v2 onion services deprecation, improvements to Tor Browser, LGBTQIA+ rights & internet freedom

Published on 2021-07-01

Onion service admins must upgrade to v3 onion services as soon as possible

https://blog.torproject.org/v2-deprecation-timeline

If you are an onion site administrator, you must upgrade to v3 onion services as soon as possible.

As we announced last year, v2 onion services will be deprecated and obsolete in Tor 0.4.6.x. As of April 2021, Tor Browser Alpha uses this version of Tor and v2 addresses no longer work in this and future versions of Tor Browser Alpha.

When Tor Browser stable moves to Tor 0.4.6.x in October 2021, v2 onion addresses will be completely unreachable.

Why are we deprecating v2 onion services? Safety. Technologies used in v2 onion services are vulnerable to different kinds of attacks, and v2 onion services are no longer being developed or maintained. The new version of onion services provides improved encryption and enhanced privacy for administrators and users.

It's critical that onion service administrators migrate to v3 onion services and work to inform users about this change as soon as possible.

Read more about the deprecation on our blog: https://blog.torproject.org/v2-deprecation-timeline

Snowflake moving to stable in Tor Browser 10.5

https://blog.torproject.org/snowflake-in-tor-browser-stable

We're excited to announce that Snowflake (https://snowflake.torproject.org) will be shipped as one of the default bridge options with stable versions of Tor Browser later this month.

What is Snowflake? Snowflake is a pluggable transport that uses a combination of domain fronting and peer-to-peer WebRTC connections between clients and volunteers to circumvent Internet censorship. Snowflake is highly censorship resistant, and used only for the initial bootstrapping of the connection. As such, it requires much lower bandwidth and shorter connections than existing domain fronting pluggable transports like meek (https://gitweb.torproject.org/pluggable-transports/meek.git/), making it a more scalable alternative.

For more about Snowflake, its design, and how it works for users, visit our blog: https://blog.torproject.org/snowflake-in-tor-browser-stable

Improving the user experience of connecting to Tor in Tor Browser 10.5

https://blog.torproject.org/improving-ux-connecting-to-tor-105

Say goodbye to Tor Launcher.

During the past few years, the UX team has been working on qualitatively improving the entire Tor Browser user journey: from discovering to finding, downloading, installing, starting, and browsing; we released a seamless and familiar experience for our largest user base.

Users have specifically reported that they find Tor Launcher confusing. Research exposed these pain points and has demonstrated how confusion caused by cognitive overload delays the user’s decision-making flow. Known issues with Tor Launcher, like the time gap between Tor Launcher and the main browser window opening after first-time installation, has left some users disappointed.

Learn more about what's coming to next in Tor Browser, including improving the user experience of launching Tor on our blog: https://blog.torproject.org/improving-ux-connecting-to-tor-105

Upcoming Events with Tor

Privacy Enhancing Technologies Symposium (PETS) | July 12 - 16, 2021 https://blog.torproject.org/node/2022

Free and Open Communications on the Internet (FOCI) workshop | August 27, 2021 https://blog.torproject.org/node/2024

New Releases

Tor Browser 10.5a17

https://blog.torproject.org/new-release-tor-browser-105a17 (June 28) This version updates Tor to 0.4.6.5. This version is the last planned version before Tor Browser 10.5 is considered stable.

Tor 0.4.6.6

https://blog.torproject.org/node/2046 (June 30) Tor 0.4.6.6 makes several small fixes on 0.4.6.5, including one that allows Tor to build correctly on older versions of GCC. You should upgrade to this version if you were having trouble building Tor 0.4.6.5; otherwise, there is probably no need.

Tor Browser 10.0.18

https://blog.torproject.org/new-release-tor-browser-10018 (June 21) This version updates Tor to 0.4.5.9, including important security fixes. In addition, on Android, this version updates Firefox to 89.1.1, and NoScript to 11.2.8.

Tor 0.3.5.15, 0.4.4.9, 0.4.5.9, 0.4.6.5

https://blog.torproject.org/node/2041 (June 14) After months of work, we have a new stable release series! Because this release includes security fixes, we are also releasing updates for our other supported releases.

Tor Browser 10.5a16

https://blog.torproject.org/new-release-tor-browser-105a16 (June 11) This version updates Firefox to 78.11esr and Fenix to 89.0. In addition, Tor Browser 10.5a16 updates Tor to 0.4.6.4-rc. This version includes important security updates to Firefox for Desktop and security updates for Android.

Tor Browser 10.0.17

blog.torproject.org/new-release-tor-browser-10017 (June 2) This version updates Firefox to 78.11esr. In addition, Tor Browser 10.0.17 updates NoScript to 11.2.8, HTTPS Everywhere to 2021.4.15, and Tor to 0.4.5.8. This version includes important security updates to Firefox for Desktop.

What We're Reading

Join Our Community

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/

Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet

Learn about more opportunities to start collaborating: https://community.torproject.org/

Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org

-- The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject Instagram: https://instagram.com/torproject Mastodon: http://mastodon.social/@torproject

"v2 onion services deprecation, new Board members, NFT auction results"

Published on 2021-05-31

Starting July 15, Tor will no longer support v2 onion services

https://blog.torproject.org/v2-deprecation-timeline

If you are an onion site administrator, you must upgrade to v3 onion services as soon as possible.

As we announced last year, v2 onion services will be deprecated and obsolete in Tor 0.4.6.x. As of April 2021, Tor Browser Alpha uses this version of Tor and v2 addresses no longer work in this and future versions of Tor Browser Alpha.

When Tor Browser stable moves to Tor 0.4.6.x in October 2021, v2 onion addresses will be completely unreachable.

Why are we deprecating v2 onion services? Safety. Technologies used in v2 onion services are vulnerable to different kinds of attacks, and v2 onion services are no longer being developed or maintained. The new version of onion services provides improved encryption and enhanced privacy for administrators and users.

It's critical that onion service administrators migrate to v3 onion services and work to inform users about this change as soon as possible.

Read more about the deprecation on our blog: https://blog.torproject.org/v2-deprecation-timeline

Announcing new Board members

https://blog.torproject.org/announcing-board-alissa-desigan-kendra

We are excited to announce that three new members are joining the Tor Project’s Board of Directors: Alissa Cooper, Desigan (Dees) Chinniah, and Kendra Albert! Each new member comes to Tor with a different set of expertise that will help the organization and our community.

Alissa Cooper is a Chief Technology Officer and Fellow at Cisco Systems and served in a variety of leadership roles in the Internet Engineering Task Force (IETF). We are excited that Alissa is joining the Board, her expertise will help Tor continue to mature as an organization.

Desigan Chinniah is a long time supporter of Tor. He is a creative technologist with a strong background in the Free Software movement as well as in the industry with his experience as an investor and on product. We are looking forward to his contribution to the Board and to Tor.

Kendra Albert is a public interest technology lawyer with a special interest in computer security and in protecting marginalized speakers and users. They serve as a clinical instructor at the Cyberlaw Clinic at Harvard Law School, where they teach students to practice law by working with pro bono clients. We are also honored to have Kendra with us and their legal expertise will be a big bonus to Tor.

Please join us in welcoming Alissa, Dees, and Kendra to the Board! Read more about them on our blog: https://blog.torproject.org/announcing-board-alissa-desigan-kendra

PrivChat #4 | 25th Anniversary of Onion Routing

https://www.youtube.com/watch?v=-wbivkG8TcU

Celebrate 25 years of onion routing with Tor!

May 31, 2021 marks the 25th anniversary of the first public presentation of onion routing in Cambridge, UK at Isaac Newton Institute's first Information Hiding Workshop.

In the latest edition of PrivChat, we celebrated this special moment by talking about beginnings of onion routing, and how this idea became Tor, and how the Tor Project eventually came to be with Paul Syverson, one of the authors of the first onion routing paper, the Tor Project co-founders Roger Dingledine and Nick Mathewson, and Tor Board member Gabriella Coleman.

Watch the celebratory edition of PrivChat to commemorate the 25th anniversary of onion routing on our YouTube channel: https://youtu.be/-wbivkG8TcU

Dreaming at Dusk: the Tor Project’s NFT Auction & What's Next

https://blog.torproject.org/nft-auction-and-whats-next

In mid-May, the Tor Project held a nonfungible token (NFT, https://en.wikipedia.org/wiki/Non-fungible_token) auction of a generative art piece we called Dreaming at Dusk (https://foundation.app/torproject/dreaming-at-dusk-35855), created by artist Itzel Yard (ixshells, https://foundation.app/ixshells) and derived from the private key of the first onion service, Dusk.

This action was held on Foundation (https://foundation.app/) and resulted in a final bid of 500 Ethereum (ETH), roughly $2M USD at the time of the auction, with the proceeds going towards the Tor Project and our work to improve and promote Tor.

Raising roughly $2M USD in one day breaks all records of individual giving we could possibly imagine, and we are extremely humbled and grateful for the success of this auction and what this means for the Tor Project nonprofit organization. Learn more about why we held this auction, the artist ixshells, and what happens next with the money raised on our blog: https://blog.torproject.org/nft-auction-and-whats-next

Check the status of Tor services with status.torproject.org

https://blog.torproject.org/check-status-of-tor-services

The Tor Project now has a status page which shows the state of our major services: https://status.torproject.org

You can check status.torproject for news about major outages in Tor services, including v3 and v2 onion services, directory authorities, our website (torproject.org), and the check.torproject.org tool. The status page also displays outages related to Tor internal services, like our GitLab instance.

Read more on our blog about why we launched status.torproject.org, how the service was built, and how it works: https://blog.torproject.org/check-status-of-tor-services

Upcoming Events with Tor

New Releases

Tor 0.4.5.8 https://blog.torproject.org/node/2031 (May 10) Tor 0.4.5.8 fixes several bugs in earlier version, backporting fixes from the 0.4.6.x series. Full changelog.

Tor 0.4.6.3-rc https://blog.torproject.org/node/2030 (May 10) Tor 0.4.6.3-rc is the first release candidate in its series. It fixes a few small bugs from previous versions, and adds a better error message when trying to use (no longer supported) v2 onion services. Full changelog.

What We're Reading

Join Our Community

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/

Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet

Learn about more opportunities to start collaborating: https://community.torproject.org/

Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org


The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter @torproject | Facebook torproject | Instagram @torproject | Mastodon | YouTube

v2 onion services deprecation, defending dissent, & domain shadowing

Published on 2021-04-30

Starting July 15, Tor will no longer support v2 onion services

https://blog.torproject.org/v2-deprecation-timeline

If you are an onion site administrator, you must upgrade to v3 onion services as soon as possible.

As we announced last year, v2 onion services will be deprecated and obsolete in Tor 0.4.6.x. As of April 2021, Tor Browser Alpha uses this version of Tor and v2 addresses no longer work in this and future versions of Tor Browser Alpha.

When Tor Browser stable moves to Tor 0.4.6.x in October 2021, v2 onion addresses will be completely unreachable.

Why are we deprecating v2 onion services? Safety. Technologies used in v2 onion services are vulnerable to different kinds of attacks, and v2 onion services are no longer being developed or maintained. The new version of onion services provides improved encryption and enhanced privacy for administrators and users.

It's critical that onion service administrators migrate to v3 onion services and work to inform users about this change as soon as possible.

Read more about the deprecation on our blog: https://blog.torproject.org/v2-deprecation-timeline

Defend Dissent with Tor

https://blog.torproject.org/book-defend-dissent-with-tor

This week, we're highlighting a guest blog post by Glencora Borradaile.

After 4 years of giving digital security trainings to activists and teaching a course called "Communications Security and Social Movements", I've compiled all my materials into an open, digital book - Defend Dissent: Digital Suppression and Cryptographic Defense of Social Movements (https://open.oregonstate.education/defenddissent/) hosted by Oregon State University where I am an Associate Professor. The book is intended for an introductory, non-major college audience, and I hope it will find use outside the university setting.

It should be no surprise that Tor is a star of Defend Dissent. The anonymity that the Tor technology enables turns the internet into what it should be: a place to communicate without everyone knowing your business. As a professor, I love teaching Tor. It is a delightful combination of encryption, key exchange, probability and threat modeling. Find out more about Defend Dissent on our blog.

Domain Shadowing: Leveraging CDNs for Robust Blocking-Resistant Communications

https://blog.torproject.org/anti-censorship-domain-shadowing

What is Domain Shadowing?

Domain shadowing is a new censorship circumvention technique that uses Content Distribution Networks (CDNs) as its leverage to achieve its goal, which is similar to domain fronting. However, domain shadowing works completely differently from domain fronting and is stronger in terms of blocking-resistance.

Compared to domain fronting, one big difference among many is that the user in domain shadowing is in charge of the whole procedure. In other words, the complete system can be solely configured by the user without necessary assistance from neither the censored website nor an anti-censorship organization.

Find out more about Domain Shadowing on our blog, in a guest post from Mingkui Wei.

New Releases

Tor Browser 10.5a15

https://blog.torproject.org/new-release-tor-browser-105a15

(April 26) This version updates Firefox to 78.10esr and Fenix to 88.1.1. In addition, Tor Browser 10.5a15 updates Tor to 0.4.6.2-alpha. This version includes important security updates to Firefox for Desktop and security updates for Android.

Tor Browser 10.0.16

https://blog.torproject.org/new-release-tor-browser-10016 (April 20) This version updates Firefox to 78.10esr. In addition, Tor Browser 10.0.16 updates NoScript to 11.2.4, and adds localization in Burmese. This version includes important security updates to Firefox for Desktop.

Tor 0.4.6.2-alpha

https://blog.torproject.org/node/2018 (April 15) Tor 0.4.6.2-alpha is the second alpha in its series. It fixes several small bugs in previous releases, and solves other issues that had enabled denial-of-service attacks and affected integration with other tools.

Tor Browser 10.5a14

https://blog.torproject.org/new-release-tor-browser-105a14 (April 13) This release updates NoScript to 11.2.4 and updates the Snowflake pluggable transport. This release is the first version that is localized in Burmese, as well.

Tor Browser 10.5a13

https://blog.torproject.org/new-release-tor-browser-105a13 (April 5) This release updates Firefox to 78.9.0esr for desktop and Firefox for Android to 87.0.0. Additionally, we update Tor to 0.4.6.1-alpha and OpenSSL to 1.1.1k and NoScript to 11.2.3. This release includes important security updates to Firefox for Desktop, and similar important security updates to Firefox for Android.

What We're Reading

Join Our Community

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/

Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet

Learn about more opportunities to start collaborating: https://community.torproject.org/

Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org

-- The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject Facebook: https://facebook.com/torproject Instagram: https://instagram.com/torproject Mastodon: http://mastodon.social/@torproject

"TLS certificates for onion sites, new Onion Guide, & petition to ban biometric surveillance"

Published on 2021-03-31

Get a TLS certificate for your onion site

https://blog.torproject.org/tls-certificate-for-onion-site

We are happy to share the news of another important milestone for .onion services! You can now get DV certificates for your v3 onion site using HARICA (https://www.harica.gr/Contact/GetHarica), a Root CA Operator founded by Academic Network (GUnet) (https://www.gunet.gr/en/), a civil society nonprofit from Greece.

Previously, .onion site administrators who needed a TLS certificate had to either hack other solutions or spend a significant amount of money purchasing an EV certificate. Now with HARICA, acquiring a certificate has become more accessible, but we know that free certificates are ideal and are looking forward to that moment.

We are happy to see people acquiring certificates for their onions (https://www.reddit.com/r/onions/comments/lwaccm/harica_ca_now_supports_issuance_of_dv_onion/). Remember to do it for a v3 onion address since v2 will be deprecated very soon (https://blog.torproject.org/v2-deprecation-timeline)! Read more about getting your own certificate for your onion on your blog (https://blog.torproject.org/tls-certificate-for-onion-site).

Sign now: European initiative for a ban on biometric mass surveillance

https://blog.torproject.org/sign-to-reclaim-your-face

The “Reclaim Your Face” coalition (https://reclaimyourface.eu) has launched a European Citizens’ Initiative for a ban on biometric mass surveillance. European Digital Rights (EDRi) and more than fifty organizations are calling to sign the petition. One million signatures must be collected in at least seven EU countries within one year. Read more and sign the petition. (https://blog.torproject.org/sign-to-reclaim-your-face)

Onionize your Workflow with the Onion Guide Fanzine

https://blog.torproject.org/onionize-your-workflow

One way we help human rights defenders and organizations take back their right to privacy online is by helping them to use and set up onion services.

Last year, thanks to the support of Digital Defenders Partnership (https://www.digitaldefenders.org/), we wrote a series of Onion Guides intended to make it easier for our partners to correctly and safely set up their own onion services. To create these Onion Guides, we collected and improved existing disparate information about the benefits of onion services and how to set them up for a website.

You can learn more about the new Onion Guides on our blog (https://blog.torproject.org/onionize-your-workflow) and find the Onion Guide in our community portal (https://community.torproject.org/onion-services/), well as the section on Onion Services in English (https://community.torproject.org/static/images/outreach/print/onion-guide-fanzine-EN.pdf), Spanish (https://community.torproject.org/static/images/outreach/print/onion-guide-fanzine-ES.pdf) and Portuguese (https://community.torproject.org/static/images/outreach/print/onion-guide-fanzine-PT_BR.pdf). Feel free to use it to set up your own .onion site, and let us know how it works for you!

How to contribute to the Tor metrics timeline

https://blog.torproject.org/contribute-to-tor-metrics-timeline

The metrics timeline (https://gitlab.torproject.org/tpo/metrics/timeline) is a database of news and events that may affect Tor Metrics (https://metrics.torproject.org/) graphs. This post is about how you can contribute to the timeline and help keep it up to date.

A timeline of events helps in interpreting graphs. For example, you may look at a graph and ask, "Why did the number of Tor users in Sri Lanka increase for a week in 2018?"

Checking the timeline, we find that at that time in Sri Lanka there was a block of Facebook and other services. A likely explanation for the increase of users is that people were using Tor to access the blocked services.

The metrics timeline is useful but incomplete—for example, it tends to only include events that make international news. Some past events have a start date but are missing an end date. And some events mark unusual graph features, but do not have an explanation. You can help the Tor Project and people trying to understand use of the Tor network by contributing your knowledge to the metrics timeline. Read more about contributing to the Tor metrics timeline (https://blog.torproject.org/contribute-to-tor-metrics-timeline).

New Releases

Tor Browser 10.0.14

https://blog.torproject.org/new-release-tor-browser-10014 (March 24) This version updates Desktop Firefox to 78.9.0esr. In addition, Tor Browser 10.0.14 updates NoScript to 11.2.3, and Tor to 0.4.5.7.

Tor Browser 10.5a12 (Android Only)

https://blog.torproject.org/new-release-tor-browser-105a12 (March 21) This release updates Fenix to 87.0.0-beta.2. Additionally, we update NoScript to 11.2.3 and Tor to 0.4.6.1-alpha.

Tor 0.4.6.1-alpha

https://blog.torproject.org/node/2011 (March 18) Tor 0.4.6.1-alpha is the first alpha release in the 0.4.6.x series. It improves client circuit performance, adds missing features, and improves some of our DoS handling and statistics reporting. It also includes numerous smaller bugfixes.

Tor 0.3.5.14, 0.4.4.8, and 0.4.5.7

https://blog.torproject.org/node/2009 (March 16) These releases fix a pair of denial-of-service issues. We recommend that everybody upgrade to one of the releases that fixes these issues (0.3.5.14, 0.4.4.8, or 0.4.5.7) as they become available to you.

Tor Browser 10.0.13 (Linux Only)

https://blog.torproject.org/new-release-tor-browser-10013 (March 3) This version fixes instability on some Linux distributions.

What We're Reading

"Amazon Delivery Drivers Forced to Sign ‘Biometric Consent’ Form or Lose Job," VICE. (https://www.vice.com/en/article/dy8n3j/amazon-delivery-drivers-forced-to-sign-biometric-consent-form-or-lose-job)

"#KeepItOn: Internet shutdowns only cause harm," Business & Human Rights Resource Centre. (https://www.business-humanrights.org/en/blog/keepiton-internet-shutdowns-only-cause-harm/)

"TikTok vs Douyin A Security and Privacy Analysis," Citizen Lab. (https://citizenlab.ca/2021/03/tiktok-vs-douyin-security-privacy-analysis/)

"How to get affordable DV certificates for onion sites," Help Net Security. (https://www.helpnetsecurity.com/2021/03/26/how-to-get-affordable-dv-certificates-for-onion-sites/)

"T-Mobile to Share Customers' Web Browsing Data With Advertisers Unless They Opt Out," PCMag. (https://uk.pcmag.com/networking/132169/t-mobile-to-share-customers-web-browsing-data-with-advertisers-unless-they-opt-out)

"California bans ‘dark patterns’ that trick users into giving away their personal data," The Verge. (https://www.theverge.com/2021/3/16/22333506/california-bans-dark-patterns-opt-out-selling-data)

Join Our Community

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/

Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet

Learn about more opportunities to start collaborating: https://community.torproject.org/

Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org

Learning more about our users

Published on 2021-02-28

Learning more about our users with a Tor Browser User Survey

https://blog.torproject.org/learning-more-about-tor-users

At the Tor Project we practice user-centered design. This means we put our users at the heart of our development process, making a conscious effort to understand the contexts in which people use our tools and paying particular attention to the bumps they encounter along the way.

Many digital product companies rely heavily on data gathered from invasive tracking scripts to better understand their users’ behavior, further fueling the surveillance economy. However that’s not how we do things at Tor – instead, we aim to conduct research that respects the basic principles of privacy and consent: https://blog.torproject.org/strength-numbers-usable-tools-dont-need-be-invasive.

To learn more about our users, we launched a new Tor Browser User Survey: https://survey.torproject.org/index.php/217469?lang=en, also available via onion service: http://bogdyardcfurxcle.onion/index.php/217469?lang=en. We'd love to get your feedback! You can learn more about this survey, how it came about, and other opportunities to get involved in UX at Tor on our blog: https://blog.torproject.org/learning-more-about-tor-users.

Anonymous GitLab Ticketing: An Exciting New Project at Tor

https://blog.torproject.org/anonymous-gitlab

Currently, before making a bug report to one of Tor’s repos, users must sign up for a GitLab account via the TicketLobby (https://gitlab.onionize.space/). Although this is the right approach for many users, it has its limitations.

A new project, the anonymous ticketing portal, is designed to circumvent these limitations, resulting in more complete, private bug reporting, and includes the following features:

  • Lightning-fast, anonymous (and lazy) user interface
  • Tor-flavored, data-packed, familiar project and issue views
  • Super-powered SuperUsers

A test instance of this project is currently live at https://anonticket.onionize.space/, or you can see the repo itself at https://gitlab.torproject.org/tpo/tpa/anon_ticket.

Read more about the anonymous GitLab ticketing system on our blog: https://blog.torproject.org/anonymous-gitlab.

Tor in the Media: 2020

https://blog.torproject.org/tor-media-2020

This year, we’re continuing a new tradition of reviewing media and news stories that mentioned Tor and the Tor Project. Our goal is to highlight what is changing (or not) in the conversation about privacy and censorship, as well as identifying the ways the media discusses Tor in the context of these challenges.

Read our review of Tor in the media in 2020 on our blog: https://blog.torproject.org/tor-media-2020.

Bug Smash Fund, Year 2: Progress So Far!

https://blog.torproject.org/tor-bug-smash-fund-yr2-progress

Last August, we asked you to help us fundraise during our second annual Bug Smash Fund campaign (https://blog.torproject.org/tor-bug-smash-fund-2020-106K-raised). This fund is designed to grow a healthy reserve earmarked for maintenance work, finding bugs, and smashing them—all tasks necessary to keep Tor Browser, the Tor network, and the many tools that rely on Tor strong, safe, and running smoothly.

We want to share an update! Read about the work made possible with the Bug Smash Fund on our blog: https://blog.torproject.org/tor-bug-smash-fund-yr2-progress.

New Releases

Tor Browser 10.5a11

https://blog.torproject.org/new-release-tor-browser-105a11 This release updates Firefox to 78.8.0esr for desktop and Firefox for Android to 86.1.0. Additionally, we update Tor to 0.4.5.6 and OpenSSL to 1.1.1j.

Tor Browser 10.0.12

https://blog.torproject.org/new-release-tor-browser-10012 This version updates Desktop Firefox to 78.8.0esr and Android Firefox to 86.1.0. In addition, Tor Browser 10.0.12 updates NoScript to 11.2.2, Openssl to 1.1.1j, and Tor to 0.4.5.6.

Tor 0.4.5.6

https://blog.torproject.org/node/2000 This release series introduces significant improvements in relay IPv6 address discovery, a new "MetricsPort" mechanism for relay operators to measure performance, LTTng support, build system improvements to help when using Tor as a static library, and significant bugfixes. The Tor 0.4.5.x release series is dedicated to the memory of Karsten Loesing (1979-2020), Tor developer, cypherpunk, husband, and father.

Tor Browser 10.5a10 (Windows Only)

https://blog.torproject.org/new-release-tor-browser-105a10 This version updates Firefox to 78.7.1esr for Windows. This release includes important security updates to Firefox.

Tor Browser 10.5a9 (Android Only)

https://blog.torproject.org/new-release-tor-browser-105a9 This release updates Fenix to 86.0.0-beta.2. Additionally, we update NoScript to 11.2 and HTTPS Everywhere to 2021.1.27.

Tor Browser 10.0.11 (Windows Only)

https://blog.torproject.org/new-release-tor-browser-10011 This version updates Firefox to 78.7.1esr for Windows. This release includes important security updates to Firefox.

Tor Browser 10.0.10

https://blog.torproject.org/new-release-tor-browser-10010 This version increases the availability of version 3 (v3) onion services. The fix is included in the recently released stable tor versions, as well.

Tor 0.3.5.13, 0.4.3.8, and 0.4.4.7

https://blog.torproject.org/node/1990

Tor 0.4.4.7 backports numerous bugfixes from later releases, including one that made v3 onion services more susceptible to denial-of-service attacks, and a feature that makes some kinds of DoS attacks harder to perform.

Tor 0.4.5.5-rc

https://blog.torproject.org/node/1989

Tor 0.4.5.5-rc is the third release candidate in its series. This release fixes an annoyance with address detection code, and somewhat mitigates an ongoing denial-of-service attack.

We're Hiring

Metrics Data Architect The person in this position will work directly with helping us maintain existing systems, and design new systems for gathering and analyzing data. They will help the rest of the teams understand the data available to improve our tools as well as the Tor network's health. Read the full job description: https://www.torproject.org/about/jobs/metrics-data-architect/

Anti-Censorship Software Developer This developer will be tasked with improving the user experience and process of finding alternate routes to the Tor network when global censorship events block access to the Tor network. A personal commitment to free and open source software and the application of advanced programming skills for the greater good is essential. Read the full job description. https://www.torproject.org/about/jobs/software-developer-anticensorship/

What We're Reading

"Why you should care about data privacy even if you have “nothing to hide”," Vox. (https://www.vox.com/recode/22250897/facebook-data-privacy-collection-algorithms-extremism)

"South Sudan: Rampant abusive surveillance by NSS instils climate of fear," Amnesty International. (https://www.amnesty.org/en/latest/news/2021/02/south-sudan-abusive-surveillance-by-national-security-service-climate-of-fear/)

"Private dollars are seeding surveillance tech across the US," Smart Cities Dive. (https://www.smartcitiesdive.com/news/private-dollars-are-seeding-surveillance-tech-across-the-us/594615/)

"There Are Spying Eyes Everywhere—and Now They Share a Brain," Wired. (https://www.wired.com/story/there-are-spying-eyes-everywhere-and-now-they-share-a-brain/)

"Amazon says government demands for user data spiked by 800% in 2020," TechCrunch. (https://techcrunch.com/2021/02/01/amazon-government-demands-spiked/)

"Spotify patents tech to recommend songs based on users' speech, emotion," Axios. (https://www.axios.com/spotify-patent-users-speech-recommend-music-6c5ce99d-ca0f-4457-9b87-9d27fcc35527.html)

Join Our Community

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/

Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet

Learn about more opportunities to start collaborating: https://community.torproject.org/

Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org

-- The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject

Facebook: https://facebook.com/torproject

Instagram: https://instagram.com/torproject

Mastodon: http://mastodon.social/@torproject

2020 Fundraising Results: Thank You!

Published on 2021-01-29

2020 Fundraising Results: Thank You!

https://blog.torproject.org/use-a-mask-use-tor-thank-you

We are pleased to announce that in 2020, despite the cancellations of in-person events and the sharp decrease in individual donations we saw at the beginning of the pandemic, you helped us to raise $913,110 from individuals, more than any calendar year in the Tor Project’s history. You contributed $376,315 of this figure during the end-of-year campaign—this includes the generous $100,000 match by the Friends of Tor. (That’s a 19% increase over last year’s year-end campaign.)

Thank you to everyone who made a donation in 2020! You make it possible to resist the surveillance pandemic. You’ve made it possible for the Tor Project and the tools we support to survive a very difficult time, and to prepare for 2021 with ambitious plans.

Vist the blog for more details about the details of Tor's fundraising in 2020, and what we have prepared for 2021: https://blog.torproject.org/use-a-mask-use-tor-thank-you

The state of IPv6 support on the Tor network

https://blog.torproject.org/state-of-ipv6-support-tor-network

In our last article, published in RIPE's website, (https://labs.ripe.net/Members/tor_grants/a-look-into-the-tor-network-work-on-supporting-ipv6) we described the work that happened in 2020 related to giving IPv6 support (https://blog.torproject.org/ipv6-future-i-hear) to the Tor network.

Tor 0.4.5.1-alpha (https://blog.torproject.org/node/1949) is the first release that includes all the work described in the RIPE article. Relays running 0.4.5.1-alpha are the first to report IPv6 bandwidth statistics.

As of December 2, 2020, 54% of the relays on the network run a version of Tor that supports IPv6. Of the 6852 relays in the network, 3587 are running version 0.4.4 (https://metrics.torproject.org/versions.html) and 8 relays are running the latest Tor version 0.4.5 (https://blog.torproject.org/node/1958). From all those, 1588 are announcing an IPv6 address and port for the OR protocol. 1587 relays are reachable on IPv6 by the directory authorities. 626 permit exiting to IPv6 targets (https://metrics.torproject.org/relays-ipv6.html).

Read more about the state of IPv6 on the Tor network on our blog: https://blog.torproject.org/state-of-ipv6-support-tor-network

In memoriam of Karsten Loesing

blog.torproject.org/in-memoriam-of-karsten-loesing

It's with deep sorrow that we share that our dear friend, colleague, and Tor core contributor Karsten Loesing passed away on the afternoon of Friday, December 18, 2020. No one is prepared for such an unimaginable loss. Our deepest sympathies go to Karsten's family at this moment, his wife and his children.

We all loved him and his contribution to the Tor Project will always be remembered from the depth of our hearts. We will be dedicating our next release of core tor to Karsten's memory.

Rest in peace, Karsten.

New Releases

Tor Browser 10.0.9

https://blog.torproject.org/new-release-tor-browser-1009

This release updates Firefox to 78.7.0esr for desktop and Firefox for Android to 85.1.0. This release includes important security updates to Firefox for Desktop, and similar important security updates to Firefox for Android.

Tor Browser 10.5a8

https://blog.torproject.org/new-release-tor-browser-105a8

This release updates Firefox to 78.7.0esr for desktop and Firefox for Android to 85.1.0. Additionally, we update Tor to 0.4.5.4-rc. This release includes important security updates to Firefox for Desktop, and similar important security updates to Firefox for Android.

Tor 0.4.5.4-rc

https://blog.torproject.org/node/1973

Tor 0.4.5.4-rc is the second release candidate in its series. It fixes several bugs present in previous releases. We expect that the stable release will be the same, or almost the same, as this release candidate, unless serious bugs are found.

Tor Browser 10.5a7

https://blog.torproject.org/new-release-tor-browser-105a7

This release updates Firefox to 78.6.1esr for desktop and Firefox for Android to 85.0.0-beta.7. Additionally, we update Tor to 0.4.5.3-rc. This versions also fixes a crash seen by macOS users on the new M1 processor.

Tor Browser 10.0.8

https://blog.torproject.org/new-release-tor-browser-1008

This release updates Firefox for desktops to 78.6.1esr and Firefox for Android to 84.1.4. This version resolves instability on Apple macOS devices with the new M1 processor.

Tor 0.4.5.3-rc

https://blog.torproject.org/node/1969

Tor 0.4.5.3-rc is the first release candidate in its series. It fixes several bugs, including one that broke onion services on certain older ARM CPUs, and another that made v3 onion services less reliable.

Upcoming Events with Tor

No upcoming events.

What We're Reading

"Tor Project’s crypto donations increased 23% in 2020," Coin Telegraph. (https://cointelegraph.com/news/tor-project-s-crypto-donations-increased-23-in-2020)

"Encryption is vital for attorney-client privilege in the digital era, and lawyers should fight for it," Access Now. (https://www.accessnow.org/encryption-attorney-client-privilege/)

"100 hours in the dark: How an election internet blackout hit poor Ugandans," Thomson Reuters Foundation. (https://news.trust.org/item/20210120134502-2jnhz/)

"You watch TV. Your TV watches back," The Washington Post. (https://www.washingtonpost.com/technology/2019/09/18/you-watch-tv-your-tv-watches-back/)

"Leaked Location Data Shows Another Muslim Prayer App Tracking Users," VICE. (https://www.vice.com/en/article/xgz4n3/muslim-app-location-data-salaat-first)

"DuckDuckGo surpasses 100 million daily search queries for the first

--

The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

Twitter: https://twitter.com/torproject

Facebook: https://facebook.com/torproject

Instagram: https://instagram.com/torproject

Mastodon: http://mastodon.social/@torproject

Tor in 2021, from Trac to Gitlab, PrivChat #3

Published on 2020-12-21

Looking Forward: Tor in 2021

https://blog.torproject.org/tor-in-2021

This year has been difficult for all of us. As individuals, we’ve had to adapt to the new normal of COVID-19, and as an organization, the Tor Project also had to adapt to our “new normal” after we made the difficult decision to let go of one third of our organization. Although challenging, we have managed to reorganize in order to meet the goals we originally set for 2020, and now, it’s time to look forward to 2021.

We have shared many of our goals for the next year, including addressing the "Tor is too slow" complaint, supporting the relay operator community, improving network health, developing a Rust Tor implementation, & unblocking Tor through outreach. Read more about our plans from our executive director, Isabela Bagueros: https://blog.torproject.org/tor-in-2021

Moving Tor from Trac to Gitlab

https://blog.torproject.org/node/1957

Tor had been using Trac (https://trac.torproject.org) until June 2020, when we moved to our self-hosted instance of Gitlab administered by the Tor sysadmin team (https://gitlab.torproject.org). We're hoping Gitlab will be a good fit because:

  • Gitlab will allow us to collect our different engineering tools into a single application: Git repository handling, Wiki, Issue tracking, Code reviews, and project management tooling.
  • Gitlab is well-maintained, while Trac plugins are not well maintained and Trac itself hasn't seen a release for over a year (since 2019).
  • Gitlab will allow us to build a more modern approach to handling Continuous Integration for our different projects.

We spent several months fixing and testing problems on data migration, from formatting issues to addressing where the information that lived in Trac should live in Gitlab. We tested the Gitlab instance with a few projects until we jumped into migrating all data from Trac. You can read more about this migration process on our blog: https://blog.torproject.org/node/1957

Watch PrivChat #3 with Edward Snowden

https://torproject.org/privchat

For our third edition of PrivChat on December 11, we brought together some real-life Tor users who shared how Tor has been important for them and their work to defend human rights and freedoms around the world.

Hosted by Edward Snowden, PrivChat featured technologist and privacy researcher Ramy Raoof, librarian and founder of Library Freedom Project, Alison Macrina, and Africa Policy Manager and Global Internet Shutdowns Lead at Access Now, Berhan Taye.

Watch the full PrivChat: Advancing Human Rights with Tor (https://www.youtube.com/watch?v=S2N3GoewgC8), and be on the lookout for our next PrivChat in 2021.

Anti-censorship team report: November 2020

https://blog.torproject.org/anti-censorship-november-2020

Tor's anti-censorship team writes monthly reports to keep the world updated on its progress. This blog post summarizes the anti-censorship work we got done in November 2020. Let us know if you have any questions or feedback!

New Releases

Upcoming Events with Tor

Join Our Community

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/

Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet

Learn about more opportunities to start collaborating: https://community.torproject.org/

Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org

Double your donation, PrivChat with Snowden, State of the Onion

Published on 2020-11-30

Use a Mask, Use Tor: Friends of Tor Matching Donations

https://blog.torproject.org/friends-of-tor-match-2020

Every dollar donated to the Tor Project now through December 31, up to $100,000, will be matched by Friends of Tor (https://torproject.org/donate/donate-usetor-tn-fot). That means your donation will be doubled. We’re able to offer this match because of generous folks in our community who believe in Tor, privacy online, and the work to resist the surveillance pandemic.

Make a donation today and your gift will be matched, 1:1: https://torproject.org/donate/donate-usetor-tn-fot

Meet the Friends of Tor who generously came forward to make this match possible on our blog: https://blog.torproject.org/friends-of-tor-match-2020

You're Invited: PrivChat with Edward Snowden

The Tor Project's main mission is to advance human rights and freedoms by creating and deploying free and open source anonymity and privacy technologies. People use our technology, namely the Tor network and Tor Browser, in diverse ways. Tor is used by whistleblowers who need a safe way to bring to light information about wrongdoing -- information that is crucial for society to know -- without sharing their identity. Tor is used by activists around the world who are fighting against authoritarian governments and to defend human rights, not only for their safety and anonymity, but also to circumvent internet censorship so their voices can be heard.

For our third edition of PrivChat (https://torproject.org/privchat), we are bringing you some real-life Tor users who will share how Tor has been important for them and their work to defend human rights and freedoms around the world. Hosted by Edward Snowden, featuring technoligist and privacy research Ramy Raoof and librarian and founder of Library Freedom Project, Alison Macrina.

Join us for PrivChat: Advancing Human Rights with Tor on December 11 at 18:00 UTC, 13:00 Eastern, 10:00 Pacific: https://www.youtube.com/watch?v=S2N3GoewgC8

State of the Onion: Tor & Community Updates from 2020

https://www.youtube.com/watch?v=IyWyTypRGWQ

Every year people from the Tor Project and its communities present the State of the Onion, a compilation of updates from our different projects, at conferences around the world. We use this opportunity to talk about highlights of the work we’ve accomplished during the year and what we are excited about in the upcoming year.

With COVID-19 pandemic this year, we didn’t have the chance to ‘tour’ our State of the Onion during any face-to-face conferences. So we decided to bring the State of the Onion to you in virtual format.

We invite you to watch the full recording of State of the Onion 2020 on YouTube (https://www.youtube.com/watch?v=IyWyTypRGWQ). Our blog outlines the full program and who took part in the event (https://blog.torproject.org/state-of-the-onion-2020).

Transparency, Openness, and Our 2018 and 2019 Finances

https://blog.torproject.org/transparency-openness-and-our-2018-and-2019-financials

We publish all of our related tax documents for transparency (https://www.torproject.org/about/reports/). After completing standard audits for 2017-2018 and for 2019, our federal tax filings and audits for the last two years are available in full on our website. We've outlined some observations to help you read through the 2018 and 2019 financial documents on our blog: https://blog.torproject.org/transparency-openness-and-our-2018-and-2019-financials.

Digital security tools for human rights defenders

https://blog.torproject.org/hrd-amazon-training

Since July 2020, Narrira Lemos has been working with the Tor Project as a Bertha Fellow (https://berthafoundation.org/bertha-challenge/) to strengthen and promote digital security among individuals and organizations in the Amazonian region of Brazil, where she works with the technological challenges of the people who live there fighting to protect forests. On the blog, Nah outlines her work with rural communities, the impact of the pandemic, and how these human rights defenders use Tor Browser and other digital security tools: https://blog.torproject.org/hrd-amazon-training.

New Releases

Tor 0.4.5.2-alpha https://blog.torproject.org/node/1958 Tor 0.4.5.2-alpha is the second alpha release in the 0.4.5.x series. It fixes several bugs present in earlier releases, including one that made it impractical to run relays on Windows. It also adds a few small safety features.

Tor Browser 10.5a4 https://blog.torproject.org/new-release-tor-browser-105a4 This release updates Firefox to 78.5.0esr for desktop and Fenix to 83.0 for Android. Additionally, we update Tor to 0.4.5.1-alpha. This release includes important security updates both for desktop and Android users.

Tor Browser 10.0.5 (Only Desktop) https://blog.torproject.org/new-release-tor-browser-1005 This release updates Firefox to 78.5.0esr and updates Tor to 0.4.4.6. This release includes important security updates to Firefox.

Tor Browser 10.5a3 https://blog.torproject.org/new-release-tor-browser-105a3 Tor Browser 10.5a3 updates NoScript to 11.1.5 and libevent to 2.1.12. This release includes important security updates to Firefox.

Tor 0.3.5.12, 0.4.3.7, and 0.4.4.6 https://blog.torproject.org/node/1952 Tor 0.4.4.6 is the second stable release in the 0.4.4.x series. It backports fixes from later releases, including a fix for TROVE-2020- 005, a security issue that could be used, under certain cases, by an adversary to observe traffic patterns on a limited number of circuits intended for a different relay.

Tor Browser 10.0.4 https://blog.torproject.org/new-release-tor-browser-1004 This release updates NoScript to 11.1.5 and includes an important security update to Firefox.

Tor Browser 10.0.3 (Android Only) blog.torproject.org/new-release-tor-browser-1003 After many months of design and development we are very happy to announce the release of Tor Browser 10.0.3 for Android. This is the first Android Tor Browser version in the stable 10.0 series. The Desktop version was released at the end of September. We began working on this project in April 2020 with the goal of rebuilding the Android Tor Browser on top of Mozilla's new Android Firefox Browser, Fenix. Over the last six months, we successfully achieved this goal and we reached feature parity with the previous Android Tor Browser version.

What We're Reading

"Browsing internet 'safely' on Android phones becomes easier with this new app," India Times. https://timesofindia.indiatimes.com/gadgets-news/browsing-internet-safely-on-android-phones-becomes-easier-with-this-new-app/articleshow/79013318.cms

"How Police Can Crack Locked Phones—and Extract Information," Wired. https://www.wired.com/story/how-police-crack-locked-phones-extract-information/

"The best way to fight election disinformation is to fight surveillance capitalism," Fight for the Future. https://fightfortheftr.medium.com/the-best-way-to-fight-election-disinformation-is-to-fight-surveillance-capitalism-d5d835683a9e

"Crypto Wallet Trezor Incorporates ‘Tor Switch' in its Desktop App for Increased Privacy," Bitcoin Exchange Guide. https://bitcoinexchangeguide.com/crypto-wallet-trezor-incorporates-tor-switch-in-its-desktop-app-for-increased-privacy/

"How the U.S. Military Buys Location Data from Ordinary Apps," Motherboard. https://www.vice.com/en/article/jgqm5x/us-military-location-data-xmode-locate-x

"Tor Project rolls out program to turbo-charge network throughput," The Daily Swig. https://portswigger.net/daily-swig/tor-project-rolls-out-program-to-turbo-charge-network-throughput

"'Incognito Mode' Is Actually Pretty Useless," VICE. https://www.vice.com/en/article/y3gzgb/incognito-mode-is-actually-pretty-useless

Upcoming Events with Tor

(ICYMI) Anonymity loves Diversity: The Case of Tor (Foss-North), November 1st, 2020. https://youtu.be/lBjZOvA2kF4

(ICYMI) State of the Onion: Tor & Community Updates from 2020, November 16, 2020. https://www.youtube.com/watch?v=IyWyTypRGWQ

Join Our Community

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/

Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet

Learn about each of our teams and start collaborating: https://gitlab.torproject.org/tpo/team#Teams

Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org

Use a Mask, Use Tor; Tor Browser & Onion Services; Localization Hackathon

Published on 2020-10-29

Use A Mask, Use Tor: Resist the Surveillance Pandemic

https://blog.torproject.org/use-a-mask-use-tor

As many friends and followers of Tor know by now, we spend the final weeks of each year asking for your help as part of our year-end fundraising campaign (https://torproject.org/donate/donate-usetor-tn1). This year hasn't been a normal year at all, not for Tor and not for the rest of the world.

For our 2020 campaign, we wanted a theme that conveys a positive message and speaks to the power of community action. That’s why we decided on the theme Use a Mask, Use Tor.

To put it simply, using a mask keeps yourself and your communities safe in person. Using Tor keeps yourself and your communities safe online. Both tools help to conceal your identity, can break systems of surveillance, and their widespread use can promote the health of communities while undermining the power of systems bent on dividing us. Using a mask and using Tor helps us stand in solidarity with one another.

Use a mask, use Tor. And now, use your Tor mask! Make a donation of $50 and receive a limited-edition Tor mask: https://torproject.org/donate/donate-usetor-tn1

Every donation made from now through the end of 2020 will count towards our year-end campaign. Be on the lookout for events, giveaways, and new merch available from now until December 31. Read more about the campaign on our blog: https://blog.torproject.org/use-a-mask-use-tor

Tor Browser and Onion Services: Challenges and Opportunities

https://blog.torproject.org/tor-brower-onion-services-challenges-opportunities

Maintaining a browser like Tor Browser has its challenges but also its rewards. It allows us to reach faster adoption of important technologies like onion services, providing a more secure browsing experience for all Tor users. Improving the treatment of onion services on the browser side, however, comes with its own challenges both for users and service providers and it is important to reflect on those as a requirement for future growth.

Thus, we feel it is time to take stock and outline the steps we have taken over the years to improve the user experience and adoption of onion services, the challenges we faced and continue to face, and what the future might look like.

Check out our blog post for how we got where we are today, our challenges, and what's next for Tor Browser and onion services: https://blog.torproject.org/tor-brower-onion-services-challenges-opportunities

Join the Tor Localization Hackathon November 6 - 9

https://blog.torproject.org/tor-l10n-hackathon

Between November 6 and 9, the Tor Project and Localization Lab (https://www.localizationlab.org/) will host the first edition of Tor Project's localization hackathon, the Tor L10n Hackathon. A hackathon is an event where a community hangs out and works together to update, fix, and collaborate on a project. The L10n Hackathon is a totally remote and online event.

In this localization hackathon we're going to work exclusively on the localization of our latest resource, the Tor Community portal. Find out how to join the hackathon on our blog: https://blog.torproject.org/tor-l10n-hackathon

Anti-censorship team report: September 2020

https://blog.torproject.org/anti-censorship-september-2020

Tor's anti-censorship team writes monthly reports to keep the world updated on its progress. This blog post summarizes the anti-censorship work we got done in September 2020. Let us know if you have any questions or feedback!

New Releases

Tor Browser 10.0a9 (Android Only) https://blog.torproject.org/new-release-tor-browser-100a9 Tor Browser 10.0a9 ships with Fenix 82.1.1. As this is the second alpha version based on Fenix we expect more bugs than usual. Please report them (with steps to reproduce), either on our blog or on Gitlab, or essentially with any other means that would reach us. We are in particular interested in potential proxy bypasses which our proxy audit missed.

Tor Browser 10.5a2 https://blog.torproject.org/new-release-tor-browser-105a2 Tor Browser 10.5a2 ships with Firefox 78.4.0esr, updates NoScript to 11.1.3, and OpenSSL to 1.1.1h. This release includes important security updates to Firefox. Tor Browser 10.5 does not support CentOS 6.

Tor Browser 10.0.2 https://blog.torproject.org/new-release-tor-browser-1002 This release updates Firefox to 78.4.0esr and NoScript to 11.1.3. This release includes important security updates to Firefox. Now Javascript on the Safest security level is governed by NoScript again.

Tor Browser 10.0.1 https://blog.torproject.org/new-release-tor-browser-1001 This release updates NoScript to 11.1.1 and fixes some bugs, including the issue of watching Youtube videos on Windows.

Tor Browser 10.0a8 (Android Only) https://blog.torproject.org/new-release-tor-browser-100a8 We are happy to announce the first alpha for Android users based on Fenix 81. The Desktop version was released at the end of September. Over the last four months we adjusted our toolchains, finished our proxy audit, re-implemented the user interfaces, and fixed a lot of issues that came down on us due to the switch from Firefox 68esr to Fenix.

What We're Reading

"The Police Can Probably Break Into Your Phone," The New York Times. https://www.nytimes.com/2020/10/21/technology/iphone-encryption-police.html

"Onions on the side: Tracking Tor availability for reader privacy on major news sites," Freedom of the Press Foundation. https://freedom.press/news/onions-side-tracking-tor-availability-reader-privacy-major-news-sites/

"Amazon Unveils Drone That Films Inside Your Home. What Could Go Wrong?" The New York Times. https://www.nytimes.com/2020/09/24/technology/amazon-ring-drone.html

"Bitcoin's Next Upgrade Will Support Tor V3 Addresses," Decrypt. https://decrypt.co/44640/bitcoins-next-upgrade-will-support-tor-v3-addresses

"CBP Bought 'Global' Location Data from Weather and Game Apps," Motherboard. https://www.vice.com/en/article/n7wakg/cbp-dhs-location-data-venntel-apps

"Introducing Onion Names for SecureDrop," SecureDrop. https://securedrop.org/news/introducing-onion-names-securedrop/

"Google is giving data to police based on search keywords, court docs show," CNet. https://www.cnet.com/news/google-is-giving-data-to-police-based-on-search-keywords-court-docs-show/

Upcoming Events with Tor

Anonymity loves Diversity: The Case of Tor (Foss-North), November 1st, 2020 @ 16:00 - 17:00 (CET). https://blog.torproject.org/foss-north-2020

Tor Localization Hackathon, November 6 - 9, 2020. https://blog.torproject.org/node/1946

State of the Onion: Tor & Community Updates from 2020, November 16, 2020 @ 16:00 - 18:00 UTC. https://blog.torproject.org/state-of-the-onion-2020

Tor Talk at GNU Health Conference 2020, November 20, 2020 https://blog.torproject.org/tor-ghcon-2020

Tor introduction @ LHC (Campinas), November 26 @ 23:00 UTC https://blog.torproject.org/tor-intro-lhc-2020

Join Our Community

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/

Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet

Learn about each of our teams and start collaborating: https://gitlab.torproject.org/tpo/team#Teams

Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org

Updates on the Tor Project’s Board and Censored Continent report

Published on 2020-09-29

Updates on the Tor Project’s Board

https://blog.torproject.org/welcome-new-tor-board-members

We would like to share some updates regarding the Tor Project’s Board. We had two members stepping down, Megan Price and Shari Steele, both provided great contributions for the Board that Tor will always be thankful for. And we are grateful to have them as supporters and friends of Tor.

To move forward we decided to invite two new members. We are happy to say both have accepted our invitation and joined the Board. Rabbi Rob, the founder and CEO of Team Cymru and Chelsea Komlo, cryptography and privacy researcher and engineer.

Tor’s Bug Smash Fund, Year 2: $106,709 Raised!

https://blog.torproject.org/tor-bug-smash-fund-2020-106K-raised

This August, we asked you to help us fundraise for our second annual Bug Smash Fund campaign. This fund is designed to grow a healthy reserve earmarked for maintenance work, finding bugs, and smashing them—all tasks necessary to keep Tor Browser, the Tor network, and the many tools that rely on Tor strong, safe, and running smoothly.

In 2019, we raised $86,081, half of which we raised in-person at DEFCON.

In 2020, despite the challenges of COVID-19 and event cancellations, you helped us to raise $106,709!

Censored continent: understanding the use of tools during information controls in Africa: Nigeria, Cameroon, Uganda, and Zimbabwe as case studies.

https://blog.torproject.org/icfp-otf-censored-continent

Between 2019 and 2020, the Tor Project has had the opportunity to serve as the host organization of OTF Information Controls Fellow, Babatunde Okunoye.

As part of his fellowship, Babatunde examined the use of Internet censorship circumvention tools in Cameroon, Nigeria, Uganda, and Zimbabwe, four countries in Africa with varying degrees of Internet censorship, including Internet bandwidth throttling, social media app restrictions, and website blocks. Interviews were done with 33 people, including students, civil society members, people in business, and teachers, revealing how communities mobilized to defeat censorship.

Anti-censorship team report: August 2020

https://blog.torproject.org/anti-censorship-august-2020

Tor's anti-censorship team writes monthly reports to keep the world updated on its progress. This blog post summarizes the anti-censorship work we got done in August 2020. Let us know if you have any questions or feedback!

GSoC 2020: Snowflake Proxy on Mobile

https://blog.torproject.org/gsoc-2020-snowflake-proxy-mobile

Every year the Tor Project hosts interns through programs like Outreachy and Google Summer of Code. Hashik worked with our anti-censorship team on bringing Snowflake proxy to Android. We are happy that Hashik had a great time at the Tor Project.

“Tor’s community is very welcoming; all the Tor core developers are down to earth, humble, and easy to approach for any technical difficulty. Any interested person can barge into their IRC channels and ask any question, and either the developers or the fellow folks in the community would answer our questions.”

New Releases

Tor 0.4.4.5 https://blog.torproject.org/node/1921 This series improves our guard selection algorithms, adds v3 onion balance support, improves the amount of code that can be disabled when running without relay support, and includes numerous small bugfixes and enhancements. It also lays the ground for some IPv6 features that we'll be developing more in the next (0.4.5) series.

Tor Browser 10 https://blog.torproject.org/new-release-tor-browser-100 Tor Browser 10 ships with Firefox 78.3.0esr, updates NoScript to 11.0.44, and Tor to 0.4.4.5. This release includes important security updates to Firefox. Android Tor Browser 10 is under active development and we are supporting the current 9.5 series for Android until the new one is ready. We are informed by Mozilla of any issues they learn about affecting the 9.5 series. We expect to release the new Tor Browser for Android based on Fenix in the following weeks.

Tails 4.11 https://blog.torproject.org/new-release-tails-411 This release fixes many security vulnerabilities. You should upgrade as soon as possible.

Tor Browser 10.0a7 https://blog.torproject.org/new-release-tor-browser-100a7 We are happy to announce the third alpha for desktop users based on Firefox 78 ESR. The Android version is under active development and will be available in the coming weeks.

Tor Browser 10.5a1 https://blog.torproject.org/new-release-tor-browser-105a1 Tor Browser 10.5a1 ships with Firefox 78.3.0esr, updates NoScript to 11.0.44, and Tor to 0.4.4.5.

What We're Reading

"Portland, Oregon, passes toughest ban on facial recognition in US," CNET. https://www.cnet.com/google-amp/news/portland-passes-the-toughest-ban-on-facial-recognition-in-the-us/

"We made the largest Mexican telecommunications operator stop blocking secure internet," GlobalVoices. https://globalvoices.org/2020/09/08/we-made-the-largest-mexican-telecommunications-operator-stop-blocking-secure-internet/

"Free VPNs are bad for your privacy," Tech Crunch. https://techcrunch.com/2020/09/24/free-vpn-bad-for-privacy/

"Trump cuts aid for pro-democracy groups in Belarus, Hong Kong and Iran," The Guardian. https://www.theguardian.com/us-news/2020/sep/24/trump-open-technology-fund-hong-kong-belarus-iran

"U.S. court: Mass surveillance program exposed by Snowden was illegal," Reuters. https://www.reuters.com/article/us-usa-nsa-spying/u-s-court-mass-surveillance-program-exposed-by-snowden-was-illegal-idUSKBN25T3CK

"Remote Learning During Pandemic Brings Privacy Risks," The Wall Street Journal. https://www.wsj.com/articles/remote-learning-during-pandemic-brings-privacy-risks-11599039000

"Zimbabwe’s Speedy Social Media Law Is Africa’s Latest Internet Censorship Plot," WT. https://weetracker.com/2020/08/31/zimbabwe-africa-social-media-laws/

"Private Intel Firm Buys Location Data to Track People to their 'Doorstep'," Motherboard. https://www.vice.com/en_us/article/qj454d/private-intelligence-location-data-xmode-hyas

Upcoming Events with Tor

Roger keynotes at CyberSec&AI, October 8, 2020. https://blog.torproject.org/node/1925

Join Our Community

Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/

Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet

Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams

Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org