Published on 2021-02-28
Learning more about our users with a Tor Browser User Survey
https://blog.torproject.org/learning-more-about-tor-users
At the Tor Project we practice user-centered design. This means we put our users at the heart of our development process, making a conscious effort to understand the contexts in which people use our tools and paying particular attention to the bumps they encounter along the way.
Many digital product companies rely heavily on data gathered from invasive tracking scripts to better understand their users’ behavior, further fueling the surveillance economy. However that’s not how we do things at Tor – instead, we aim to conduct research that respects the basic principles of privacy and consent: https://blog.torproject.org/strength-numbers-usable-tools-dont-need-be-invasive.
To learn more about our users, we launched a new Tor Browser User Survey: https://survey.torproject.org/index.php/217469?lang=en, also available via onion service: http://bogdyardcfurxcle.onion/index.php/217469?lang=en. We'd love to get your feedback! You can learn more about this survey, how it came about, and other opportunities to get involved in UX at Tor on our blog: https://blog.torproject.org/learning-more-about-tor-users.
Anonymous GitLab Ticketing: An Exciting New Project at Tor
https://blog.torproject.org/anonymous-gitlab
Currently, before making a bug report to one of Tor’s repos, users must sign up for a GitLab account via the TicketLobby (https://gitlab.onionize.space/). Although this is the right approach for many users, it has its limitations.
A new project, the anonymous ticketing portal, is designed to circumvent these limitations, resulting in more complete, private bug reporting, and includes the following features:
- Lightning-fast, anonymous (and lazy) user interface
- Tor-flavored, data-packed, familiar project and issue views
- Super-powered SuperUsers
A test instance of this project is currently live at https://anonticket.onionize.space/, or you can see the repo itself at https://gitlab.torproject.org/tpo/tpa/anon_ticket.
Read more about the anonymous GitLab ticketing system on our blog: https://blog.torproject.org/anonymous-gitlab.
Tor in the Media: 2020
https://blog.torproject.org/tor-media-2020
This year, we’re continuing a new tradition of reviewing media and news stories that mentioned Tor and the Tor Project. Our goal is to highlight what is changing (or not) in the conversation about privacy and censorship, as well as identifying the ways the media discusses Tor in the context of these challenges.
Read our review of Tor in the media in 2020 on our blog: https://blog.torproject.org/tor-media-2020.
Bug Smash Fund, Year 2: Progress So Far!
https://blog.torproject.org/tor-bug-smash-fund-yr2-progress
Last August, we asked you to help us fundraise during our second annual Bug Smash Fund campaign (https://blog.torproject.org/tor-bug-smash-fund-2020-106K-raised). This fund is designed to grow a healthy reserve earmarked for maintenance work, finding bugs, and smashing them—all tasks necessary to keep Tor Browser, the Tor network, and the many tools that rely on Tor strong, safe, and running smoothly.
We want to share an update! Read about the work made possible with the Bug Smash Fund on our blog: https://blog.torproject.org/tor-bug-smash-fund-yr2-progress.
New Releases
Tor Browser 10.5a11
https://blog.torproject.org/new-release-tor-browser-105a11
This release updates Firefox to 78.8.0esr for desktop and Firefox for Android to 86.1.0. Additionally, we update Tor to 0.4.5.6 and OpenSSL to 1.1.1j.
Tor Browser 10.0.12
https://blog.torproject.org/new-release-tor-browser-10012
This version updates Desktop Firefox to 78.8.0esr and Android Firefox to 86.1.0. In addition, Tor Browser 10.0.12 updates NoScript to 11.2.2, Openssl to 1.1.1j, and Tor to 0.4.5.6.
Tor 0.4.5.6
https://blog.torproject.org/node/2000
This release series introduces significant improvements in relay IPv6 address discovery, a new "MetricsPort" mechanism for relay operators to measure performance, LTTng support, build system improvements to help when using Tor as a static library, and significant bugfixes. The Tor 0.4.5.x release series is dedicated to the memory of Karsten Loesing (1979-2020), Tor developer, cypherpunk, husband, and father.
Tor Browser 10.5a10 (Windows Only)
https://blog.torproject.org/new-release-tor-browser-105a10
This version updates Firefox to 78.7.1esr for Windows. This release includes important security updates to Firefox.
Tor Browser 10.5a9 (Android Only)
https://blog.torproject.org/new-release-tor-browser-105a9
This release updates Fenix to 86.0.0-beta.2. Additionally, we update NoScript to 11.2 and HTTPS Everywhere to 2021.1.27.
Tor Browser 10.0.11 (Windows Only)
https://blog.torproject.org/new-release-tor-browser-10011
This version updates Firefox to 78.7.1esr for Windows. This release includes important security updates to Firefox.
Tor Browser 10.0.10
https://blog.torproject.org/new-release-tor-browser-10010
This version increases the availability of version 3 (v3) onion services. The fix is included in the recently released stable tor versions, as well.
Tor 0.3.5.13, 0.4.3.8, and 0.4.4.7
https://blog.torproject.org/node/1990
Tor 0.4.4.7 backports numerous bugfixes from later releases, including one that made v3 onion services more susceptible to denial-of-service attacks, and a feature that makes some kinds of DoS attacks harder to perform.
Tor 0.4.5.5-rc
https://blog.torproject.org/node/1989
Tor 0.4.5.5-rc is the third release candidate in its series. This release fixes an annoyance with address detection code, and somewhat mitigates an ongoing denial-of-service attack.
We're Hiring
Metrics Data Architect
The person in this position will work directly with helping us maintain existing systems, and design new systems for gathering and analyzing data. They will help the rest of the teams understand the data available to improve our tools as well as the Tor network's health. Read the full job description: https://www.torproject.org/about/jobs/metrics-data-architect/
Anti-Censorship Software Developer
This developer will be tasked with improving the user experience and process of finding alternate routes to the Tor network when global censorship events block access to the Tor network. A personal commitment to free and open source software and the application of advanced programming skills for the greater good is essential. Read the full job description. https://www.torproject.org/about/jobs/software-developer-anticensorship/
What We're Reading
"Why you should care about data privacy even if you have “nothing to hide”," Vox. (https://www.vox.com/recode/22250897/facebook-data-privacy-collection-algorithms-extremism)
"South Sudan: Rampant abusive surveillance by NSS instils climate of fear," Amnesty International. (https://www.amnesty.org/en/latest/news/2021/02/south-sudan-abusive-surveillance-by-national-security-service-climate-of-fear/)
"Private dollars are seeding surveillance tech across the US," Smart Cities Dive. (https://www.smartcitiesdive.com/news/private-dollars-are-seeding-surveillance-tech-across-the-us/594615/)
"There Are Spying Eyes Everywhere—and Now They Share a Brain," Wired. (https://www.wired.com/story/there-are-spying-eyes-everywhere-and-now-they-share-a-brain/)
"Amazon says government demands for user data spiked by 800% in 2020," TechCrunch. (https://techcrunch.com/2021/02/01/amazon-government-demands-spiked/)
"Spotify patents tech to recommend songs based on users' speech, emotion," Axios. (https://www.axios.com/spotify-patent-users-speech-recommend-music-6c5ce99d-ca0f-4457-9b87-9d27fcc35527.html)
Join Our Community
Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/
Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet
Learn about more opportunities to start collaborating: https://community.torproject.org/
Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org
--
The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.
Twitter: https://twitter.com/torproject
Facebook: https://facebook.com/torproject
Instagram: https://instagram.com/torproject
Mastodon: http://mastodon.social/@torproject
Published on 2021-01-29
2020 Fundraising Results: Thank You!
https://blog.torproject.org/use-a-mask-use-tor-thank-you
We are pleased to announce that in 2020, despite the cancellations of in-person events and the sharp decrease in individual donations we saw at the beginning of the pandemic, you helped us to raise $913,110 from individuals, more than any calendar year in the Tor Project’s history. You contributed $376,315 of this figure during the end-of-year campaign—this includes the generous $100,000 match by the Friends of Tor. (That’s a 19% increase over last year’s year-end campaign.)
Thank you to everyone who made a donation in 2020! You make it possible to resist the surveillance pandemic. You’ve made it possible for the Tor Project and the tools we support to survive a very difficult time, and to prepare for 2021 with ambitious plans.
Vist the blog for more details about the details of Tor's fundraising in 2020, and what we have prepared for 2021: https://blog.torproject.org/use-a-mask-use-tor-thank-you
The state of IPv6 support on the Tor network
https://blog.torproject.org/state-of-ipv6-support-tor-network
In our last article, published in RIPE's website, (https://labs.ripe.net/Members/tor_grants/a-look-into-the-tor-network-work-on-supporting-ipv6) we described the work that happened in 2020 related to giving IPv6 support (https://blog.torproject.org/ipv6-future-i-hear) to the Tor network.
Tor 0.4.5.1-alpha (https://blog.torproject.org/node/1949) is the first release that includes all the work described in the RIPE article. Relays running 0.4.5.1-alpha are the first to report IPv6 bandwidth statistics.
As of December 2, 2020, 54% of the relays on the network run a version of Tor that supports IPv6. Of the 6852 relays in the network, 3587 are running version 0.4.4 (https://metrics.torproject.org/versions.html) and 8 relays are running the latest Tor version 0.4.5 (https://blog.torproject.org/node/1958). From all those, 1588 are announcing an IPv6 address and port for the OR protocol. 1587 relays are reachable on IPv6 by the directory authorities. 626 permit exiting to IPv6 targets (https://metrics.torproject.org/relays-ipv6.html).
Read more about the state of IPv6 on the Tor network on our blog: https://blog.torproject.org/state-of-ipv6-support-tor-network
In memoriam of Karsten Loesing
blog.torproject.org/in-memoriam-of-karsten-loesing
It's with deep sorrow that we share that our dear friend, colleague, and Tor core contributor Karsten Loesing passed away on the afternoon of Friday, December 18, 2020. No one is prepared for such an unimaginable loss. Our deepest sympathies go to Karsten's family at this moment, his wife and his children.
We all loved him and his contribution to the Tor Project will always be remembered from the depth of our hearts. We will be dedicating our next release of core tor to Karsten's memory.
Rest in peace, Karsten.
New Releases
Tor Browser 10.0.9
https://blog.torproject.org/new-release-tor-browser-1009
This release updates Firefox to 78.7.0esr for desktop and Firefox for Android to 85.1.0. This release includes important security updates to Firefox for Desktop, and similar important security updates to Firefox for Android.
Tor Browser 10.5a8
https://blog.torproject.org/new-release-tor-browser-105a8
This release updates Firefox to 78.7.0esr for desktop and Firefox for Android to 85.1.0. Additionally, we update Tor to 0.4.5.4-rc. This release includes important security updates to Firefox for Desktop, and similar important security updates to Firefox for Android.
Tor 0.4.5.4-rc
https://blog.torproject.org/node/1973
Tor 0.4.5.4-rc is the second release candidate in its series. It fixes several bugs present in previous releases. We expect that the stable release will be the same, or almost the same, as this release candidate, unless serious bugs are found.
Tor Browser 10.5a7
https://blog.torproject.org/new-release-tor-browser-105a7
This release updates Firefox to 78.6.1esr for desktop and Firefox for Android to 85.0.0-beta.7. Additionally, we update Tor to 0.4.5.3-rc. This versions also fixes a crash seen by macOS users on the new M1 processor.
Tor Browser 10.0.8
https://blog.torproject.org/new-release-tor-browser-1008
This release updates Firefox for desktops to 78.6.1esr and Firefox for Android to 84.1.4. This version resolves instability on Apple macOS devices with the new M1 processor.
Tor 0.4.5.3-rc
https://blog.torproject.org/node/1969
Tor 0.4.5.3-rc is the first release candidate in its series. It fixes several bugs, including one that broke onion services on certain older ARM CPUs, and another that made v3 onion services less reliable.
Upcoming Events with Tor
No upcoming events.
What We're Reading
"Tor Project’s crypto donations increased 23% in 2020," Coin Telegraph. (https://cointelegraph.com/news/tor-project-s-crypto-donations-increased-23-in-2020)
"Encryption is vital for attorney-client privilege in the digital era, and lawyers should fight for it," Access Now. (https://www.accessnow.org/encryption-attorney-client-privilege/)
"100 hours in the dark: How an election internet blackout hit poor Ugandans," Thomson Reuters Foundation. (https://news.trust.org/item/20210120134502-2jnhz/)
"You watch TV. Your TV watches back," The Washington Post. (https://www.washingtonpost.com/technology/2019/09/18/you-watch-tv-your-tv-watches-back/)
"Leaked Location Data Shows Another Muslim Prayer App Tracking Users," VICE. (https://www.vice.com/en/article/xgz4n3/muslim-app-location-data-salaat-first)
"DuckDuckGo surpasses 100 million daily search queries for the first
--
The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.
Twitter: https://twitter.com/torproject
Facebook: https://facebook.com/torproject
Instagram: https://instagram.com/torproject
Mastodon: http://mastodon.social/@torproject
Published on 2020-12-21
Looking Forward: Tor in 2021
https://blog.torproject.org/tor-in-2021
This year has been difficult for all of us. As individuals, we’ve had to adapt to the new normal of COVID-19, and as an organization, the Tor Project also had to adapt to our “new normal” after we made the difficult decision to let go of one third of our organization. Although challenging, we have managed to reorganize in order to meet the goals we originally set for 2020, and now, it’s time to look forward to 2021.
We have shared many of our goals for the next year, including addressing the "Tor is too slow" complaint, supporting the relay operator community, improving network health, developing a Rust Tor implementation, & unblocking Tor through outreach. Read more about our plans from our executive director, Isabela Bagueros: https://blog.torproject.org/tor-in-2021
Moving Tor from Trac to Gitlab
https://blog.torproject.org/node/1957
Tor had been using Trac (https://trac.torproject.org) until June 2020, when we moved to our self-hosted instance of Gitlab administered by the Tor sysadmin team (https://gitlab.torproject.org). We're hoping Gitlab will be a good fit because:
- Gitlab will allow us to collect our different engineering tools into a single application: Git repository handling, Wiki, Issue tracking, Code reviews, and project management tooling.
- Gitlab is well-maintained, while Trac plugins are not well maintained and Trac itself hasn't seen a release for over a year (since 2019).
- Gitlab will allow us to build a more modern approach to handling Continuous Integration for our different projects.
We spent several months fixing and testing problems on data migration, from formatting issues to addressing where the information that lived in Trac should live in Gitlab. We tested the Gitlab instance with a few projects until we jumped into migrating all data from Trac. You can read more about this migration process on our blog: https://blog.torproject.org/node/1957
Watch PrivChat #3 with Edward Snowden
https://torproject.org/privchat
For our third edition of PrivChat on December 11, we brought together some real-life Tor users who shared how Tor has been important for them and their work to defend human rights and freedoms around the world.
Hosted by Edward Snowden, PrivChat featured technologist and privacy researcher Ramy Raoof, librarian and founder of Library Freedom Project, Alison Macrina, and Africa Policy Manager and Global Internet Shutdowns Lead at Access Now, Berhan Taye.
Watch the full PrivChat: Advancing Human Rights with Tor (https://www.youtube.com/watch?v=S2N3GoewgC8), and be on the lookout for our next PrivChat in 2021.
Anti-censorship team report: November 2020
https://blog.torproject.org/anti-censorship-november-2020
Tor's anti-censorship team writes monthly reports to keep the world updated on its progress. This blog post summarizes the anti-censorship work we got done in November 2020. Let us know if you have any questions or feedback!
New Releases
Upcoming Events with Tor
Join Our Community
Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/
Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet
Learn about more opportunities to start collaborating: https://community.torproject.org/
Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org
Published on 2020-11-30
Use a Mask, Use Tor: Friends of Tor Matching Donations
https://blog.torproject.org/friends-of-tor-match-2020
Every dollar donated to the Tor Project now through December 31, up to $100,000, will be matched by Friends of Tor (https://torproject.org/donate/donate-usetor-tn-fot). That means your donation will be doubled. We’re able to offer this match because of generous folks in our community who believe in Tor, privacy online, and the work to resist the surveillance pandemic.
Make a donation today and your gift will be matched, 1:1: https://torproject.org/donate/donate-usetor-tn-fot
Meet the Friends of Tor who generously came forward to make this match possible on our blog: https://blog.torproject.org/friends-of-tor-match-2020
You're Invited: PrivChat with Edward Snowden
The Tor Project's main mission is to advance human rights and freedoms by creating and deploying free and open source anonymity and privacy technologies. People use our technology, namely the Tor network and Tor Browser, in diverse ways. Tor is used by whistleblowers who need a safe way to bring to light information about wrongdoing -- information that is crucial for society to know -- without sharing their identity. Tor is used by activists around the world who are fighting against authoritarian governments and to defend human rights, not only for their safety and anonymity, but also to circumvent internet censorship so their voices can be heard.
For our third edition of PrivChat (https://torproject.org/privchat), we are bringing you some real-life Tor users who will share how Tor has been important for them and their work to defend human rights and freedoms around the world. Hosted by Edward Snowden, featuring technoligist and privacy research Ramy Raoof and librarian and founder of Library Freedom Project, Alison Macrina.
Join us for PrivChat: Advancing Human Rights with Tor on December 11 at 18:00 UTC, 13:00 Eastern, 10:00 Pacific: https://www.youtube.com/watch?v=S2N3GoewgC8
State of the Onion: Tor & Community Updates from 2020
https://www.youtube.com/watch?v=IyWyTypRGWQ
Every year people from the Tor Project and its communities present the State of the Onion, a compilation of updates from our different projects, at conferences around the world. We use this opportunity to talk about highlights of the work we’ve accomplished during the year and what we are excited about in the upcoming year.
With COVID-19 pandemic this year, we didn’t have the chance to ‘tour’ our State of the Onion during any face-to-face conferences. So we decided to bring the State of the Onion to you in virtual format.
We invite you to watch the full recording of State of the Onion 2020 on YouTube (https://www.youtube.com/watch?v=IyWyTypRGWQ). Our blog outlines the full program and who took part in the event (https://blog.torproject.org/state-of-the-onion-2020).
Transparency, Openness, and Our 2018 and 2019 Finances
https://blog.torproject.org/transparency-openness-and-our-2018-and-2019-financials
We publish all of our related tax documents for transparency (https://www.torproject.org/about/reports/). After completing standard audits for 2017-2018 and for 2019, our federal tax filings and audits for the last two years are available in full on our website. We've outlined some observations to help you read through the 2018 and 2019 financial documents on our blog: https://blog.torproject.org/transparency-openness-and-our-2018-and-2019-financials.
Digital security tools for human rights defenders
https://blog.torproject.org/hrd-amazon-training
Since July 2020, Narrira Lemos has been working with the Tor Project as a Bertha Fellow (https://berthafoundation.org/bertha-challenge/) to strengthen and promote digital security among individuals and organizations in the Amazonian region of Brazil, where she works with the technological challenges of the people who live there fighting to protect forests. On the blog, Nah outlines her work with rural communities, the impact of the pandemic, and how these human rights defenders use Tor Browser and other digital security tools: https://blog.torproject.org/hrd-amazon-training.
New Releases
Tor 0.4.5.2-alpha
https://blog.torproject.org/node/1958
Tor 0.4.5.2-alpha is the second alpha release in the 0.4.5.x series. It fixes several bugs present in earlier releases, including one that made it impractical to run relays on Windows. It also adds a few small safety features.
Tor Browser 10.5a4
https://blog.torproject.org/new-release-tor-browser-105a4
This release updates Firefox to 78.5.0esr for desktop and Fenix to 83.0 for Android. Additionally, we update Tor to 0.4.5.1-alpha. This release includes important security updates both for desktop and Android users.
Tor Browser 10.0.5 (Only Desktop)
https://blog.torproject.org/new-release-tor-browser-1005
This release updates Firefox to 78.5.0esr and updates Tor to 0.4.4.6. This release includes important security updates to Firefox.
Tor Browser 10.5a3
https://blog.torproject.org/new-release-tor-browser-105a3
Tor Browser 10.5a3 updates NoScript to 11.1.5 and libevent to 2.1.12. This release includes important security updates to Firefox.
Tor 0.3.5.12, 0.4.3.7, and 0.4.4.6
https://blog.torproject.org/node/1952
Tor 0.4.4.6 is the second stable release in the 0.4.4.x series. It backports fixes from later releases, including a fix for TROVE-2020- 005, a security issue that could be used, under certain cases, by an adversary to observe traffic patterns on a limited number of circuits intended for a different relay.
Tor Browser 10.0.4
https://blog.torproject.org/new-release-tor-browser-1004
This release updates NoScript to 11.1.5 and includes an important security update to Firefox.
Tor Browser 10.0.3 (Android Only)
blog.torproject.org/new-release-tor-browser-1003
After many months of design and development we are very happy to announce the release of Tor Browser 10.0.3 for Android. This is the first Android Tor Browser version in the stable 10.0 series. The Desktop version was released at the end of September. We began working on this project in April 2020 with the goal of rebuilding the Android Tor Browser on top of Mozilla's new Android Firefox Browser, Fenix. Over the last six months, we successfully achieved this goal and we reached feature parity with the previous Android Tor Browser version.
What We're Reading
"Browsing internet 'safely' on Android phones becomes easier with this new app," India Times.
https://timesofindia.indiatimes.com/gadgets-news/browsing-internet-safely-on-android-phones-becomes-easier-with-this-new-app/articleshow/79013318.cms
"How Police Can Crack Locked Phones—and Extract Information," Wired.
https://www.wired.com/story/how-police-crack-locked-phones-extract-information/
"The best way to fight election disinformation is to fight surveillance capitalism," Fight for the Future.
https://fightfortheftr.medium.com/the-best-way-to-fight-election-disinformation-is-to-fight-surveillance-capitalism-d5d835683a9e
"Crypto Wallet Trezor Incorporates ‘Tor Switch' in its Desktop App for Increased Privacy," Bitcoin Exchange Guide.
https://bitcoinexchangeguide.com/crypto-wallet-trezor-incorporates-tor-switch-in-its-desktop-app-for-increased-privacy/
"How the U.S. Military Buys Location Data from Ordinary Apps," Motherboard.
https://www.vice.com/en/article/jgqm5x/us-military-location-data-xmode-locate-x
"Tor Project rolls out program to turbo-charge network throughput," The Daily Swig.
https://portswigger.net/daily-swig/tor-project-rolls-out-program-to-turbo-charge-network-throughput
"'Incognito Mode' Is Actually Pretty Useless," VICE.
https://www.vice.com/en/article/y3gzgb/incognito-mode-is-actually-pretty-useless
Upcoming Events with Tor
(ICYMI) Anonymity loves Diversity: The Case of Tor (Foss-North), November 1st, 2020.
https://youtu.be/lBjZOvA2kF4
(ICYMI) State of the Onion: Tor & Community Updates from 2020, November 16, 2020.
https://www.youtube.com/watch?v=IyWyTypRGWQ
Join Our Community
Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/
Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet
Learn about each of our teams and start collaborating: https://gitlab.torproject.org/tpo/team#Teams
Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org
Published on 2020-10-29
Use A Mask, Use Tor: Resist the Surveillance Pandemic
https://blog.torproject.org/use-a-mask-use-tor
As many friends and followers of Tor know by now, we spend the final weeks of each year asking for your help as part of our year-end fundraising campaign (https://torproject.org/donate/donate-usetor-tn1). This year hasn't been a normal year at all, not for Tor and not for the rest of the world.
For our 2020 campaign, we wanted a theme that conveys a positive message and speaks to the power of community action. That’s why we decided on the theme Use a Mask, Use Tor.
To put it simply, using a mask keeps yourself and your communities safe in person. Using Tor keeps yourself and your communities safe online. Both tools help to conceal your identity, can break systems of surveillance, and their widespread use can promote the health of communities while undermining the power of systems bent on dividing us. Using a mask and using Tor helps us stand in solidarity with one another.
Use a mask, use Tor. And now, use your Tor mask! Make a donation of $50 and receive a limited-edition Tor mask: https://torproject.org/donate/donate-usetor-tn1
Every donation made from now through the end of 2020 will count towards our year-end campaign. Be on the lookout for events, giveaways, and new merch available from now until December 31. Read more about the campaign on our blog: https://blog.torproject.org/use-a-mask-use-tor
Tor Browser and Onion Services: Challenges and Opportunities
https://blog.torproject.org/tor-brower-onion-services-challenges-opportunities
Maintaining a browser like Tor Browser has its challenges but also its rewards. It allows us to reach faster adoption of important technologies like onion services, providing a more secure browsing experience for all Tor users. Improving the treatment of onion services on the browser side, however, comes with its own challenges both for users and service providers and it is important to reflect on those as a requirement for future growth.
Thus, we feel it is time to take stock and outline the steps we have taken over the years to improve the user experience and adoption of onion services, the challenges we faced and continue to face, and what the future might look like.
Check out our blog post for how we got where we are today, our challenges, and what's next for Tor Browser and onion services: https://blog.torproject.org/tor-brower-onion-services-challenges-opportunities
Join the Tor Localization Hackathon November 6 - 9
https://blog.torproject.org/tor-l10n-hackathon
Between November 6 and 9, the Tor Project and Localization Lab (https://www.localizationlab.org/) will host the first edition of Tor Project's localization hackathon, the Tor L10n Hackathon. A hackathon is an event where a community hangs out and works together to update, fix, and collaborate on a project. The L10n Hackathon is a totally remote and online event.
In this localization hackathon we're going to work exclusively on the localization of our latest resource, the Tor Community portal. Find out how to join the hackathon on our blog: https://blog.torproject.org/tor-l10n-hackathon
Anti-censorship team report: September 2020
https://blog.torproject.org/anti-censorship-september-2020
Tor's anti-censorship team writes monthly reports to keep the world updated on its progress. This blog post summarizes the anti-censorship work we got done in September 2020. Let us know if you have any questions or feedback!
New Releases
Tor Browser 10.0a9 (Android Only)
https://blog.torproject.org/new-release-tor-browser-100a9
Tor Browser 10.0a9 ships with Fenix 82.1.1. As this is the second alpha version based on Fenix we expect more bugs than usual. Please report them (with steps to reproduce), either on our blog or on Gitlab, or essentially with any other means that would reach us. We are in particular interested in potential proxy bypasses which our proxy audit missed.
Tor Browser 10.5a2
https://blog.torproject.org/new-release-tor-browser-105a2
Tor Browser 10.5a2 ships with Firefox 78.4.0esr, updates NoScript to 11.1.3, and OpenSSL to 1.1.1h. This release includes important security updates to Firefox. Tor Browser 10.5 does not support CentOS 6.
Tor Browser 10.0.2
https://blog.torproject.org/new-release-tor-browser-1002
This release updates Firefox to 78.4.0esr and NoScript to 11.1.3. This release includes important security updates to Firefox. Now Javascript on the Safest security level is governed by NoScript again.
Tor Browser 10.0.1
https://blog.torproject.org/new-release-tor-browser-1001
This release updates NoScript to 11.1.1 and fixes some bugs, including the issue of watching Youtube videos on Windows.
Tor Browser 10.0a8 (Android Only)
https://blog.torproject.org/new-release-tor-browser-100a8
We are happy to announce the first alpha for Android users based on Fenix 81. The Desktop version was released at the end of September. Over the last four months we adjusted our toolchains, finished our proxy audit, re-implemented the user interfaces, and fixed a lot of issues that came down on us due to the switch from Firefox 68esr to Fenix.
What We're Reading
"The Police Can Probably Break Into Your Phone," The New York Times.
https://www.nytimes.com/2020/10/21/technology/iphone-encryption-police.html
"Onions on the side: Tracking Tor availability for reader privacy on major news sites," Freedom of the Press Foundation.
https://freedom.press/news/onions-side-tracking-tor-availability-reader-privacy-major-news-sites/
"Amazon Unveils Drone That Films Inside Your Home. What Could Go Wrong?" The New York Times.
https://www.nytimes.com/2020/09/24/technology/amazon-ring-drone.html
"Bitcoin's Next Upgrade Will Support Tor V3 Addresses," Decrypt.
https://decrypt.co/44640/bitcoins-next-upgrade-will-support-tor-v3-addresses
"CBP Bought 'Global' Location Data from Weather and Game Apps," Motherboard.
https://www.vice.com/en/article/n7wakg/cbp-dhs-location-data-venntel-apps
"Introducing Onion Names for SecureDrop," SecureDrop.
https://securedrop.org/news/introducing-onion-names-securedrop/
"Google is giving data to police based on search keywords, court docs show," CNet.
https://www.cnet.com/news/google-is-giving-data-to-police-based-on-search-keywords-court-docs-show/
Upcoming Events with Tor
Anonymity loves Diversity: The Case of Tor (Foss-North), November 1st, 2020 @ 16:00 - 17:00 (CET).
https://blog.torproject.org/foss-north-2020
Tor Localization Hackathon, November 6 - 9, 2020.
https://blog.torproject.org/node/1946
State of the Onion: Tor & Community Updates from 2020, November 16, 2020 @ 16:00 - 18:00 UTC.
https://blog.torproject.org/state-of-the-onion-2020
Tor Talk at GNU Health Conference 2020, November 20, 2020
https://blog.torproject.org/tor-ghcon-2020
Tor introduction @ LHC (Campinas), November 26 @ 23:00 UTC
https://blog.torproject.org/tor-intro-lhc-2020
Join Our Community
Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/
Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet
Learn about each of our teams and start collaborating: https://gitlab.torproject.org/tpo/team#Teams
Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org
Published on 2020-09-29
Updates on the Tor Project’s Board
https://blog.torproject.org/welcome-new-tor-board-members
We would like to share some updates regarding the Tor Project’s Board. We had two members stepping down, Megan Price and Shari Steele, both provided great contributions for the Board that Tor will always be thankful for. And we are grateful to have them as supporters and friends of Tor.
To move forward we decided to invite two new members. We are happy to say both have accepted our invitation and joined the Board. Rabbi Rob, the founder and CEO of Team Cymru and Chelsea Komlo, cryptography and privacy researcher and engineer.
Tor’s Bug Smash Fund, Year 2: $106,709 Raised!
https://blog.torproject.org/tor-bug-smash-fund-2020-106K-raised
This August, we asked you to help us fundraise for our second annual Bug Smash Fund campaign. This fund is designed to grow a healthy reserve earmarked for maintenance work, finding bugs, and smashing them—all tasks necessary to keep Tor Browser, the Tor network, and the many tools that rely on Tor strong, safe, and running smoothly.
In 2019, we raised $86,081, half of which we raised in-person at DEFCON.
In 2020, despite the challenges of COVID-19 and event cancellations, you helped us to raise $106,709!
Censored continent: understanding the use of tools during information controls in Africa: Nigeria, Cameroon, Uganda, and Zimbabwe as case studies.
https://blog.torproject.org/icfp-otf-censored-continent
Between 2019 and 2020, the Tor Project has had the opportunity to serve as the host organization of OTF Information Controls Fellow, Babatunde Okunoye.
As part of his fellowship, Babatunde examined the use of Internet censorship circumvention tools in Cameroon, Nigeria, Uganda, and Zimbabwe, four countries in Africa with varying degrees of Internet censorship, including Internet bandwidth throttling, social media app restrictions, and website blocks. Interviews were done with 33 people, including students, civil society members, people in business, and teachers, revealing how communities mobilized to defeat censorship.
Anti-censorship team report: August 2020
https://blog.torproject.org/anti-censorship-august-2020
Tor's anti-censorship team writes monthly reports to keep the world updated on its progress. This blog post summarizes the anti-censorship work we got done in August 2020. Let us know if you have any questions or feedback!
GSoC 2020: Snowflake Proxy on Mobile
https://blog.torproject.org/gsoc-2020-snowflake-proxy-mobile
Every year the Tor Project hosts interns through programs like Outreachy and Google Summer of Code. Hashik worked with our anti-censorship team on bringing Snowflake proxy to Android. We are happy that Hashik had a great time at the Tor Project.
“Tor’s community is very welcoming; all the Tor core developers are down to earth, humble, and easy to approach for any technical difficulty. Any interested person can barge into their IRC channels and ask any question, and either the developers or the fellow folks in the community would answer our questions.”
New Releases
Tor 0.4.4.5
https://blog.torproject.org/node/1921
This series improves our guard selection algorithms, adds v3 onion balance support, improves the amount of code that can be disabled when running without relay support, and includes numerous small bugfixes and enhancements. It also lays the ground for some IPv6 features that we'll be developing more in the next (0.4.5) series.
Tor Browser 10
https://blog.torproject.org/new-release-tor-browser-100
Tor Browser 10 ships with Firefox 78.3.0esr, updates NoScript to 11.0.44, and Tor to 0.4.4.5. This release includes important security updates to Firefox.
Android Tor Browser 10 is under active development and we are supporting the current 9.5 series for Android until the new one is ready. We are informed by Mozilla of any issues they learn about affecting the 9.5 series. We expect to release the new Tor Browser for Android based on Fenix in the following weeks.
Tails 4.11
https://blog.torproject.org/new-release-tails-411
This release fixes many security vulnerabilities. You should upgrade as soon as possible.
Tor Browser 10.0a7
https://blog.torproject.org/new-release-tor-browser-100a7
We are happy to announce the third alpha for desktop users based on Firefox 78 ESR. The Android version is under active development and will be available in the coming weeks.
Tor Browser 10.5a1
https://blog.torproject.org/new-release-tor-browser-105a1
Tor Browser 10.5a1 ships with Firefox 78.3.0esr, updates NoScript to 11.0.44, and Tor to 0.4.4.5.
What We're Reading
"Portland, Oregon, passes toughest ban on facial recognition in US," CNET.
https://www.cnet.com/google-amp/news/portland-passes-the-toughest-ban-on-facial-recognition-in-the-us/
"We made the largest Mexican telecommunications operator stop blocking secure internet," GlobalVoices.
https://globalvoices.org/2020/09/08/we-made-the-largest-mexican-telecommunications-operator-stop-blocking-secure-internet/
"Free VPNs are bad for your privacy," Tech Crunch.
https://techcrunch.com/2020/09/24/free-vpn-bad-for-privacy/
"Trump cuts aid for pro-democracy groups in Belarus, Hong Kong and Iran," The Guardian.
https://www.theguardian.com/us-news/2020/sep/24/trump-open-technology-fund-hong-kong-belarus-iran
"U.S. court: Mass surveillance program exposed by Snowden was illegal," Reuters.
https://www.reuters.com/article/us-usa-nsa-spying/u-s-court-mass-surveillance-program-exposed-by-snowden-was-illegal-idUSKBN25T3CK
"Remote Learning During Pandemic Brings Privacy Risks," The Wall Street Journal.
https://www.wsj.com/articles/remote-learning-during-pandemic-brings-privacy-risks-11599039000
"Zimbabwe’s Speedy Social Media Law Is Africa’s Latest Internet Censorship Plot," WT.
https://weetracker.com/2020/08/31/zimbabwe-africa-social-media-laws/
"Private Intel Firm Buys Location Data to Track People to their 'Doorstep'," Motherboard.
https://www.vice.com/en_us/article/qj454d/private-intelligence-location-data-xmode-hyas
Upcoming Events with Tor
Roger keynotes at CyberSec&AI, October 8, 2020.
https://blog.torproject.org/node/1925
Join Our Community
Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/
Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet
Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams
Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org
Published on 2020-08-31
Security news, Bug Smash Fund, #MoreOnionsPorFavor
Hello Tor community,
This month, we decided to write a slightly different newsletter. We want to answer questions you may have regarding news about Tor’s security.
First, Tor is a secure tool to use. For perspective on how the Tor Project makes decisions about security and development, we’ll start with a tweet from Edward Snowden (https://twitter.com/snowden/status/1165391734823669761?lang=en): "I wouldn’t expect any system to be totally secure, much less remain secure forever in the face of adversary advances, but that is not the claim. Security is the process of choosing between "less safe" and "more safe’" and continuing to fork towards safety until you reach 'safe enough.'"
Snowden is right. Like all software, Tor development is a process. The Tor daemon, Tor Browser, onion services, pluggable transports, and many other software we develop are just like any other piece of software - they will have bugs. We are always working to make Tor safer for the largest number of users by prioritizing the most impactful changes.
In that spirit, we’d like to talk about two clusters of reports and the action we’ve taken.
You may have heard about a series of bugs in Tor being reported as “0-days.” These bugs aren’t 0-days. Many of them are open in our bug tracker. We have triaged these tickets and determined they are not high priority, and they do not harm our users' anonymity. We explained more about our decision process regarding these bugs, and what comes next, in a tweet (https://twitter.com/torproject/status/1288955073322602496).
You may have heard about a group of exit relays running sslstrip attacks on the Tor network in May and June 2020. This attack targeted unencrypted HTTP connections to a small number of cryptocurrency exchange websites, and left other traffic alone. These relays have been monitored and excluded from the Tor network since they’ve joined. You can read the full details about the attack, and the next steps to mitigation, on our blog. (blog.torproject.org/bad-exit-relays-may-june-2020) Monitoring the Tor network continuously is very important in catching these kinds of attacks, and given our limited capacity, you can help by donating (https://donate.torproject.org) to help increase our network monitoring capacity, running your own relay (https://community.torproject.org/relay/), or reporting bad relays (https://community.torproject.org/relay/community-resources/bad-relays/).
These reports point to some truths about the Tor Project: (1) We have finite capacity, which has been exacerbated by the financial need to lay off 1/3 of our staff in April. (2) Given our finite capacity, we have to triage and prioritize the work that has the highest impact for our users. (3) We can improve communication with our volunteers, contributors, and users so that our decision making process, and the priority of user security, is more clear. Like this newsletter.
Our blog is another important resource for updates on what’s happening in the Tor world, and is one of the places we will use to improve our communication. This month we published a blog post outlining the two methods we are considering to mitigate DDoS attacks on the Tor network (https://blog.torproject.org/stop-the-onion-denial), which is an example of how we like to discuss problems and potential solutions. We’ve also begun posting monthly reports on anti-censorship activities (https://blog.torproject.org/anti-censorship-july-2020) so you can keep up with our work in this area.
We believe that transparency builds trust. Our work is available for anyone to review and use to learn about Tor. Our code is open. Our development meetings and discussions are open on IRC and mailing list. We welcome those who would like to help review our work for security issues, and when they are found, to use responsible disclosure to report them.
Isabela Bagueros
Executive Director
Final day to donate to the Bug Smash Fund
https://blog.torproject.org/tor-bug-smash-fund-2020
Today, August 31, is the final day of the Bug Smash Fund campaign (https://blog.torproject.org/tor-bug-smash-fund-2020). We owe you a big thank you. This campaign has been more successful than 2019’s, even though we had to overcome a loss of donations from cancelled in-person events. If you haven’t made a contribution to the Bug Smash Fund, and want to help us build a reserve of funds that goes towards finding and fixing bugs and conducting routine maintenance, you still have a chance. Make a donation before the end of the day on August 31 (https://donate.torproject.org), and your contribution will help us smash all the bugs.
End of #MoreOnionsPorFavor campaign
https://blog.torproject.org/more-onions-end-of-campaign
Over the last month, onion services operators and our broad community celebrated and deployed a brand new feature called Onion-Location (https://support.torproject.org/onionservices/onion-location/). The feature, a purple pill in the URL bar, advertises to users that there’s a more secure way to connect to a site by using onion services. Over 60 organisations and individuals -- small, medium, and large onions -- have reached out to us to be part of this campaign. Read more about the success of the #MoreOnionsPorFavor (https://blog.torproject.org/more-onions-end-of-campaign).
New Releases
Tor Browser 10.0a6
https://blog.torproject.org/new-release-tor-browser-100a6
This release ships with Firefox 78.2.0esr, and updates NoScript to 11.0.39. Full changelog.
Tor Browser 9.5.4
https://blog.torproject.org/new-release-tor-browser-954
This release updates Firefox to 68.12.0esr, NoScript to 11.0.38, and HTTPS Everywhere to 2020.08.13. Full changelog.
Tor Browser 10.0a5
https://blog.torproject.org/new-release-tor-browser-100a5
This release ships with Firefox 78.1.0esr but there are a lot more changes that we included compared to the previous alpha version. Full changelog.
0.4.4.4-rc
https://blog.torproject.org/node/1908
Tor 0.4.4.4-rc is the first release candidate in its series. It fixes several bugs in previous versions, including some that caused annoying behavior for relay and bridge operators. Full changelog.
What We're Reading
"Así logramos que el más grande operador de telecomunicaciones mexicano dejara de bloquear la internet segura," GlobalVoices.
https://es.globalvoices.org/2020/08/18/asi-logramos-que-el-mas-grande-operador-de-telecomunicaciones-mexicano-dejara-de-bloquear-la-internet-segura/
"A quarter of the Alexa Top 10K websites are using browser fingerprinting scripts," ZDNet.
https://www.zdnet.com/article/a-quarter-of-the-alexa-top-10k-websites-are-using-browser-fingerprinting-scripts/
"Roger Dingledine of the Tor Project talks privacy and COVID-19 apps," Avast.
https://blog.avast.com/cybersecai-connected-qa-with-roger-dingledine-avast
"Poll reveals Americans data privacy frustrations," Axios.
https://www.axios.com/exclusive-poll-reveals-americans-data-privacy-frustrations-16514f76-ff5e-4df1-929e-6ba259268023.html
"A new technique can detect newer 4G 'stingray' cell phone snooping," Tech Crunch.
https://techcrunch.com/2020/08/05/crocodile-hunter-4g-stingray-cell/
"The Age of Mass Surveillance Will Not Last Forever," WIRED.
https://www.wired.com/story/the-age-of-mass-surveillance-will-not-last-forever/
Upcoming Events with Tor
(ICYMI) Walking Onions @ USENIX Security Symposium (recorded virtual event), August 12-14, 2020.
https://www.usenix.org/conference/usenixsecurity20/presentation/komlo
(ICYMI) PrivChat #2 | The Good, the Bad, and the Ugly of Censorship Circumvention (recorded virtual event), August 28.
https://www.youtube.com/watch?v=aOOChyMCZH4
Join Our Community
Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/
Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet
Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams
Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org
--
The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.
Twitter: https://twitter.com/torproject
Facebook: https://facebook.com/torproject
Instagram: https://instagram.com/torproject
Mastodon: http://mastodon.social/@torproject
Published on 2020-07-31
Tor's Bug Smash Fund: Year Two!
https://blog.torproject.org/tor-bug-smash-fund-2020
The Bug Smash Fund is back for its second year. In 2019, we launched Tor’s Bug Smash Fund (https://blog.torproject.org/tors-bug-smash-fund-help-tor-smash-all-bugs) to find and fix bugs in our software and conduct routine maintenance. Maintenance isn’t a flashy new feature, and that makes it less interesting to many traditional funders, but it’s what keeps the reliable stuff working--and with your support, we were able to close 77 tickets as a result.
These bugs and issues ranged from maintenance on mechanisms for sending bridges via email and collecting metrics data to improving tor padding, testing, onion services, documentation, Tor Browser UX, and tooling for development. This work keeps Tor Browser, the Tor network, and the many tools that rely on Tor (https://blog.torproject.org/strength-numbers-entire-ecosystem-relies-tor) strong, safe, and running smoothly.
And there’s so much more we can accomplish. Nineteen tickets tagged BugSmashFund (https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues?label_name%5B%5D=BugSmashFund&scope=all&state=all) are still open, and as you know, a big part of building software is ensuring that you can address issues when you find them. As such, starting August 1, every donation we receive during the month of August will count towards the Bug Smash Fund 2020.
Learn more about the Bug Smash Fund and how to contribute: https://blog.torproject.org/tor-bug-smash-fund-2020
#MoreOnionsPorfavor: Onionize your website and take back the internet
https://blog.torproject.org/more-onions-porfavor
Starting July 8th through August 10th, the Tor Project is running a campaign called #MoreOnionsPorfavor to raise awareness about onion sites, that is, websites available over onion services. We recently released a feature called Onion-Location in Tor Browser that announces to users if a website has an onion site available.
Many web administrators have already joined us and made their websites available over onion services and Onion-Location. For example, ProPublica, DEF CON, Privacy International, Riseup.net, Systemli.org, and Write.as.
Join us to make a more secure web! To participate, enable Onion-Location, share your onion site using the hashtag #MoreOnionsPorFavor on your favorite social media, and we'll select some onion service operators to receive a Tor swag. Find out how to launch your onion service and set up Onion-Location: https://blog.torproject.org/more-onions-porfavor
Onion Service version 2 deprecation timeline
https://blog.torproject.org/v2-deprecation-timeline
More than 15 years ago, Onion Service (at the time named Hidden Service) saw the light of day. It was initially an experiment in order to learn more on what the Tor Network could offer. The protocol reached its version 2 soon after deployment.
Version 2 developed into a strong stable product that has been used for over a decade. Since then, onion service adoption has increased drastically, from the .onion tld being standarized by ICANN, to SSL certificates being issued to .onion addresses. Today, onion services support an ecosystem of client applications: from web browsing to file sharing and private messaging.
In 2015, a large scale development effort spanning over 3 years resulted in onion services version 3. On January 9th 2018, Tor version 0.3.2.9 was released which was the first tor supporting onion service version 3. Every single relay on the Tor network now supports version 3. It is also today's default version when creating an onion service.
With onions v3 standing strong, we are at a good position to retire v2. It has completed its course and provided security and privacy to countless people around the world. But more importantly, v2 has created and propulsed a new era of private and secure communication. Prepare for v2 retirement with our planned deprecation timeline: https://blog.torproject.org/v2-deprecation-timeline.
New Releases
Tor 0.3.5.11, 0.4.2.8, and 0.4.3.6 (with security fixes)
https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes
These releases fix TROVE-2020-001, a medium-severity denial of service vulnerability affecting all versions of Tor when compiled with the NSS encryption library. (This is not the default configuration.)
Tor 0.4.4.2-alpha
https://blog.torproject.org/node/1899
This is the second alpha release in the 0.4.4.x series. It fixes a few bugs in the previous release, and solves a few usability, compatibility, and portability issues.
Tor Browser 10.0a3
https://blog.torproject.org/new-release-tor-0441-alpha
This is an Android-only release. It updates Firefox to 68.10.1esr and features important security updates to Firefox.
Tor Browser 9.5.2
https://blog.torproject.org/new-release-tor-browser-952
This release updates Firefox to 68.10.1esr. It also includes important security updates to Firefox.
Tor Browser 10.0a2
https://blog.torproject.org/new-release-tor-browser-100a2
This release update Firefox to 68.10.0esr, Tor to 0.4.4.1-alpha, and NoScript to 11.0.32. This release also includes important security updates to Firefox.
What We're Reading
"Homeland Security worries COVID-19 masks are breaking facial recognition, leaked document shows," The Intercept.
https://theintercept.com/2020/07/16/face-masks-facial-recognition-dhs-blueleaks/
"Appeals court blocks Trump appointee's takeover of web nonprofit," Politico.
https://www.politico.com/news/2020/07/21/appeals-court-trump-appointees-web-nonprofit-375753
"A New Map Shows the Inescapable Creep of Surveillance," WIRED.
https://www.wired.com/story/atlas-of-surveillance-eff-law-enforcement-map/
"The Trump Administration is Attacking Critical Internet Privacy Tools," Vice.
https://www.vice.com/en_us/article/v7gz4d/the-trump-administration-is-attacking-critical-internet-privacy-tools
"How to Check Your Devices for Stalkerware," WIRED.
https://www.wired.com/story/how-to-check-for-stalkerware/
"EFF to Court: Trump Appointee’s Removal of Open Technology Fund Leadership Is Unlawful," EFF.
https://www.eff.org/press/releases/eff-court-trump-appointees-removal-open-technology-fund-leadership-unlawfu
Upcoming Events with Tor
(ICYMI) Privacy Enhancing Technologies Symposium (recorded virtual event), July 13-17, 2020.
https://blog.torproject.org/pets-2020
(ICYMI) Tor Project @ Rightscon: The Case for Privacy By Design, June 27, 2020.
https://blog.torproject.org/rightscon-2020
Bornhack (DK), August 11-18, 2020.
https://blog.torproject.org/bornhack-2020
Walking Onions @ USENIX Security Symposium (virtual event), August 12-14, 2020.
https://blog.torproject.org/usenix-security-2020
Join Our Community
Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/
Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet
Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams
Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org
--
The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.
Twitter: https://twitter.com/torproject
Facebook: https://facebook.com/torproject
Instagram: https://instagram.com/torproject
Mastodon: http://mastodon.social/@torproject
Published on 2020-06-30
Tor Browser 9.5 makes onion services easier to find and use
https://blog.torproject.org/new-release-tor-browser-95
Tor's onion routing remains the best way to achieve end-to-end anonymous communication on the internet. With onion services (.onion addresses), website administrators can provide their users with anonymous connections that are metadata-free or that hide metadata from any third party. Onion services are also one of the few censorship circumvention technologies that allow users to route around censorship while simultaneously protecting their privacy and identity.
With our latest Tor Browser release, we've made onion services easier to discover, remember, and use. Here's what's new:
Onion Location
Website publishers now can advertise their onion service to Tor users by adding an HTTP header. When visiting a website that has both an .onion address and Onion Location enabled via Tor Browser, users will be prompted about the onion service version of the site and will be asked to opt-in to upgrade to the onion service on their first use.
Onion Authentication
Onion services administrators who want to add an extra layer of security to their website can now set a pair of keys for access control and authentication. Tor Browser users can save keys and manage them via about:preferences#privacy in the Onion Services Authentication section.
URL Bar Security Indicators
Browsers traditionally rendered sites delivered via a secure transport protocol with a green lock icon. But in mid-2019, the formerly green lock icon became gray, intending to de-emphasize the default (safe) connection state and, instead, putting more emphasis on broken or insecure connections. We have updated Tor Browser security indicators to make it easier for users to understand when they are visiting a non-secure website.
Error Pages for Onion Services
In this release, we have improved the way Tor Browser communicates with users about service-, client-, and network-side errors that might happen when they are trying to visit an onion service. Tor Browser now displays a simplified diagram of the connection and shows where the error occurred. We want these messages to be clear and informative without being overwhelming.
Onion Names
Because of cryptographic protections, onion service URLs are not easy for humans to remember (ie, https://torproject.org vs. http://expyuzz4wqqyqhjn.onion/). This makes it hard for users to discover or return to an onion site. For this release, we partnered with Freedom of the Press Foundation (FPF) and the Electronic Frontier Foundation's HTTPS Everywhere to develop the first proof-of-concept human-memorable names for SecureDrop onion services addresses.
Read about all of the onion service improvements in Tor Browser 9.5: https://blog.torproject.org/new-release-tor-browser-95
Save Open Technology Fund, #SaveInternetFreedom
https://blog.torproject.org/save-open-technology-fund
The Tor Project has joined the voices around the world from the internet freedom community and in the U.S. Congress to express concerns about the rapid firing of key personnel and dissolution of the board of directors at the four agencies (Middle East Broadcasting, Radio Free Asia, Radio Free Europe/Radio Liberty, and the Open Technology Fund) under the U.S. Agency for Global Media (USAGM).
Of most immediate concern to Tor is the future of the Open Technology Fund (OTF) and its crucial mission, since 2012, of providing funding for technology that enables free expression, helps people circumvent censorship, and obstructs repressive surveillance.
Read our full statement and sign the open letter to Congress: https://blog.torproject.org/save-open-technology-fund. Help #SaveInternetFreedom.
Introducing PrivChat
https://torproject.org/privchat
PrivChat is brand-new a fundraising event series held to raise donations for the Tor Project. Through PrivChat, we will bring you important information related to what is happening in tech, human rights, and internet freedom by convening experts for a chat with our community.
For our first ever PrivChat, we brought together Carmela Troncoso, Assistant Professor at EPFL (Switzerland); Daniel Kahn Gillmor, Senior Staff Technologist for ACLU’s Speech, Privacy, and Technology Project; and Matt Mitchell, hacker and Tech Fellow at the Ford Foundation, to chat with us about privacy in the context of the COVID-19 pandemic, contact tracing, privacy, and the uprising in the U.S. against systemic racism.
If you missed the lived PrivChat, you can watch the recorded version here: https://youtu.be/gSyDvG4Z308. If you're interested in attended the next PrivChat, stay up-to-date on this page: https://torproject.org/privchat.
The value of Tor and anonymous contributions to Wikipedia
https://blog.torproject.org/the-value-of-anonymous-contributions-wikipedia
According to a recently published research paper co-authored by researchers from Drexel, NYU, and the University of Washington, Tor users make high-quality contributions to Wikipedia. And, when they are blocked, as doctoral candidate Chau Tran, the lead author describes, "the collateral damage in the form of unrealized valuable contributions from anonymity seekers is invisible."
By examining more than 11,000 Wikipedia edits made by Tor users able to bypass Wikipedia's Tor ban between 2007 and 2018, the research team found that Tor users made similar quality edits to those of IP editors, who are non-logged-in users identified by their IP addresses, and first-time editors. The paper notes that Tor users, on average, contributed higher-quality changes to articles than non-logged-in IP editors. Read more about the value of anonymous contributions to Wikipedia: https://blog.torproject.org/the-value-of-anonymous-contributions-wikipedia
GSoC and Outreachy 2020 projects
We're pleased to announce that the Tor Project is hosting students this summer as part of Google Summer of Code and Outreachy, thanks to support from DIAL Open Source Center. Find out more about the students and their projects: https://blog.torproject.org/gsoc-outreachy-2020
New Releases
What We're Reading
Events with Tor
Join Our Community
Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay
Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet
Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams
Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org
--
The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.
Twitter: https://twitter.com/torproject
Facebook: https://facebook.com/torproject
Instagram: https://instagram.com/torproject
Mastodon: http://mastodon.social/@torproject
Published on 2020-05-29
Unveiling the new Tor Community portal
https://blog.torproject.org/community-portal
Community is at the core of Tor's success, popularity, and survival. We would not have a network with the security properties it has if it weren’t for the thousands of volunteer relay operators. We would not have Tor Browser if it weren’t for our open source community. People would not know about Tor if it weren’t for our community of trainers and translators who help us make sure educational information about Tor and our tools are accessible to everyone. We also count on a community of researchers, designers, developers, bug reporters, documentation writers, and many more to keep Tor strong.
It's about time that the Tor Project has a dedicated place to help you!
This month, we officially launched our Community portal. This is part of our continuous effort to better organize all of our different content into portals. The Community portal contains six sections: Training, Outreach, Onion Services, Localization, User Research, and Relay Operations.
Training
https://community.torproject.org/training
Inside of the Training section, you will find slides, risk assessment templates, and materials to help you organize your own Tor training with your group or organization. Because of the pandemic, we recommend you run these activities online, instead of in person, with your local community or affinity group. Check out our blog post on remote work to learn about the tools we recommend: https://blog.torproject.org/remote-work-personal-safety
Outreach
In the Outreach section, you'll find our events calendar, materials like flyers and pamphlets to spread the word about Tor, and instructions on how to run your own Tor meetup in your city.
https://community.torproject.org/outreach/
Onion Services
The Onion Services section includes guides, tools, and explanations about onion services and their privacy and security benefits.
https://community.torproject.org/onion-services/
Relay Operators
The Relay Operators section is dedicated to explaining the different types of nodes on the network, how to install a relay on different platforms, where to find technical support, and how to be part of the relay operators community.
https://community.torproject.org/relay/
User Research
In the User Research section you will find our Research Guidelines, our reports on previous research and methodologies, and Tor Personas, a tool that helps us to human-center our design and development processes.
https://community.torproject.org/user-research/
Localization
In the Localization section, you can learn how to plug in to this work and which projects need help.
https://community.torproject.org/localization/
Test of Time: Celebrating Onions
https://blog.torproject.org/test-of-time-celebrating-onions
This month, the pre-Tor onion routing paper, "Anonymous Connections and Onion Routing" by Paul Syverson, David Goldschlag, and Michael Reed from IEEE S&P 1997, received the Test of Time Award by the IEEE Symposium on Security and Privacy in Oakland.
This award recognizes papers published at IEEE’s flagship security conference that have made a lasting impact on the field. This work introduced many ideas that would later be important for Tor’s design.
New Releases
Tor Browser 9.5a13
https://blog.torproject.org/new-release-tor-browser-95a13
This release updates NoScript to version 11.0.26, and Tor to 0.4.3.5. This is expected to be the final alpha release of Tor Browser 9.5.
Tor 0.4.3.5
https://blog.torproject.org/node/1872
This release adds support for building without relay code enabled, functionality needed for OnionBalance with v3 onion services, refactoring of configuration and controller functionality, and bug and performance fixes.
Tor Browser 9.5a12
https://blog.torproject.org/new-release-tor-browser-95a12
This release updates Firefox to 68.8.0esr, NoScript to 11.0.25, OpenSSL to 1.1.1g, and Tor to 0.4.3.4-rc. Android Tor Browser now includes Tor built using the reproducible build system.
Tor Browser 9.0.10
https://blog.torproject.org/new-release-tor-browser-9010
This release features important security fixes to Firefox and updates Firefox to 68.8.0esr, NoScript to 11.0.25, and OpenSSL to 1.1.1g. Please make sure you update your Tor Browser.
What We're Reading
Upcoming Events with Tor
- Postponed. Netdev 0x14, Vancouver. June 16, 2020 - June 19, 2020.
Join Our Community
Getting involved with Tor is easy. Run a relay to make the network faster and more decentralized: https://community.torproject.org/relay/
Run a bridge to help censored users access Tor: https://blog.torproject.org/run-tor-bridges-defend-open-internet
Learn about each of our teams and start collaborating: https://trac.torproject.org/projects/tor/wiki/WikiStart#Teams
Donate to help keep Tor fast, strong, and secure. https://donate.torproject.org
The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open-source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.
Twitter: https://twitter.com/torproject
Facebook: https://facebook.com/torproject
Instagram: https://instagram.com/torproject
Mastodon: http://mastodon.social/@torproject