2017 Was a Big Year for Tor
We achieved a lot in the last 12 months.
The free and open internet was under attack in 2017, but Tor was there to fight for privacy and security every step of the way.
Here are just some of the ways we kept Tor and the fight for internet freedom strong:
- We released our next-generation onion services featuring cutting-edge crypto algorithms and improved authentication schemes.
- We released a big update to Tor Browser, which brought major security improvements to Tor, isolating attacks on our software so they don’t compromise a user’s computer. This process is called sandboxing, and it works by separating Tor network processes from rest of a user’s computer, denying malicious actors access to users’ files, documents, and IP address. Sandboxed Tor Browser is available for Mac and Linux and is coming soon to Windows.
- We launched our first public bounty, paying people to #HackTor (responsibly!). To date, we’ve paid out over $7,000.
- Our friends at OONI released the ooniprobe app, a tool for monitoring network surveillance and censorship. They also documented censorship in Thailand, Myanmar, Indonesia, Egypt, Cuba, Catalonia, and Pakistan.
- We redesigned our Tor Metrics website and launched the a whole host of new features, including Relay Search.
- We launched our support wiki, making it easier to find answers to frequently asked questions about Tor.
- We added a new feature to the Tor network, changing how traffic gets distributed and preventing the network from becoming overwhelmed.
We have big plans for 2018, too. In the next 12 months, we’ll port Tor to mobile (building on work we laid out before), make it easier for third-party developers to integrate Tor’s privacy and security protections into their apps, and make Tor more user-friendly, so that more people can obtain, install, and run Tor, giving more people a highly secure way of browsing the internet without being tracked or monitored or having their personal information shared and exploited.
We want you to be a part of this important work. We’re always looking for volunteers to help make the world’s strongest privacy software even better. You can help us make the network faster and more decentralized by running a relay, especially if you live in a part of the world where we don’t have a lot of relays yet. If you can, please donate to Tor today.
I agree, adding that all the cybersecurity stuff most of us have been doing all along (regularly updating our systems, avoiding to click on dodgy links) is still worthdoing despite the amazingly disastrous consequences of the complete breakage of the distinction between kernel space and user space memory, because it appears that some currently known examples of Meltdown and Spectre attacks require the attacker to have already gained sufficient access to your device to run their malicious code on it.
My problem is that I rely on the onion mirrors to obtain security upgrades for Debian, and so for I have not seen *any* upgrades from 2018 appear when I use "reload" in Synaptic. But I know from the security-announce mailing list archive that about a dozen have already appeared, including the critical patch to the kernel which should help prevent basic Meltdown attacks.
"high": this blog does not work unless you set the slider to "medium" or "low". I write this using Tails 3.4 which does include the linux kernel patched to defend against basic Meltdown, and also with some patches which could prevent some Spectre attacks.