Published on 2021-07-01
Onion service admins must upgrade to v3 onion services as soon as possible
https://blog.torproject.org/v2-deprecation-timeline
If you are an onion site administrator, you must upgrade to v3 onion services as soon as possible.
As we announced last year, v2 onion services will be deprecated and obsolete in Tor 0.4.6.x. As of April 2021, Tor Browser Alpha uses this version of Tor and v2 addresses no longer work in this and future versions of Tor Browser Alpha.
When Tor Browser stable moves to Tor 0.4.6.x in October 2021, v2 onion addresses will be completely unreachable.
Why are we deprecating v2 onion services? Safety. Technologies used in v2 onion services are vulnerable to different kinds of attacks, and v2 onion services are no longer being developed or maintained. The new version of onion services provides improved encryption and enhanced privacy for administrators and users.
It's critical that onion service administrators migrate to v3 onion services and work to inform users about this change as soon as possible.
Read more about the deprecation on our blog: https://blog.torproject.org/v2-deprecation-timeline
Snowflake moving to stable in Tor Browser 10.5
https://blog.torproject.org/snowflake-in-tor-browser-stable
We're excited to announce that Snowflake (https://snowflake.torproject.org) will be shipped as one of the default bridge options with stable versions of Tor Browser later this month.
What is Snowflake? Snowflake is a pluggable transport that uses a combination of domain fronting and peer-to-peer WebRTC connections between clients and volunteers to circumvent Internet censorship. Snowflake is highly censorship resistant, and used only for the initial bootstrapping of the connection. As such, it requires much lower bandwidth and shorter connections than existing domain fronting pluggable transports like meek (https://gitweb.torproject.org/pluggable-transports/meek.git/), making it a more scalable alternative.
For more about Snowflake, its design, and how it works for users, visit our blog: https://blog.torproject.org/snowflake-in-tor-browser-stable
Improving the user experience of connecting to Tor in Tor Browser 10.5
https://blog.torproject.org/improving-ux-connecting-to-tor-105
Say goodbye to Tor Launcher.
During the past few years, the UX team has been working on qualitatively improving the entire Tor Browser user journey: from discovering to finding, downloading, installing, starting, and browsing; we released a seamless and familiar experience for our largest user base.
Users have specifically reported that they find Tor Launcher confusing. Research exposed these pain points and has demonstrated how confusion caused by cognitive overload delays the user’s decision-making flow. Known issues with Tor Launcher, like the time gap between Tor Launcher and the main browser window opening after first-time installation, has left some users disappointed.
Learn more about what's coming to next in Tor Browser, including improving the user experience of launching Tor on our blog: https://blog.torproject.org/improving-ux-connecting-to-tor-105
Upcoming Events with Tor
Privacy Enhancing Technologies Symposium (PETS) | July 12 - 16, 2021
https://blog.torproject.org/node/2022
Free and Open Communications on the Internet (FOCI) workshop | August 27, 2021
https://blog.torproject.org/node/2024
New Releases
Tor Browser 10.5a17
https://blog.torproject.org/new-release-tor-browser-105a17
(June 28) This version updates Tor to 0.4.6.5. This version is the last planned version before Tor Browser 10.5 is considered stable.
Tor 0.4.6.6
https://blog.torproject.org/node/2046
(June 30) Tor 0.4.6.6 makes several small fixes on 0.4.6.5, including one that allows Tor to build correctly on older versions of GCC. You should upgrade to this version if you were having trouble building Tor 0.4.6.5; otherwise, there is probably no need.
Tor Browser 10.0.18
https://blog.torproject.org/new-release-tor-browser-10018
(June 21) This version updates Tor to 0.4.5.9, including important security fixes. In addition, on Android, this version updates Firefox to 89.1.1, and NoScript to 11.2.8.
Tor 0.3.5.15, 0.4.4.9, 0.4.5.9, 0.4.6.5
https://blog.torproject.org/node/2041
(June 14) After months of work, we have a new stable release series! Because this release includes security fixes, we are also releasing updates for our other supported releases.
Tor Browser 10.5a16
https://blog.torproject.org/new-release-tor-browser-105a16
(June 11) This version updates Firefox to 78.11esr and Fenix to 89.0. In addition, Tor Browser 10.5a16 updates Tor to 0.4.6.4-rc. This version includes important security updates to Firefox for Desktop and security updates for Android.
Tor Browser 10.0.17
blog.torproject.org/new-release-tor-browser-10017
(June 2) This version updates Firefox to 78.11esr. In addition, Tor Browser 10.0.17 updates NoScript to 11.2.8, HTTPS Everywhere to 2021.4.15, and Tor to 0.4.5.8. This version includes important security updates to Firefox for Desktop.
What We're Reading
Join Our Community
Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/
Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet
Learn about more opportunities to start collaborating: https://community.torproject.org/
Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org
--
The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.
Twitter: https://twitter.com/torproject
Facebook: https://facebook.com/torproject
Instagram: https://instagram.com/torproject
Mastodon: http://mastodon.social/@torproject
Published on 2021-05-31
Starting July 15, Tor will no longer support v2 onion services
https://blog.torproject.org/v2-deprecation-timeline
If you are an onion site administrator, you must upgrade to v3 onion services as soon as possible.
As we announced last year, v2 onion services will be deprecated and obsolete in Tor 0.4.6.x. As of April 2021, Tor Browser Alpha uses this version of Tor and v2 addresses no longer work in this and future versions of Tor Browser Alpha.
When Tor Browser stable moves to Tor 0.4.6.x in October 2021, v2 onion addresses will be completely unreachable.
Why are we deprecating v2 onion services? Safety. Technologies used in v2 onion services are vulnerable to different kinds of attacks, and v2 onion services are no longer being developed or maintained. The new version of onion services provides improved encryption and enhanced privacy for administrators and users.
It's critical that onion service administrators migrate to v3 onion services and work to inform users about this change as soon as possible.
Read more about the deprecation on our blog: https://blog.torproject.org/v2-deprecation-timeline
Announcing new Board members
https://blog.torproject.org/announcing-board-alissa-desigan-kendra
We are excited to announce that three new members are joining the Tor Project’s Board of Directors: Alissa Cooper, Desigan (Dees) Chinniah, and Kendra Albert! Each new member comes to Tor with a different set of expertise that will help the organization and our community.
Alissa Cooper is a Chief Technology Officer and Fellow at Cisco Systems and served in a variety of leadership roles in the Internet Engineering Task Force (IETF). We are excited that Alissa is joining the Board, her expertise will help Tor continue to mature as an organization.
Desigan Chinniah is a long time supporter of Tor. He is a creative technologist with a strong background in the Free Software movement as well as in the industry with his experience as an investor and on product. We are looking forward to his contribution to the Board and to Tor.
Kendra Albert is a public interest technology lawyer with a special interest in computer security and in protecting marginalized speakers and users. They serve as a clinical instructor at the Cyberlaw Clinic at Harvard Law School, where they teach students to practice law by working with pro bono clients. We are also honored to have Kendra with us and their legal expertise will be a big bonus to Tor.
Please join us in welcoming Alissa, Dees, and Kendra to the Board! Read more about them on our blog: https://blog.torproject.org/announcing-board-alissa-desigan-kendra
PrivChat #4 | 25th Anniversary of Onion Routing
https://www.youtube.com/watch?v=-wbivkG8TcU
Celebrate 25 years of onion routing with Tor!
May 31, 2021 marks the 25th anniversary of the first public presentation of onion routing in Cambridge, UK at Isaac Newton Institute's first Information Hiding Workshop.
In the latest edition of PrivChat, we celebrated this special moment by talking about beginnings of onion routing, and how this idea became Tor, and how the Tor Project eventually came to be with Paul Syverson, one of the authors of the first onion routing paper, the Tor Project co-founders Roger Dingledine and Nick Mathewson, and Tor Board member Gabriella Coleman.
Watch the celebratory edition of PrivChat to commemorate the 25th anniversary of onion routing on our YouTube channel: https://youtu.be/-wbivkG8TcU
Dreaming at Dusk: the Tor Project’s NFT Auction & What's Next
https://blog.torproject.org/nft-auction-and-whats-next
In mid-May, the Tor Project held a nonfungible token (NFT, https://en.wikipedia.org/wiki/Non-fungible_token) auction of a generative art piece we called Dreaming at Dusk (https://foundation.app/torproject/dreaming-at-dusk-35855), created by artist Itzel Yard (ixshells, https://foundation.app/ixshells) and derived from the private key of the first onion service, Dusk.
This action was held on Foundation (https://foundation.app/) and resulted in a final bid of 500 Ethereum (ETH), roughly $2M USD at the time of the auction, with the proceeds going towards the Tor Project and our work to improve and promote Tor.
Raising roughly $2M USD in one day breaks all records of individual giving we could possibly imagine, and we are extremely humbled and grateful for the success of this auction and what this means for the Tor Project nonprofit organization. Learn more about why we held this auction, the artist ixshells, and what happens next with the money raised on our blog: https://blog.torproject.org/nft-auction-and-whats-next
Check the status of Tor services with status.torproject.org
https://blog.torproject.org/check-status-of-tor-services
The Tor Project now has a status page which shows the state of our major services: https://status.torproject.org
You can check status.torproject for news about major outages in Tor services, including v3 and v2 onion services, directory authorities, our website (torproject.org), and the check.torproject.org tool. The status page also displays outages related to Tor internal services, like our GitLab instance.
Read more on our blog about why we launched status.torproject.org, how the service was built, and how it works: https://blog.torproject.org/check-status-of-tor-services
Upcoming Events with Tor
New Releases
Tor 0.4.5.8
https://blog.torproject.org/node/2031
(May 10) Tor 0.4.5.8 fixes several bugs in earlier version, backporting fixes from the 0.4.6.x series. Full changelog.
Tor 0.4.6.3-rc
https://blog.torproject.org/node/2030
(May 10) Tor 0.4.6.3-rc is the first release candidate in its series. It fixes a few small bugs from previous versions, and adds a better error message when trying to use (no longer supported) v2 onion services. Full changelog.
What We're Reading
"GCHQ’s mass data interception violated right to privacy, court rules," The Guardian. (https://www.theguardian.com/uk-news/2021/may/25/gchqs-mass-data-sharing-violated-right-to-privacy-court-rules)
"Americans Actually Want Privacy. Shocking.," The New York Times. (https://www.nytimes.com/2021/05/20/opinion/apple-facebook-ios-privacy.html)
"Tor Sells NFT of First .onion URL For $2 Million in ETH to PleasrDAO," Decrypt. (https://decrypt.co/71017/tor-sells-nft-of-first-onion-url-for-2-million-in-eth-to-pleasrdao)
"Schools Use Software That Blocks LGBTQ+ Content, But Not White Supremacists," VICE. (https://www.vice.com/en/article/v7em39/schools-use-software-that-blocks-lgbtq-content-but-not-white-supremacists)
"Censorship, Surveillance and Profits: A Hard Bargain for Apple in China," The New York Times. (https://www.nytimes.com/2021/05/17/technology/apple-china-censorship-data.html)
"Facebook Allows Drug Ads to Target Teens, Activists Say," WIRED. (https://www.wired.com/story/activists-facebook-allows-drug-ads-target-teens/)
Join Our Community
Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/
Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet
Learn about more opportunities to start collaborating: https://community.torproject.org/
Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org
The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.
Twitter @torproject | Facebook torproject |
Instagram @torproject | Mastodon
| YouTube
Published on 2021-04-30
Starting July 15, Tor will no longer support v2 onion services
https://blog.torproject.org/v2-deprecation-timeline
If you are an onion site administrator, you must upgrade to v3 onion services as soon as possible.
As we announced last year, v2 onion services will be deprecated and obsolete in Tor 0.4.6.x. As of April 2021, Tor Browser Alpha uses this version of Tor and v2 addresses no longer work in this and future versions of Tor Browser Alpha.
When Tor Browser stable moves to Tor 0.4.6.x in October 2021, v2 onion addresses will be completely unreachable.
Why are we deprecating v2 onion services? Safety. Technologies used in v2 onion services are vulnerable to different kinds of attacks, and v2 onion services are no longer being developed or maintained. The new version of onion services provides improved encryption and enhanced privacy for administrators and users.
It's critical that onion service administrators migrate to v3 onion services and work to inform users about this change as soon as possible.
Read more about the deprecation on our blog: https://blog.torproject.org/v2-deprecation-timeline
Defend Dissent with Tor
https://blog.torproject.org/book-defend-dissent-with-tor
This week, we're highlighting a guest blog post by Glencora Borradaile.
After 4 years of giving digital security trainings to activists and teaching a course called "Communications Security and Social Movements", I've compiled all my materials into an open, digital book - Defend Dissent: Digital Suppression and Cryptographic Defense of Social Movements (https://open.oregonstate.education/defenddissent/) hosted by Oregon State University where I am an Associate Professor. The book is intended for an introductory, non-major college audience, and I hope it will find use outside the university setting.
It should be no surprise that Tor is a star of Defend Dissent. The anonymity that the Tor technology enables turns the internet into what it should be: a place to communicate without everyone knowing your business. As a professor, I love teaching Tor. It is a delightful combination of encryption, key exchange, probability and threat modeling. Find out more about Defend Dissent on our blog.
Domain Shadowing: Leveraging CDNs for Robust Blocking-Resistant Communications
https://blog.torproject.org/anti-censorship-domain-shadowing
What is Domain Shadowing?
Domain shadowing is a new censorship circumvention technique that uses Content Distribution Networks (CDNs) as its leverage to achieve its goal, which is similar to domain fronting. However, domain shadowing works completely differently from domain fronting and is stronger in terms of blocking-resistance.
Compared to domain fronting, one big difference among many is that the user in domain shadowing is in charge of the whole procedure. In other words, the complete system can be solely configured by the user without necessary assistance from neither the censored website nor an anti-censorship organization.
Find out more about Domain Shadowing on our blog, in a guest post from Mingkui Wei.
New Releases
Tor Browser 10.5a15
https://blog.torproject.org/new-release-tor-browser-105a15
(April 26) This version updates Firefox to 78.10esr and Fenix to 88.1.1. In addition, Tor Browser 10.5a15 updates Tor to 0.4.6.2-alpha. This version includes important security updates to Firefox for Desktop and security updates for Android.
Tor Browser 10.0.16
https://blog.torproject.org/new-release-tor-browser-10016
(April 20) This version updates Firefox to 78.10esr. In addition, Tor Browser 10.0.16 updates NoScript to 11.2.4, and adds localization in Burmese. This version includes important security updates to Firefox for Desktop.
Tor 0.4.6.2-alpha
https://blog.torproject.org/node/2018
(April 15) Tor 0.4.6.2-alpha is the second alpha in its series. It fixes several small bugs in previous releases, and solves other issues that had enabled denial-of-service attacks and affected integration with other tools.
Tor Browser 10.5a14
https://blog.torproject.org/new-release-tor-browser-105a14
(April 13) This release updates NoScript to 11.2.4 and updates the Snowflake pluggable transport. This release is the first version that is localized in Burmese, as well.
Tor Browser 10.5a13
https://blog.torproject.org/new-release-tor-browser-105a13
(April 5) This release updates Firefox to 78.9.0esr for desktop and Firefox for Android to 87.0.0. Additionally, we update Tor to 0.4.6.1-alpha and OpenSSL to 1.1.1k and NoScript to 11.2.3. This release includes important security updates to Firefox for Desktop, and similar important security updates to Firefox for Android.
What We're Reading
Join Our Community
Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/
Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet
Learn about more opportunities to start collaborating: https://community.torproject.org/
Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org
--
The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.
Twitter: https://twitter.com/torproject
Facebook: https://facebook.com/torproject
Instagram: https://instagram.com/torproject
Mastodon: http://mastodon.social/@torproject
Published on 2021-03-31
Get a TLS certificate for your onion site
https://blog.torproject.org/tls-certificate-for-onion-site
We are happy to share the news of another important milestone for .onion services! You can now get DV certificates for your v3 onion site using HARICA (https://www.harica.gr/Contact/GetHarica), a Root CA Operator founded by Academic Network (GUnet) (https://www.gunet.gr/en/), a civil society nonprofit from Greece.
Previously, .onion site administrators who needed a TLS certificate had to either hack other solutions or spend a significant amount of money purchasing an EV certificate. Now with HARICA, acquiring a certificate has become more accessible, but we know that free certificates are ideal and are looking forward to that moment.
We are happy to see people acquiring certificates for their onions (https://www.reddit.com/r/onions/comments/lwaccm/harica_ca_now_supports_issuance_of_dv_onion/). Remember to do it for a v3 onion address since v2 will be deprecated very soon (https://blog.torproject.org/v2-deprecation-timeline)! Read more about getting your own certificate for your onion on your blog (https://blog.torproject.org/tls-certificate-for-onion-site).
Sign now: European initiative for a ban on biometric mass surveillance
https://blog.torproject.org/sign-to-reclaim-your-face
The “Reclaim Your Face” coalition (https://reclaimyourface.eu) has launched a European Citizens’ Initiative for a ban on biometric mass surveillance. European Digital Rights (EDRi) and more than fifty organizations are calling to sign the petition. One million signatures must be collected in at least seven EU countries within one year. Read more and sign the petition. (https://blog.torproject.org/sign-to-reclaim-your-face)
Onionize your Workflow with the Onion Guide Fanzine
https://blog.torproject.org/onionize-your-workflow
One way we help human rights defenders and organizations take back their right to privacy online is by helping them to use and set up onion services.
Last year, thanks to the support of Digital Defenders Partnership (https://www.digitaldefenders.org/), we wrote a series of Onion Guides intended to make it easier for our partners to correctly and safely set up their own onion services. To create these Onion Guides, we collected and improved existing disparate information about the benefits of onion services and how to set them up for a website.
You can learn more about the new Onion Guides on our blog (https://blog.torproject.org/onionize-your-workflow) and find the Onion Guide in our community portal (https://community.torproject.org/onion-services/), well as the section on Onion Services in English (https://community.torproject.org/static/images/outreach/print/onion-guide-fanzine-EN.pdf), Spanish (https://community.torproject.org/static/images/outreach/print/onion-guide-fanzine-ES.pdf) and Portuguese (https://community.torproject.org/static/images/outreach/print/onion-guide-fanzine-PT_BR.pdf). Feel free to use it to set up your own .onion site, and let us know how it works for you!
How to contribute to the Tor metrics timeline
https://blog.torproject.org/contribute-to-tor-metrics-timeline
The metrics timeline (https://gitlab.torproject.org/tpo/metrics/timeline) is a database of news and events that may affect Tor Metrics (https://metrics.torproject.org/) graphs. This post is about how you can contribute to the timeline and help keep it up to date.
A timeline of events helps in interpreting graphs. For example, you may look at a graph and ask, "Why did the number of Tor users in Sri Lanka increase for a week in 2018?"
Checking the timeline, we find that at that time in Sri Lanka there was a block of Facebook and other services. A likely explanation for the increase of users is that people were using Tor to access the blocked services.
The metrics timeline is useful but incomplete—for example, it tends to only include events that make international news. Some past events have a start date but are missing an end date. And some events mark unusual graph features, but do not have an explanation. You can help the Tor Project and people trying to understand use of the Tor network by contributing your knowledge to the metrics timeline. Read more about contributing to the Tor metrics timeline (https://blog.torproject.org/contribute-to-tor-metrics-timeline).
New Releases
Tor Browser 10.0.14
https://blog.torproject.org/new-release-tor-browser-10014
(March 24) This version updates Desktop Firefox to 78.9.0esr. In addition, Tor Browser 10.0.14 updates NoScript to 11.2.3, and Tor to 0.4.5.7.
Tor Browser 10.5a12 (Android Only)
https://blog.torproject.org/new-release-tor-browser-105a12
(March 21) This release updates Fenix to 87.0.0-beta.2. Additionally, we update NoScript to 11.2.3 and Tor to 0.4.6.1-alpha.
Tor 0.4.6.1-alpha
https://blog.torproject.org/node/2011
(March 18) Tor 0.4.6.1-alpha is the first alpha release in the 0.4.6.x series. It improves client circuit performance, adds missing features, and improves some of our DoS handling and statistics reporting. It also includes numerous smaller bugfixes.
Tor 0.3.5.14, 0.4.4.8, and 0.4.5.7
https://blog.torproject.org/node/2009
(March 16) These releases fix a pair of denial-of-service issues. We recommend that everybody upgrade to one of the releases that fixes these issues (0.3.5.14, 0.4.4.8, or 0.4.5.7) as they become available to you.
Tor Browser 10.0.13 (Linux Only)
https://blog.torproject.org/new-release-tor-browser-10013
(March 3) This version fixes instability on some Linux distributions.
What We're Reading
"Amazon Delivery Drivers Forced to Sign ‘Biometric Consent’ Form or Lose Job," VICE. (https://www.vice.com/en/article/dy8n3j/amazon-delivery-drivers-forced-to-sign-biometric-consent-form-or-lose-job)
"#KeepItOn: Internet shutdowns only cause harm," Business & Human Rights Resource Centre. (https://www.business-humanrights.org/en/blog/keepiton-internet-shutdowns-only-cause-harm/)
"TikTok vs Douyin A Security and Privacy Analysis," Citizen Lab. (https://citizenlab.ca/2021/03/tiktok-vs-douyin-security-privacy-analysis/)
"How to get affordable DV certificates for onion sites," Help Net Security. (https://www.helpnetsecurity.com/2021/03/26/how-to-get-affordable-dv-certificates-for-onion-sites/)
"T-Mobile to Share Customers' Web Browsing Data With Advertisers Unless They Opt Out," PCMag. (https://uk.pcmag.com/networking/132169/t-mobile-to-share-customers-web-browsing-data-with-advertisers-unless-they-opt-out)
"California bans ‘dark patterns’ that trick users into giving away their personal data," The Verge. (https://www.theverge.com/2021/3/16/22333506/california-bans-dark-patterns-opt-out-selling-data)
Join Our Community
Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/
Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet
Learn about more opportunities to start collaborating: https://community.torproject.org/
Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org
Published on 2021-02-28
Learning more about our users with a Tor Browser User Survey
https://blog.torproject.org/learning-more-about-tor-users
At the Tor Project we practice user-centered design. This means we put our users at the heart of our development process, making a conscious effort to understand the contexts in which people use our tools and paying particular attention to the bumps they encounter along the way.
Many digital product companies rely heavily on data gathered from invasive tracking scripts to better understand their users’ behavior, further fueling the surveillance economy. However that’s not how we do things at Tor – instead, we aim to conduct research that respects the basic principles of privacy and consent: https://blog.torproject.org/strength-numbers-usable-tools-dont-need-be-invasive.
To learn more about our users, we launched a new Tor Browser User Survey: https://survey.torproject.org/index.php/217469?lang=en, also available via onion service: http://bogdyardcfurxcle.onion/index.php/217469?lang=en. We'd love to get your feedback! You can learn more about this survey, how it came about, and other opportunities to get involved in UX at Tor on our blog: https://blog.torproject.org/learning-more-about-tor-users.
Anonymous GitLab Ticketing: An Exciting New Project at Tor
https://blog.torproject.org/anonymous-gitlab
Currently, before making a bug report to one of Tor’s repos, users must sign up for a GitLab account via the TicketLobby (https://gitlab.onionize.space/). Although this is the right approach for many users, it has its limitations.
A new project, the anonymous ticketing portal, is designed to circumvent these limitations, resulting in more complete, private bug reporting, and includes the following features:
- Lightning-fast, anonymous (and lazy) user interface
- Tor-flavored, data-packed, familiar project and issue views
- Super-powered SuperUsers
A test instance of this project is currently live at https://anonticket.onionize.space/, or you can see the repo itself at https://gitlab.torproject.org/tpo/tpa/anon_ticket.
Read more about the anonymous GitLab ticketing system on our blog: https://blog.torproject.org/anonymous-gitlab.
Tor in the Media: 2020
https://blog.torproject.org/tor-media-2020
This year, we’re continuing a new tradition of reviewing media and news stories that mentioned Tor and the Tor Project. Our goal is to highlight what is changing (or not) in the conversation about privacy and censorship, as well as identifying the ways the media discusses Tor in the context of these challenges.
Read our review of Tor in the media in 2020 on our blog: https://blog.torproject.org/tor-media-2020.
Bug Smash Fund, Year 2: Progress So Far!
https://blog.torproject.org/tor-bug-smash-fund-yr2-progress
Last August, we asked you to help us fundraise during our second annual Bug Smash Fund campaign (https://blog.torproject.org/tor-bug-smash-fund-2020-106K-raised). This fund is designed to grow a healthy reserve earmarked for maintenance work, finding bugs, and smashing them—all tasks necessary to keep Tor Browser, the Tor network, and the many tools that rely on Tor strong, safe, and running smoothly.
We want to share an update! Read about the work made possible with the Bug Smash Fund on our blog: https://blog.torproject.org/tor-bug-smash-fund-yr2-progress.
New Releases
Tor Browser 10.5a11
https://blog.torproject.org/new-release-tor-browser-105a11
This release updates Firefox to 78.8.0esr for desktop and Firefox for Android to 86.1.0. Additionally, we update Tor to 0.4.5.6 and OpenSSL to 1.1.1j.
Tor Browser 10.0.12
https://blog.torproject.org/new-release-tor-browser-10012
This version updates Desktop Firefox to 78.8.0esr and Android Firefox to 86.1.0. In addition, Tor Browser 10.0.12 updates NoScript to 11.2.2, Openssl to 1.1.1j, and Tor to 0.4.5.6.
Tor 0.4.5.6
https://blog.torproject.org/node/2000
This release series introduces significant improvements in relay IPv6 address discovery, a new "MetricsPort" mechanism for relay operators to measure performance, LTTng support, build system improvements to help when using Tor as a static library, and significant bugfixes. The Tor 0.4.5.x release series is dedicated to the memory of Karsten Loesing (1979-2020), Tor developer, cypherpunk, husband, and father.
Tor Browser 10.5a10 (Windows Only)
https://blog.torproject.org/new-release-tor-browser-105a10
This version updates Firefox to 78.7.1esr for Windows. This release includes important security updates to Firefox.
Tor Browser 10.5a9 (Android Only)
https://blog.torproject.org/new-release-tor-browser-105a9
This release updates Fenix to 86.0.0-beta.2. Additionally, we update NoScript to 11.2 and HTTPS Everywhere to 2021.1.27.
Tor Browser 10.0.11 (Windows Only)
https://blog.torproject.org/new-release-tor-browser-10011
This version updates Firefox to 78.7.1esr for Windows. This release includes important security updates to Firefox.
Tor Browser 10.0.10
https://blog.torproject.org/new-release-tor-browser-10010
This version increases the availability of version 3 (v3) onion services. The fix is included in the recently released stable tor versions, as well.
Tor 0.3.5.13, 0.4.3.8, and 0.4.4.7
https://blog.torproject.org/node/1990
Tor 0.4.4.7 backports numerous bugfixes from later releases, including one that made v3 onion services more susceptible to denial-of-service attacks, and a feature that makes some kinds of DoS attacks harder to perform.
Tor 0.4.5.5-rc
https://blog.torproject.org/node/1989
Tor 0.4.5.5-rc is the third release candidate in its series. This release fixes an annoyance with address detection code, and somewhat mitigates an ongoing denial-of-service attack.
We're Hiring
Metrics Data Architect
The person in this position will work directly with helping us maintain existing systems, and design new systems for gathering and analyzing data. They will help the rest of the teams understand the data available to improve our tools as well as the Tor network's health. Read the full job description: https://www.torproject.org/about/jobs/metrics-data-architect/
Anti-Censorship Software Developer
This developer will be tasked with improving the user experience and process of finding alternate routes to the Tor network when global censorship events block access to the Tor network. A personal commitment to free and open source software and the application of advanced programming skills for the greater good is essential. Read the full job description. https://www.torproject.org/about/jobs/software-developer-anticensorship/
What We're Reading
"Why you should care about data privacy even if you have “nothing to hide”," Vox. (https://www.vox.com/recode/22250897/facebook-data-privacy-collection-algorithms-extremism)
"South Sudan: Rampant abusive surveillance by NSS instils climate of fear," Amnesty International. (https://www.amnesty.org/en/latest/news/2021/02/south-sudan-abusive-surveillance-by-national-security-service-climate-of-fear/)
"Private dollars are seeding surveillance tech across the US," Smart Cities Dive. (https://www.smartcitiesdive.com/news/private-dollars-are-seeding-surveillance-tech-across-the-us/594615/)
"There Are Spying Eyes Everywhere—and Now They Share a Brain," Wired. (https://www.wired.com/story/there-are-spying-eyes-everywhere-and-now-they-share-a-brain/)
"Amazon says government demands for user data spiked by 800% in 2020," TechCrunch. (https://techcrunch.com/2021/02/01/amazon-government-demands-spiked/)
"Spotify patents tech to recommend songs based on users' speech, emotion," Axios. (https://www.axios.com/spotify-patent-users-speech-recommend-music-6c5ce99d-ca0f-4457-9b87-9d27fcc35527.html)
Join Our Community
Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/
Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet
Learn about more opportunities to start collaborating: https://community.torproject.org/
Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org
--
The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.
Twitter: https://twitter.com/torproject
Facebook: https://facebook.com/torproject
Instagram: https://instagram.com/torproject
Mastodon: http://mastodon.social/@torproject
Published on 2021-01-29
2020 Fundraising Results: Thank You!
https://blog.torproject.org/use-a-mask-use-tor-thank-you
We are pleased to announce that in 2020, despite the cancellations of in-person events and the sharp decrease in individual donations we saw at the beginning of the pandemic, you helped us to raise $913,110 from individuals, more than any calendar year in the Tor Project’s history. You contributed $376,315 of this figure during the end-of-year campaign—this includes the generous $100,000 match by the Friends of Tor. (That’s a 19% increase over last year’s year-end campaign.)
Thank you to everyone who made a donation in 2020! You make it possible to resist the surveillance pandemic. You’ve made it possible for the Tor Project and the tools we support to survive a very difficult time, and to prepare for 2021 with ambitious plans.
Vist the blog for more details about the details of Tor's fundraising in 2020, and what we have prepared for 2021: https://blog.torproject.org/use-a-mask-use-tor-thank-you
The state of IPv6 support on the Tor network
https://blog.torproject.org/state-of-ipv6-support-tor-network
In our last article, published in RIPE's website, (https://labs.ripe.net/Members/tor_grants/a-look-into-the-tor-network-work-on-supporting-ipv6) we described the work that happened in 2020 related to giving IPv6 support (https://blog.torproject.org/ipv6-future-i-hear) to the Tor network.
Tor 0.4.5.1-alpha (https://blog.torproject.org/node/1949) is the first release that includes all the work described in the RIPE article. Relays running 0.4.5.1-alpha are the first to report IPv6 bandwidth statistics.
As of December 2, 2020, 54% of the relays on the network run a version of Tor that supports IPv6. Of the 6852 relays in the network, 3587 are running version 0.4.4 (https://metrics.torproject.org/versions.html) and 8 relays are running the latest Tor version 0.4.5 (https://blog.torproject.org/node/1958). From all those, 1588 are announcing an IPv6 address and port for the OR protocol. 1587 relays are reachable on IPv6 by the directory authorities. 626 permit exiting to IPv6 targets (https://metrics.torproject.org/relays-ipv6.html).
Read more about the state of IPv6 on the Tor network on our blog: https://blog.torproject.org/state-of-ipv6-support-tor-network
In memoriam of Karsten Loesing
blog.torproject.org/in-memoriam-of-karsten-loesing
It's with deep sorrow that we share that our dear friend, colleague, and Tor core contributor Karsten Loesing passed away on the afternoon of Friday, December 18, 2020. No one is prepared for such an unimaginable loss. Our deepest sympathies go to Karsten's family at this moment, his wife and his children.
We all loved him and his contribution to the Tor Project will always be remembered from the depth of our hearts. We will be dedicating our next release of core tor to Karsten's memory.
Rest in peace, Karsten.
New Releases
Tor Browser 10.0.9
https://blog.torproject.org/new-release-tor-browser-1009
This release updates Firefox to 78.7.0esr for desktop and Firefox for Android to 85.1.0. This release includes important security updates to Firefox for Desktop, and similar important security updates to Firefox for Android.
Tor Browser 10.5a8
https://blog.torproject.org/new-release-tor-browser-105a8
This release updates Firefox to 78.7.0esr for desktop and Firefox for Android to 85.1.0. Additionally, we update Tor to 0.4.5.4-rc. This release includes important security updates to Firefox for Desktop, and similar important security updates to Firefox for Android.
Tor 0.4.5.4-rc
https://blog.torproject.org/node/1973
Tor 0.4.5.4-rc is the second release candidate in its series. It fixes several bugs present in previous releases. We expect that the stable release will be the same, or almost the same, as this release candidate, unless serious bugs are found.
Tor Browser 10.5a7
https://blog.torproject.org/new-release-tor-browser-105a7
This release updates Firefox to 78.6.1esr for desktop and Firefox for Android to 85.0.0-beta.7. Additionally, we update Tor to 0.4.5.3-rc. This versions also fixes a crash seen by macOS users on the new M1 processor.
Tor Browser 10.0.8
https://blog.torproject.org/new-release-tor-browser-1008
This release updates Firefox for desktops to 78.6.1esr and Firefox for Android to 84.1.4. This version resolves instability on Apple macOS devices with the new M1 processor.
Tor 0.4.5.3-rc
https://blog.torproject.org/node/1969
Tor 0.4.5.3-rc is the first release candidate in its series. It fixes several bugs, including one that broke onion services on certain older ARM CPUs, and another that made v3 onion services less reliable.
Upcoming Events with Tor
No upcoming events.
What We're Reading
"Tor Project’s crypto donations increased 23% in 2020," Coin Telegraph. (https://cointelegraph.com/news/tor-project-s-crypto-donations-increased-23-in-2020)
"Encryption is vital for attorney-client privilege in the digital era, and lawyers should fight for it," Access Now. (https://www.accessnow.org/encryption-attorney-client-privilege/)
"100 hours in the dark: How an election internet blackout hit poor Ugandans," Thomson Reuters Foundation. (https://news.trust.org/item/20210120134502-2jnhz/)
"You watch TV. Your TV watches back," The Washington Post. (https://www.washingtonpost.com/technology/2019/09/18/you-watch-tv-your-tv-watches-back/)
"Leaked Location Data Shows Another Muslim Prayer App Tracking Users," VICE. (https://www.vice.com/en/article/xgz4n3/muslim-app-location-data-salaat-first)
"DuckDuckGo surpasses 100 million daily search queries for the first
--
The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.
Twitter: https://twitter.com/torproject
Facebook: https://facebook.com/torproject
Instagram: https://instagram.com/torproject
Mastodon: http://mastodon.social/@torproject
Published on 2020-12-21
Looking Forward: Tor in 2021
https://blog.torproject.org/tor-in-2021
This year has been difficult for all of us. As individuals, we’ve had to adapt to the new normal of COVID-19, and as an organization, the Tor Project also had to adapt to our “new normal” after we made the difficult decision to let go of one third of our organization. Although challenging, we have managed to reorganize in order to meet the goals we originally set for 2020, and now, it’s time to look forward to 2021.
We have shared many of our goals for the next year, including addressing the "Tor is too slow" complaint, supporting the relay operator community, improving network health, developing a Rust Tor implementation, & unblocking Tor through outreach. Read more about our plans from our executive director, Isabela Bagueros: https://blog.torproject.org/tor-in-2021
Moving Tor from Trac to Gitlab
https://blog.torproject.org/node/1957
Tor had been using Trac (https://trac.torproject.org) until June 2020, when we moved to our self-hosted instance of Gitlab administered by the Tor sysadmin team (https://gitlab.torproject.org). We're hoping Gitlab will be a good fit because:
- Gitlab will allow us to collect our different engineering tools into a single application: Git repository handling, Wiki, Issue tracking, Code reviews, and project management tooling.
- Gitlab is well-maintained, while Trac plugins are not well maintained and Trac itself hasn't seen a release for over a year (since 2019).
- Gitlab will allow us to build a more modern approach to handling Continuous Integration for our different projects.
We spent several months fixing and testing problems on data migration, from formatting issues to addressing where the information that lived in Trac should live in Gitlab. We tested the Gitlab instance with a few projects until we jumped into migrating all data from Trac. You can read more about this migration process on our blog: https://blog.torproject.org/node/1957
Watch PrivChat #3 with Edward Snowden
https://torproject.org/privchat
For our third edition of PrivChat on December 11, we brought together some real-life Tor users who shared how Tor has been important for them and their work to defend human rights and freedoms around the world.
Hosted by Edward Snowden, PrivChat featured technologist and privacy researcher Ramy Raoof, librarian and founder of Library Freedom Project, Alison Macrina, and Africa Policy Manager and Global Internet Shutdowns Lead at Access Now, Berhan Taye.
Watch the full PrivChat: Advancing Human Rights with Tor (https://www.youtube.com/watch?v=S2N3GoewgC8), and be on the lookout for our next PrivChat in 2021.
Anti-censorship team report: November 2020
https://blog.torproject.org/anti-censorship-november-2020
Tor's anti-censorship team writes monthly reports to keep the world updated on its progress. This blog post summarizes the anti-censorship work we got done in November 2020. Let us know if you have any questions or feedback!
New Releases
Upcoming Events with Tor
Join Our Community
Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/
Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet
Learn about more opportunities to start collaborating: https://community.torproject.org/
Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org
Published on 2020-11-30
Use a Mask, Use Tor: Friends of Tor Matching Donations
https://blog.torproject.org/friends-of-tor-match-2020
Every dollar donated to the Tor Project now through December 31, up to $100,000, will be matched by Friends of Tor (https://torproject.org/donate/donate-usetor-tn-fot). That means your donation will be doubled. We’re able to offer this match because of generous folks in our community who believe in Tor, privacy online, and the work to resist the surveillance pandemic.
Make a donation today and your gift will be matched, 1:1: https://torproject.org/donate/donate-usetor-tn-fot
Meet the Friends of Tor who generously came forward to make this match possible on our blog: https://blog.torproject.org/friends-of-tor-match-2020
You're Invited: PrivChat with Edward Snowden
The Tor Project's main mission is to advance human rights and freedoms by creating and deploying free and open source anonymity and privacy technologies. People use our technology, namely the Tor network and Tor Browser, in diverse ways. Tor is used by whistleblowers who need a safe way to bring to light information about wrongdoing -- information that is crucial for society to know -- without sharing their identity. Tor is used by activists around the world who are fighting against authoritarian governments and to defend human rights, not only for their safety and anonymity, but also to circumvent internet censorship so their voices can be heard.
For our third edition of PrivChat (https://torproject.org/privchat), we are bringing you some real-life Tor users who will share how Tor has been important for them and their work to defend human rights and freedoms around the world. Hosted by Edward Snowden, featuring technoligist and privacy research Ramy Raoof and librarian and founder of Library Freedom Project, Alison Macrina.
Join us for PrivChat: Advancing Human Rights with Tor on December 11 at 18:00 UTC, 13:00 Eastern, 10:00 Pacific: https://www.youtube.com/watch?v=S2N3GoewgC8
State of the Onion: Tor & Community Updates from 2020
https://www.youtube.com/watch?v=IyWyTypRGWQ
Every year people from the Tor Project and its communities present the State of the Onion, a compilation of updates from our different projects, at conferences around the world. We use this opportunity to talk about highlights of the work we’ve accomplished during the year and what we are excited about in the upcoming year.
With COVID-19 pandemic this year, we didn’t have the chance to ‘tour’ our State of the Onion during any face-to-face conferences. So we decided to bring the State of the Onion to you in virtual format.
We invite you to watch the full recording of State of the Onion 2020 on YouTube (https://www.youtube.com/watch?v=IyWyTypRGWQ). Our blog outlines the full program and who took part in the event (https://blog.torproject.org/state-of-the-onion-2020).
Transparency, Openness, and Our 2018 and 2019 Finances
https://blog.torproject.org/transparency-openness-and-our-2018-and-2019-financials
We publish all of our related tax documents for transparency (https://www.torproject.org/about/reports/). After completing standard audits for 2017-2018 and for 2019, our federal tax filings and audits for the last two years are available in full on our website. We've outlined some observations to help you read through the 2018 and 2019 financial documents on our blog: https://blog.torproject.org/transparency-openness-and-our-2018-and-2019-financials.
Digital security tools for human rights defenders
https://blog.torproject.org/hrd-amazon-training
Since July 2020, Narrira Lemos has been working with the Tor Project as a Bertha Fellow (https://berthafoundation.org/bertha-challenge/) to strengthen and promote digital security among individuals and organizations in the Amazonian region of Brazil, where she works with the technological challenges of the people who live there fighting to protect forests. On the blog, Nah outlines her work with rural communities, the impact of the pandemic, and how these human rights defenders use Tor Browser and other digital security tools: https://blog.torproject.org/hrd-amazon-training.
New Releases
Tor 0.4.5.2-alpha
https://blog.torproject.org/node/1958
Tor 0.4.5.2-alpha is the second alpha release in the 0.4.5.x series. It fixes several bugs present in earlier releases, including one that made it impractical to run relays on Windows. It also adds a few small safety features.
Tor Browser 10.5a4
https://blog.torproject.org/new-release-tor-browser-105a4
This release updates Firefox to 78.5.0esr for desktop and Fenix to 83.0 for Android. Additionally, we update Tor to 0.4.5.1-alpha. This release includes important security updates both for desktop and Android users.
Tor Browser 10.0.5 (Only Desktop)
https://blog.torproject.org/new-release-tor-browser-1005
This release updates Firefox to 78.5.0esr and updates Tor to 0.4.4.6. This release includes important security updates to Firefox.
Tor Browser 10.5a3
https://blog.torproject.org/new-release-tor-browser-105a3
Tor Browser 10.5a3 updates NoScript to 11.1.5 and libevent to 2.1.12. This release includes important security updates to Firefox.
Tor 0.3.5.12, 0.4.3.7, and 0.4.4.6
https://blog.torproject.org/node/1952
Tor 0.4.4.6 is the second stable release in the 0.4.4.x series. It backports fixes from later releases, including a fix for TROVE-2020- 005, a security issue that could be used, under certain cases, by an adversary to observe traffic patterns on a limited number of circuits intended for a different relay.
Tor Browser 10.0.4
https://blog.torproject.org/new-release-tor-browser-1004
This release updates NoScript to 11.1.5 and includes an important security update to Firefox.
Tor Browser 10.0.3 (Android Only)
blog.torproject.org/new-release-tor-browser-1003
After many months of design and development we are very happy to announce the release of Tor Browser 10.0.3 for Android. This is the first Android Tor Browser version in the stable 10.0 series. The Desktop version was released at the end of September. We began working on this project in April 2020 with the goal of rebuilding the Android Tor Browser on top of Mozilla's new Android Firefox Browser, Fenix. Over the last six months, we successfully achieved this goal and we reached feature parity with the previous Android Tor Browser version.
What We're Reading
"Browsing internet 'safely' on Android phones becomes easier with this new app," India Times.
https://timesofindia.indiatimes.com/gadgets-news/browsing-internet-safely-on-android-phones-becomes-easier-with-this-new-app/articleshow/79013318.cms
"How Police Can Crack Locked Phones—and Extract Information," Wired.
https://www.wired.com/story/how-police-crack-locked-phones-extract-information/
"The best way to fight election disinformation is to fight surveillance capitalism," Fight for the Future.
https://fightfortheftr.medium.com/the-best-way-to-fight-election-disinformation-is-to-fight-surveillance-capitalism-d5d835683a9e
"Crypto Wallet Trezor Incorporates ‘Tor Switch' in its Desktop App for Increased Privacy," Bitcoin Exchange Guide.
https://bitcoinexchangeguide.com/crypto-wallet-trezor-incorporates-tor-switch-in-its-desktop-app-for-increased-privacy/
"How the U.S. Military Buys Location Data from Ordinary Apps," Motherboard.
https://www.vice.com/en/article/jgqm5x/us-military-location-data-xmode-locate-x
"Tor Project rolls out program to turbo-charge network throughput," The Daily Swig.
https://portswigger.net/daily-swig/tor-project-rolls-out-program-to-turbo-charge-network-throughput
"'Incognito Mode' Is Actually Pretty Useless," VICE.
https://www.vice.com/en/article/y3gzgb/incognito-mode-is-actually-pretty-useless
Upcoming Events with Tor
(ICYMI) Anonymity loves Diversity: The Case of Tor (Foss-North), November 1st, 2020.
https://youtu.be/lBjZOvA2kF4
(ICYMI) State of the Onion: Tor & Community Updates from 2020, November 16, 2020.
https://www.youtube.com/watch?v=IyWyTypRGWQ
Join Our Community
Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/
Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet
Learn about each of our teams and start collaborating: https://gitlab.torproject.org/tpo/team#Teams
Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org
Published on 2020-10-29
Use A Mask, Use Tor: Resist the Surveillance Pandemic
https://blog.torproject.org/use-a-mask-use-tor
As many friends and followers of Tor know by now, we spend the final weeks of each year asking for your help as part of our year-end fundraising campaign (https://torproject.org/donate/donate-usetor-tn1). This year hasn't been a normal year at all, not for Tor and not for the rest of the world.
For our 2020 campaign, we wanted a theme that conveys a positive message and speaks to the power of community action. That’s why we decided on the theme Use a Mask, Use Tor.
To put it simply, using a mask keeps yourself and your communities safe in person. Using Tor keeps yourself and your communities safe online. Both tools help to conceal your identity, can break systems of surveillance, and their widespread use can promote the health of communities while undermining the power of systems bent on dividing us. Using a mask and using Tor helps us stand in solidarity with one another.
Use a mask, use Tor. And now, use your Tor mask! Make a donation of $50 and receive a limited-edition Tor mask: https://torproject.org/donate/donate-usetor-tn1
Every donation made from now through the end of 2020 will count towards our year-end campaign. Be on the lookout for events, giveaways, and new merch available from now until December 31. Read more about the campaign on our blog: https://blog.torproject.org/use-a-mask-use-tor
Tor Browser and Onion Services: Challenges and Opportunities
https://blog.torproject.org/tor-brower-onion-services-challenges-opportunities
Maintaining a browser like Tor Browser has its challenges but also its rewards. It allows us to reach faster adoption of important technologies like onion services, providing a more secure browsing experience for all Tor users. Improving the treatment of onion services on the browser side, however, comes with its own challenges both for users and service providers and it is important to reflect on those as a requirement for future growth.
Thus, we feel it is time to take stock and outline the steps we have taken over the years to improve the user experience and adoption of onion services, the challenges we faced and continue to face, and what the future might look like.
Check out our blog post for how we got where we are today, our challenges, and what's next for Tor Browser and onion services: https://blog.torproject.org/tor-brower-onion-services-challenges-opportunities
Join the Tor Localization Hackathon November 6 - 9
https://blog.torproject.org/tor-l10n-hackathon
Between November 6 and 9, the Tor Project and Localization Lab (https://www.localizationlab.org/) will host the first edition of Tor Project's localization hackathon, the Tor L10n Hackathon. A hackathon is an event where a community hangs out and works together to update, fix, and collaborate on a project. The L10n Hackathon is a totally remote and online event.
In this localization hackathon we're going to work exclusively on the localization of our latest resource, the Tor Community portal. Find out how to join the hackathon on our blog: https://blog.torproject.org/tor-l10n-hackathon
Anti-censorship team report: September 2020
https://blog.torproject.org/anti-censorship-september-2020
Tor's anti-censorship team writes monthly reports to keep the world updated on its progress. This blog post summarizes the anti-censorship work we got done in September 2020. Let us know if you have any questions or feedback!
New Releases
Tor Browser 10.0a9 (Android Only)
https://blog.torproject.org/new-release-tor-browser-100a9
Tor Browser 10.0a9 ships with Fenix 82.1.1. As this is the second alpha version based on Fenix we expect more bugs than usual. Please report them (with steps to reproduce), either on our blog or on Gitlab, or essentially with any other means that would reach us. We are in particular interested in potential proxy bypasses which our proxy audit missed.
Tor Browser 10.5a2
https://blog.torproject.org/new-release-tor-browser-105a2
Tor Browser 10.5a2 ships with Firefox 78.4.0esr, updates NoScript to 11.1.3, and OpenSSL to 1.1.1h. This release includes important security updates to Firefox. Tor Browser 10.5 does not support CentOS 6.
Tor Browser 10.0.2
https://blog.torproject.org/new-release-tor-browser-1002
This release updates Firefox to 78.4.0esr and NoScript to 11.1.3. This release includes important security updates to Firefox. Now Javascript on the Safest security level is governed by NoScript again.
Tor Browser 10.0.1
https://blog.torproject.org/new-release-tor-browser-1001
This release updates NoScript to 11.1.1 and fixes some bugs, including the issue of watching Youtube videos on Windows.
Tor Browser 10.0a8 (Android Only)
https://blog.torproject.org/new-release-tor-browser-100a8
We are happy to announce the first alpha for Android users based on Fenix 81. The Desktop version was released at the end of September. Over the last four months we adjusted our toolchains, finished our proxy audit, re-implemented the user interfaces, and fixed a lot of issues that came down on us due to the switch from Firefox 68esr to Fenix.
What We're Reading
"The Police Can Probably Break Into Your Phone," The New York Times.
https://www.nytimes.com/2020/10/21/technology/iphone-encryption-police.html
"Onions on the side: Tracking Tor availability for reader privacy on major news sites," Freedom of the Press Foundation.
https://freedom.press/news/onions-side-tracking-tor-availability-reader-privacy-major-news-sites/
"Amazon Unveils Drone That Films Inside Your Home. What Could Go Wrong?" The New York Times.
https://www.nytimes.com/2020/09/24/technology/amazon-ring-drone.html
"Bitcoin's Next Upgrade Will Support Tor V3 Addresses," Decrypt.
https://decrypt.co/44640/bitcoins-next-upgrade-will-support-tor-v3-addresses
"CBP Bought 'Global' Location Data from Weather and Game Apps," Motherboard.
https://www.vice.com/en/article/n7wakg/cbp-dhs-location-data-venntel-apps
"Introducing Onion Names for SecureDrop," SecureDrop.
https://securedrop.org/news/introducing-onion-names-securedrop/
"Google is giving data to police based on search keywords, court docs show," CNet.
https://www.cnet.com/news/google-is-giving-data-to-police-based-on-search-keywords-court-docs-show/
Upcoming Events with Tor
Anonymity loves Diversity: The Case of Tor (Foss-North), November 1st, 2020 @ 16:00 - 17:00 (CET).
https://blog.torproject.org/foss-north-2020
Tor Localization Hackathon, November 6 - 9, 2020.
https://blog.torproject.org/node/1946
State of the Onion: Tor & Community Updates from 2020, November 16, 2020 @ 16:00 - 18:00 UTC.
https://blog.torproject.org/state-of-the-onion-2020
Tor Talk at GNU Health Conference 2020, November 20, 2020
https://blog.torproject.org/tor-ghcon-2020
Tor introduction @ LHC (Campinas), November 26 @ 23:00 UTC
https://blog.torproject.org/tor-intro-lhc-2020
Join Our Community
Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/
Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet
Learn about each of our teams and start collaborating: https://gitlab.torproject.org/tpo/team#Teams
Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org
Published on 2020-09-29
Updates on the Tor Project’s Board
https://blog.torproject.org/welcome-new-tor-board-members
We would like to share some updates regarding the Tor Project’s Board. We had two members stepping down, Megan Price and Shari Steele, both provided great contributions for the Board that Tor will always be thankful for. And we are grateful to have them as supporters and friends of Tor.
To move forward we decided to invite two new members. We are happy to say both have accepted our invitation and joined the Board. Rabbi Rob, the founder and CEO of Team Cymru and Chelsea Komlo, cryptography and privacy researcher and engineer.
Tor’s Bug Smash Fund, Year 2: $106,709 Raised!
https://blog.torproject.org/tor-bug-smash-fund-2020-106K-raised
This August, we asked you to help us fundraise for our second annual Bug Smash Fund campaign. This fund is designed to grow a healthy reserve earmarked for maintenance work, finding bugs, and smashing them—all tasks necessary to keep Tor Browser, the Tor network, and the many tools that rely on Tor strong, safe, and running smoothly.
In 2019, we raised $86,081, half of which we raised in-person at DEFCON.
In 2020, despite the challenges of COVID-19 and event cancellations, you helped us to raise $106,709!
Censored continent: understanding the use of tools during information controls in Africa: Nigeria, Cameroon, Uganda, and Zimbabwe as case studies.
https://blog.torproject.org/icfp-otf-censored-continent
Between 2019 and 2020, the Tor Project has had the opportunity to serve as the host organization of OTF Information Controls Fellow, Babatunde Okunoye.
As part of his fellowship, Babatunde examined the use of Internet censorship circumvention tools in Cameroon, Nigeria, Uganda, and Zimbabwe, four countries in Africa with varying degrees of Internet censorship, including Internet bandwidth throttling, social media app restrictions, and website blocks. Interviews were done with 33 people, including students, civil society members, people in business, and teachers, revealing how communities mobilized to defeat censorship.
Anti-censorship team report: August 2020
https://blog.torproject.org/anti-censorship-august-2020
Tor's anti-censorship team writes monthly reports to keep the world updated on its progress. This blog post summarizes the anti-censorship work we got done in August 2020. Let us know if you have any questions or feedback!
GSoC 2020: Snowflake Proxy on Mobile
https://blog.torproject.org/gsoc-2020-snowflake-proxy-mobile
Every year the Tor Project hosts interns through programs like Outreachy and Google Summer of Code. Hashik worked with our anti-censorship team on bringing Snowflake proxy to Android. We are happy that Hashik had a great time at the Tor Project.
“Tor’s community is very welcoming; all the Tor core developers are down to earth, humble, and easy to approach for any technical difficulty. Any interested person can barge into their IRC channels and ask any question, and either the developers or the fellow folks in the community would answer our questions.”
New Releases
Tor 0.4.4.5
https://blog.torproject.org/node/1921
This series improves our guard selection algorithms, adds v3 onion balance support, improves the amount of code that can be disabled when running without relay support, and includes numerous small bugfixes and enhancements. It also lays the ground for some IPv6 features that we'll be developing more in the next (0.4.5) series.
Tor Browser 10
https://blog.torproject.org/new-release-tor-browser-100
Tor Browser 10 ships with Firefox 78.3.0esr, updates NoScript to 11.0.44, and Tor to 0.4.4.5. This release includes important security updates to Firefox.
Android Tor Browser 10 is under active development and we are supporting the current 9.5 series for Android until the new one is ready. We are informed by Mozilla of any issues they learn about affecting the 9.5 series. We expect to release the new Tor Browser for Android based on Fenix in the following weeks.
Tails 4.11
https://blog.torproject.org/new-release-tails-411
This release fixes many security vulnerabilities. You should upgrade as soon as possible.
Tor Browser 10.0a7
https://blog.torproject.org/new-release-tor-browser-100a7
We are happy to announce the third alpha for desktop users based on Firefox 78 ESR. The Android version is under active development and will be available in the coming weeks.
Tor Browser 10.5a1
https://blog.torproject.org/new-release-tor-browser-105a1
Tor Browser 10.5a1 ships with Firefox 78.3.0esr, updates NoScript to 11.0.44, and Tor to 0.4.4.5.
What We're Reading
"Portland, Oregon, passes toughest ban on facial recognition in US," CNET.
https://www.cnet.com/google-amp/news/portland-passes-the-toughest-ban-on-facial-recognition-in-the-us/
"We made the largest Mexican telecommunications operator stop blocking secure internet," GlobalVoices.
https://globalvoices.org/2020/09/08/we-made-the-largest-mexican-telecommunications-operator-stop-blocking-secure-internet/
"Free VPNs are bad for your privacy," Tech Crunch.
https://techcrunch.com/2020/09/24/free-vpn-bad-for-privacy/
"Trump cuts aid for pro-democracy groups in Belarus, Hong Kong and Iran," The Guardian.
https://www.theguardian.com/us-news/2020/sep/24/trump-open-technology-fund-hong-kong-belarus-iran
"U.S. court: Mass surveillance program exposed by Snowden was illegal," Reuters.
https://www.reuters.com/article/us-usa-nsa-spying/u-s-court-mass-surveillance-program-exposed-by-snowden-was-illegal-idUSKBN25T3CK
"Remote Learning During Pandemic Brings Privacy Risks," The Wall Street Journal.
https://www.wsj.com/articles/remote-learning-during-pandemic-brings-privacy-risks-11599039000
"Zimbabwe’s Speedy Social Media Law Is Africa’s Latest Internet Censorship Plot," WT.
https://weetracker.com/2020/08/31/zimbabwe-africa-social-media-laws/
"Private Intel Firm Buys Location Data to Track People to their 'Doorstep'," Motherboard.
https://www.vice.com/en_us/article/qj454d/private-intelligence-location-data-xmode-hyas
Upcoming Events with Tor
Roger keynotes at CyberSec&AI, October 8, 2020.
https://blog.torproject.org/node/1925
Join Our Community
Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/
Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet
Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams
Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org