Blogs

We keep hearing from people around the world that clicking the 3 buttons to turn yourself into a bridge is too difficult todo for most users. These people have repeatedly asked for a "bridge by default" configuration in a package. Here it is: http://archive.torproject.org/tor-package-archive/technology-preview/

When you install and run this package, you are a bridge relay helping censored users around the world access Tor and the uncensored Internet.
To understand more about bridges, read https://www.torproject.org/bridges.

This is the installable Vidalia bundle configured to be a bridge by default. This is Tor 0.2.2.13-alpha, Vidalia 0.2.9, Polipo 1.0.4.1. The only difference between this bridge-bundle and the vidalia-bundle is the bridge configuration. read more »

Recently, a few articles have been published regarding Tor, Wikileaks, and snooping data coming out of the Tor network. I write to remind our users, and people in search of privacy enhancing technology, that good software is just one part of the solution. Education is just as important. This is why there is a warning on the Tor download page about what Tor does and does not do. We also have a FAQ entry about this topic. Any plaintext communication over the Internet is open to intercept. This is true if the transport mechanism is email, http, tor, or carrier pigeons. Tor does not magically encrypt the Internet from end to end. Tor does wrap your traffic in encrypted layers as it transports it through the Tor network. read more »

On May 26, Tor Browser Bundle for Microsoft Windows is updated to include the newer Vidalia 0.2.9. This fixes some issues with character set handling, and adds Vietnamese as a new language.

On May 31, we released Tor Browser Bundle for Linux 1.0.6. It contains the following updates:

• Add arch to tarball name so there's no collision
• Add libpng for Arch Linux
• Add HTTPS Everywhere extension
• Update Qt to 4.6.2
• Update Vidalia to 0.2.9
• Update NoScript to 1.9.9.80

On June 1st, we released Tor Browser Bundle for Linux 1.0.7. It uses an older glibc for better compatibility with older linux distributions.

On May 20, we released Vidalia 0.2.9. Fixes include Qt 4.6.2 compatibility, new cert, and some new translations.

You can download it at https://www.torproject.org/vidalia/. Packages are slowly being updated to include this version of Vidalia.

The full changelog is: read more »

• Remove the GoDaddy CA certificate bundle since we changed the certificate used to authenticate connections to geoips.vidalia-project.net for downloading GeoIP information from a commercial GoDaddy certificate to a free CACert certificate.
• Define -D_WIN32_WINNT=0x0501 on Windows builds so that MiniUPnPc will build with the latest versions of MinGW.
• Modify miniupnpc.c from MiniUPnPc's source so that it will build on Mac OS X 10.4.
• Work around Qt's new behavior for the QT_WA macro so that Vidalia will
  work correctly again on Windows with Qt >= 4.6.

If you know anyone who'd like to be a grad student or postdoc working on Tor (or related things), please pass this information along to them.

The Cryptography, Security, and Privacy (CrySP) research group at the University of Waterloo is seeking applications for graduate students and a postdoctoral researcher in the field of privacy-enhancing technologies, preferably on the topic of privacy-preserving communications systems. These positions will be held in the Cheriton School of Computer Science. read more »

New releases

• On April 24, we released Tor 0.2.2.13-alpha. This version addresses the recent connection and memory overload problems we’ve been seeing on relays, especially relays with their DirPort open. If your relay has been crashing, or you turned it off because it used too many resources, give this release a try.

  o Major bugfixes:
  - Teach relays to defend themselves from connection overload. Relays
  now close idle circuits early if it looks like they were intended
  for directory fetches. Relays are also more aggressive about closing
  TLS connections that have no circuits on them. Such circuits are
  unlikely to be re-used, and tens of thousands of them were piling
  up at the fast relays, causing the relays to run out of sockets
  and memory. Bugfix on 0.2.0.22-rc (where clients started tunneling
  their directory fetches over TLS).

  o Minor features: read more »

An increasing number of people are asking us about the recent paper coming out of Inria in France around Bittorrent and privacy attacks. This post tries to explain the attacks and what they imply.

There are three pieces to the attack (or three separate attacks that build on each other, if you prefer). read more »

Over the past 18 months someone has been mailing fake checks from us to individuals all over the United States. The text of the letter one receives is:

From: Merchant & Bryce, Partners in Finance.
To: victim

Congratulations! We are pleased to inform you that you are one of the 26 declared lucky winners of our 2009 Dreams Sweepstakes(tm) held on [pick a date] in the 2nd category. A ticket with serial numbers [make up some numbers] attached to your name drew the lucky winning numbers [make up some numbers]. read more »