experiencing reliability issues with single onion services, should upgrade.

Tor 0.4.2.1-alpha

https://blog.torproject.org/new-alpha-release-tor-0421-alpha

This is the first alpha release in the 0.4.2.x series. It adds new defenses for denial-of-service attacks against onion services. It also includes numerous kinds of bugfixes and refactoring to help improve Tor's stability and ease of development.

Tor Browser 8.5.5

https://blog.torproject.org/new-release-tor-browser-855

This release is updating Firefox to 60.9.0esr, Tor to 0.4.1.5, and NoScript to 11.0.3. This release also includes various bug fixes. On the Windows side, we should now have support for accessibility tools. On the Android side, we added support for arm64-v8a devices.

Tor Browser 8.5.6

https://blog.torproject.org/new-release-tor-browser-856

This version is for Android only, the latest version for Linux, macOS and Windows is still 8.5.5.

Tor Browser 9.0a6

https://blog.torproject.org/new-release-tor-browser-90a6

This is the first alpha release based on Firefox ESR68, and therefore contains several important changes such as the rebasing of our Firefox patches, toolchain updates, integration of Torbutton directly into the browser and updates to Tor Launcher to make it compatible with ESR68.

Upcoming Events with Tor //

MozFest. London, England. 21-27 October 2019. https://blog.torproject.org/events/mozfest-london

Swiss Web Security Day. Bern, Switzerland. 30 October 2019. https://blog.torproject.org/events/swiss-web-security-day-bern

Driving IT. Copenhagen, Denmark. 1 November 2019. https://blog.torproject.org/events/driving-it-copenhagen

What We're Reading

After 6 Years in Exile, Edward Snowden Explains Himself. WIRED.

"In a new memoir and interview, the world '92s most famous whistle-blower elucidates as never before why he stood up to mass surveillance '97and his love for an internet that no longer exists." https://www.wired.com/story/after-six-years-in-exile-edward-snowden-explains-himself/

PTA not empowered to block any website: IHC. The Express Tribune. "The Islamabad High Court (IHC) has declared that the Pakistan Telecommunication Authority (PTA) is not empowered to block any website in violation of the due process and without hearing the viewpoint of the other party." https://tribune.com.pk/story/2061933/1-pta-not-empowered-block-website-ihc

Revealed: how TikTok censors videos that do not please Beijing. The Guardian. "TikTok, the popular Chinese-owned social network, instructs its moderators to censor videos that mention Tiananmen Square, Tibetan independence, or the banned religious group Falun Gong, according to leaked documents detailing the site '92s moderation guidelines." https://www.theguardian.com/technology/2019/sep/25/revealed-how-tiktok-censors-videos-that-do-not-please-beijing

Join Our Community

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://trac.torproject.org/projects/tor/wiki/TorRelayGuide

Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet

Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org

--

The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject

Facebook: https://facebook.com/torproject

Instagram: https://instagram.com/torproject

Mastodon: http://mastodon.social/@torproject

DocsHackathon, Run a Tor Bridge, Releases, Events

Published on 2019-08-30

Run a Tor Bridge to Defend the Open Internet

https://blog.torproject.org/run-tor-bridges-defend-open-internet

We believe everyone should have private access to the open internet, but not everyone is able to enjoy the luxury Tor provides. Freedom to publish, share, and access information online is critical for a healthy society, yet governments and entities around the world deny people this universal human right. All of the relays that make up the Tor network are publicly listed, so that means one way to try to prevent people from using Tor is to blacklist the public IP addresses of all of the thousands of Tor relays.

For example, the governments of China, Iran, and Kazakhstan exercise information control by trying to block Tor.

However, thanks to bridges, Tor users are still able to connect to the network when the public Tor relays are blocked. Bridges are private Tor relays that serve as stepping stones into the network. Not only are bridges private, they can also modify their network packets in a way that it's difficult for an observer to conclude that somebody is using Tor. Censored users are able to select bridges from BridgeDB or directly in Tor Browser’s Network Settings.

We currently have approximately 1,000 bridges, 600 of which support the obfs4 obfuscation protocol. Unfortunately, these numbers have been stagnant for a while. It's not enough to have many bridges: eventually, all of them could find themselves in block lists. We therefore need a constant trickle of new bridges that aren't blocked anywhere yet. This is where we need your help.

By setting up an obfs4 bridge, you can help censored users connect to the open internet through Tor. We will randomly select 10 new bridge operators to receive a metallic roots Tor t-shirt as a token of our gratitude for your help defending the open internet. Set up your bridge and email us by September 30 to qualify. Learn how: https://blog.torproject.org/run-tor-bridges-defend-open-internet

Join Our DocsHackathon Starting September 2nd

https://blog.torproject.org/join-tors-docshackathon-next-week

Documentation is extremely valuable to the health of open source software projects, but it is often overlooked. Due to the amount of interest we received during our search for a Google Season of Docs candidate, we're kicking off a week-long documentation hackathon Monday 2nd September 00:00UTC to Friday 6th September 23:59UTC. This is your opportunity to help us keep our documentation up to date and relevant for millions of Tor users around the world. We’ll also be rewarding the top 3 contributors with prizes at the end of the week.

We are looking for copywriters, front-end devs, testers, and content reviewers to help us improve our documentation and its relevancy. Don't feel like any of these apply to you but still want to help out? Chat with us on IRC (#tor-www - irc.oftc.net) or the community team mailing list to join us and get involved.

Learn how to register and get started: https://blog.torproject.org/join-tors-docshackathon-next-week

We are a small nonprofit with a big mission, and we sincerely appreciate your help getting our documentation up to speed. We're looking forward to working with you next week.

New Releases

Tor 0.4.1.5 After months of work, we have a new stable release series. This is the first stable release in the 0.4.1.x series. This series adds experimental circuit-level padding, authenticated SENDME cells to defend against certain attacks, and several performance improvements to save on CPU consumption. It fixes bugs in bootstrapping and v3 onion services. It also includes numerous smaller features and bugfixes on earlier versions. Full changelog: https://blog.torproject.org/new-release-tor-0415

Tor Browser 9.0a5 This version is for Android only, the latest alpha version for Linux, macOS and Windows is still 9.0a4. Note: this is an alpha release, an experimental version for users who want to help us test new features. For everyone else, we recommend downloading the latest stable release instead. Full changelog: https://blog.torproject.org/new-release-tor-browser-90a5

Upcoming Events with Tor

APIdays.io. Barcelona, Spain. 12-13 September 2019. https://www.apidays.co/barcelona

What We're Reading

Resurgence of Internet Censorship in Ethiopia: Blocking of WhatsApp, Facebook, and African Arguments. OONI. "On 22nd June 2019, following an alleged coup attempt in the Amhara region, access to the internet was shut down again. Once internet access was restored, access to WhatsApp was blocked again. This time though, we observe the blocking of Facebook (facebook.com and Facebook Messenger), instead of Telegram (which was/is accessible). A few weeks later, we noticed the blocking of the African Arguments website as well, a pan-African platform covering investigative stories. In this report, we share OONI network measurement data on these ongoing censorship events." https://ooni.io/post/resurgence-internet-censorship-ethiopia-2019/

West Papua: thousands take to streets after week of violence. The Guardian. "Fake news" is being used as an excuse to shut down the internet in West Papua amid protests. This is dangerous: It's hard to get or share critical information without it. The Indonesian government needs to #KeepItOn. https://www.theguardian.com/world/2019/aug/26/west-papua-thousands-expected-at-fresh-protests-after-week-of-violence https://twitter.com/hashtag/KeepItOn?src=hashtag_click

Fresh wave of phishing attacks targeting journalists and human rights activists in MENA. Amnesty International. "Attackers who use phishing scams to target human rights defenders in the Middle East and North Africa (MENA) are developing increasingly sophisticated techniques to infiltrate their accounts and evade digital security tools." https://www.amnesty.org/en/latest/news/2019/08/fresh-wave-of-phishing-attacks-targeting-journalists-and-human-rights-activists-in-mena/

Join Our Community

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://trac.torproject.org/projects/tor/wiki/TorRelayGuide

Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet

Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org

--

The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject

Facebook: https://facebook.com/torproject

Instagram: https://instagram.com/torproject

Mastodon: http://mastodon.social/@torproject

Defending The Open Internet

Published on 2019-07-29

Our New Anti-Censorship Team is Defending The Open Internet

https://blog.torproject.org/tors-new-anti-censorship-team-defending-open-internet

At the non-profit organization level, the Tor Project consists of several teams. The network team works on part of the back-end: the program called tor, network simulators, onion services, etc.; the metrics team collects and publishes Tor network metrics; the applications team maintains Tor Browser and other user-facing applications; the UX team improves user experience across all projects; the community team fosters a healthy community around Tor; OONI maintains a global observation network for detecting censorship, surveillance, and traffic manipulation on the internet; the communications team gets our message out to the world; and the fundraising team rallies people to financially support our vision so we can keep Tor strong for millions around the world.

All of our teams share a common vision: for people around the world to enjoy privacy and freedom online. As censorship has increased around the world and internet freedom has declined, we realized we needed to step up our game to outpace the censors preventing people from enjoying the human right to freedom of expression and access to information on the internet.

In February, we created a brand new anti-censorship team. This team consists of two software engineers with research backgrounds and a project manager, but there are many other people who contribute to the team’s work—by adding valuable code, insight into past work, infrastructure, and resources. The goal of the anti-censorship team is to understand network censorship and build technology to circumvent it so the Tor network can be accessible to everyone.

To kick things off, we've released a technical report called "Addressing Denial of Service Attacks on Free and Open Communication on the Internet." This report, part of the first project the team engaged in, provides a comprehensive overview of the state of our anti-censorship roadmap. The report outlines recent improvements and open challenges around BridgeDB, GetTor, snowflake, pluggable transports, censorship analysis, and censorship-related user experience.

Are you interested in following the anti-censorship team's work or joining the team? Then check out our wiki page. It has all details regarding our weekly IRC meeting, our public mailing list, and the software projects we maintain: https://trac.torproject.org/projects/tor/wiki/org/teams/AntiCensorshipTeam

We are determined to make privacy and freedom online accessible to all, and we hope you’ll join us. If you’re unable to volunteer, your donation can help us tackle this critical challenge: https://donate.torproject.org

Reflections from Our Stockholm All Hands

https://blog.torproject.org/reflections-our-stockholm-all-hands

This month, the Tor Project held our biannual all hands meeting, this time in Stockholm, Sweden. During our all hands meetings, we bring together staff, key volunteers, and collaborators from partner organizations like Freedom of the Press Foundation, Tails, the Guardian Project, and Mozilla. Our goal at our all hands meetings is to reflect on the last six months, address challenges and successes, plan our work for the next six months, and have important in-person conversations that are only possible when all teams are in the same location.

For this meeting’s location and venue, we relied on one of Tor’s biggest strengths--our people.

On the first night in Stockholm, one of our local volunteers organized a ‘do it yourself’ welcome dinner for all attendees at Kafe 44, a long-standing nonprofit co-op cafe operating as a cultural social center in the heart of Stockholm.

We were also blessed with an amazing donation from KTH Royal Institute of Technology, which let us use their facilities for our three day meeting where we spread out across classrooms and engaged in back-to-back sessions organized and led by peers.

During these three days we had a local collective, Kafé Ingenstans, responsible for our lunch. They only cook vegan food with local ingredients and we had the most amazing food. We were even able to give them a big tip that we heard they will use to buy bicycles for their delivery. They also got connected with Kafe 44 after our welcome dinner and now will be serving food there.

Through partnership with our community and our community’s broader connections, we turned limited resources into a safe space to cultivate connections, collaboration, and progress toward the vision and values that we are all working towards at Tor. Find out how it went: https://blog.torproject.org/reflections-our-stockholm-all-hands

New Releases

Tor Browser 8.5.4

Tor Browser 8.5.4 contains updates to a number of its components. Above all, we include Firefox 60.8.0esr which contains important security fixes. Moreover, after some testing in the alpha series, we start shipping Tor 0.4.0.5 and update OpenSSL to 1.0.2s for the desktop platforms. Full changelog: https://blog.torproject.org/new-release-tor-browser-854

Tor Browser 9.0a4

Tor Browser 9.0a4 contains updates to a number of bundle parts, most importantly Firefox (60.8.0esr) and Tor (0.4.1.3-alpha). We also implemented fixes for accessibility support on Windows systems (big thanks to Richard Pospesel for the hard work here), which now deserve a wider testing. Full changelog:

https://blog.torproject.org/new-release-tor-browser-90a4

Upcoming Events with Tor

Def Con. Las Vegas, US. 8-11 August, 2019. Roger Dingledine is giving a mainline talk: The Tor Censorship Arms Race: The Next Chapter. Plus, we'll have a booth in the vendor area. https://blog.torproject.org/events/def-con-las-vegas-0

BornHack. Funen, Denmark. 8-15 August, 2019. https://blog.torproject.org/events/bornhack-funen-denmark

USENIX. Santa Clara, US. 14-16 August, 2019. https://www.usenix.org/conference/usenixsecurity19

What We're Reading

It's time you ditched Chrome for a privacy-first web browser. Wired UK. "...the Tor network, with its layers of encryption and routing through various locations, is the best way to protect your identity online. Plus, in recent years it's become simpler to use." https://www.wired.co.uk/article/best-privacy-browsers-and-chrome-alternatives

Oakland becomes third U.S. city to ban police use of facial recognition. Salon. "Oakland now joins San Francisco and Somerville, Mass., which banned the technology in May and June respectively in a bid to protect the privacy of their citizens."

https://www.salon.com/2019/07/21/oakland-becomes-third-us-city-to-ban-police-use-of-facial-recognition_partner/

EFF Hits AT&T With Class Action Lawsuit for Selling Customers’ Location to Bounty Hunters. Motherboard. "The lawsuit, which comes after multiple Motherboard investigations into phone location data selling, is seeking an injunction against AT&T which would try to enforce the deletion of any sold data." https://www.vice.com/en_us/article/43j99g/eff-hits-atandt-with-class-action-lawsuit-for-selling-customers-location-to-bounty-hunters

Join Our Community

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://trac.torproject.org/projects/tor/wiki/TorRelayGuide

Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org

--

The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject

Facebook: https://facebook.com/torproject

Instagram: https://instagram.com/torproject

Mastodon: http://mastodon.social/@torproject