Domain Fronting Is Critical to the Open Web
Last month, Amazon and Google have both announced they’re pulling the plug on domain fronting, a crucial tool which helps our most vulnerable users get access to Tor when their countries don’t allow it. Users of Signal and Telegram are also affected by this block, and Access Now identified approximately a dozen “human rights-enabling technologies” which had relied on Google for this purpose.
Tor Browser protects against tracking, surveillance, and censorship, but not everyone around the world has the luxury to connect to use it. By default, Tor Browser makes all of its users look alike. However, it doesn't hide the fact you're connecting to Tor, an open network where anyone can get the list of relays. This network transparency has many benefits, but also has a downside: repressive governments and authorities can simply get the list of Tor relays and block them. We strongly oppose this censorship and believe everyone should have access to information on the open web. That’s why we developed pluggable transports to bypass censorship and connect to the Tor network. Watch this video to learn more about pluggable transports.
Domain fronting is a type of pluggable transport where Tor traffic appears to be talking to a third party that is hard to block, like Amazon or Google, when it is really talking to a Tor relay. An example of this is Tor’s “meek” pluggable transport, which is described here.
Google and Amazon have both shut down domain fronting, making meek no longer usable over those CDNs. As of this writing, Microsoft’s Azure cloud still seems to be working with meek.
For the time being, we are shifting to Microsoft’s Azure cloud. But we’ve heard that option will soon be shut down, as well.
Unfortunately, it doesn’t look like there is a fast fix. We were not given advance notice of these changes, so we are thinking hard on potential solutions to ensure our friends living in repressive regimes around the world can continue to access the open web.
Get Help Running Your Relay From Our New Advocate
Thousands of relays make up the roots of the Tor network, and the volunteers who run them are indispensable, donating their time, infrastructure, and technical know-how to help millions of people around the world, including activists and journalists, communicate privately and securely.
Over the years, the Tor team saw there was a need for greater support of the relay operator community and heard concerns about how to better meet their needs. We now have a Relay Advocate whose job will be improving the health and happiness of the relay operator community, expanding the community, and helping improve bonds between operators. Meet Colin (Phoul) and find out what he's up to.
Tor + Tails UX: Identifying User Needs at CryptoRave 2018
This month during the geek CryptoRave in São Paulo, we invited Tails and Tor users to join a user needs session. We love to run sessions with groups of similar users so we can focus on their unique needs and experiences. Users of Tor and Tails have the common objective: they are looking to use private and secure tools, and their safety could be a concern.
We like to envision our community of users ultimately making the tools we build. UX is about relationships. We need to understand our users' relationship to our software. And in order to do that, we need a close relationship with our users. Find out what we're considering to address user needs we identified.
Meet the Tor Summer of Privacy & Outreachy Interns
We have new contributors joining the Tor Project who come to us through two paid internship programs, Tor Summer of Privacy and Outreachy, an internship program for underrepresented groups in tech. Meet the interns and find out a few of the things they’re working on.
New Releases
Tor 0.3.3.6
Tor 0.3.3.6 is the first stable release in the 0.3.3 series. It backports several important fixes from the 0.3.4.1-alpha. The Tor 0.3.3 series includes controller support and other improvements for v3 onion services, official support for embedding Tor within other applications, and our first non-trivial module written in the Rust programming language. (Rust is still not enabled by default when building Tor.) And as usual, there are numerous other smaller bugfixes, features, and improvements. (Full changelog).
Tor Browser 7.5.4
This release updates Firefox to 52.8.0esr, HTTPS Everywhere to 2018.4.11, and NoScript to 5.1.8.5. In addition, we exempt .onion domains from mixed content warnings, fixed a fingerprinting issue and an issue with localized content. (Full changelog).
Tor Browser 8.0a7
This release features important security updates to Firefox and updates firefox to 52.8.0esr. We also fixed some issues with UI customization and YouTube videos play. (Full changelog).
Upcoming Events with Tor
Join Our Community
Getting involved with Tor is easy. You can help us make the network faster and more decentralized by running a relay.
You can learn about each of our teams and start collaborating.
If you want to make a contribution but don’t have the time to volunteer, your donation will help keep Tor fast, strong, and secure.
|