Our first real donations campaign

by arma | December 1, 2015


Celebrate giving Tuesday with Tor

I am happy to tell you that Tor is running its first ever end-of-year fundraising drive. Our goal is to become more sustainable financially and less reliant on government funding. We need your help.

We've done some amazing things in recent years. The Tor network is much faster and more consistent than before. We're leading the world in pushing for adoption of reproducible builds, a system where other developers can build their own Tor Browser based on our code to be sure that it is what we say it is. Tor Browser's secure updates are working smoothly.

We've provided safe Internet access to citizens whose countries enacted harsh censorship, like Turkey and Bangladesh. Our press and community outreach have supported victories like the New Hampshire library's exit relay. New releases of tools like Tor Messenger have been a hit.

When the Snowden documents and Hacking Team emails were first released, we provided technical and policy analysis that has helped the world better understand the threats to systems like Tor — and further, to people's right to privacy. Our analysis helped mobilize Internet security and civil liberties communities to take action against these threats.

We have much more work ahead of us in the coming years. First and foremost, we care about our users and the usability of our tools. We want to accelerate user growth: The Tor network sees millions of users each day, but there are tens of millions more who are waiting for it to be just a little bit faster, more accessible, or easier to install. We want to get the word out that Tor is for everyone on the planet.

We also need to focus on outreach and education, and on helping our allies who focus on public policy to succeed. Tor is still the best system in the world against large adversaries like governments, but these days the attackers are vastly outspending the defenders across the board. So in addition to keeping Tor both strong and usable, we need to provide technical advice and support to groups like EFF and ACLU while they work to rein in the parts of our governments that have gone beyond the permissions and limits that our laws meant to give them.

From an organization and community angle, we need to improve our stability by continued work on transparency and communication, strengthening our leadership, choosing our priorities well, and becoming more agile and adapting to the most important issues as they arise.

Taller mountains await after these: We need to tackle the big open anonymity problems like correlation attacks, we need to help websites learn how to engage with users who care about privacy, and we need to demonstrate to governments around the world that we don't have to choose between security and privacy.

We appreciate the help we receive from past and current funders. But ultimately, Tor as an organization will be most effective when we have the flexibility to turn to whichever issues are most pressing at the time — and that requires unrestricted funding. It's not going to happen overnight — after all, it took EFF years to get their donation campaigns going smoothly — but they've gotten there, and you can help us take these critical first steps so we can get there, too. By participating in this first campaign, you will show other people that this whole plan can work.

Tor has millions of users around the globe, and many people making modest donations can create a sustainable Tor. In fact, please make a larger donation if you can! These larger contributions form a strong foundation for our campaign and inspire others to give to Tor.

You can help our campaign thrive in three simple ways:

  • Make a donation at whatever level is possible and meaningful for you. Every contribution makes Tor stronger. Monthly donations are especially helpful because they let us make plans for the future.
  • Tell the world that you support Tor! Shout about it, tweet about it, share our posts with your community. Let everyone know that you #SupportTor. These steps encourage others to join in and help to spread the word.
  • Think about how and why Tor is meaningful in your life and consider writing or tweeting about it. Be sure to let us know so we can amplify your voice.

Beyond collecting money (which is great), I'm excited that the fundraising campaign will also double as an awareness campaign about Tor: We do amazing things, and amazing people love us, but in the past we've been too busy doing things to get around to telling everyone about them.

We have some great champions lined up over the coming days and weeks to raise awareness and to showcase the diversity of people who value Tor. Please help the strongest privacy tool in the world become more sustainable!

Comments

Please note that the comment area below has been archived.

December 02, 2015

Permalink

Hi,

I wish to help but please try to use real anonymous alternatives like Paysafecard and NeoSurf (gift cards purchased with cash) for donations. MasterCard and Visa also provide their prepaid gift cards (paid with cash).

Thanks for your great job.

December 16, 2015

In reply to arma

Permalink

Hi,

is there some address in the EU I could mail a cash donation to?

I don't want the money to be stolen by some US customs agent.

just asking. otherwise I'm gonna do it by wire transfer:

if "their" list of encryption fans slated for summary execution after the next cleartext-coordinated bombing is any good, I expect to be on it anyway so I'll just pool donations from any friends who want to do it on the sly.

cheers

December 02, 2015

Permalink

Namaste,
Kewl diggs, excellent Business card as well. Looking great Roger!

This is a perfect time not only to donate, but to truly contribute towards a meaningful REAL change.

I am here to tell you there are remarkable events taking place that wouldn't be effortlessly possible without Tor. These changes, (new beginnings, old endings) some known some unknown will be made a reality in a relatively short time (less than half a decade) we are now on that timeline.

I personally want to thank Roger and the entire Tor Project team for their undeniable resolve to their efforts.

Unlimited ways to donate aside monetarily. As the saying goes anyone can donate with their Time (promoting, engaging, sharing) Talent (programming, runing a relay, educating) or Treasure (cash, debit, credit, checks, bitcoins, wire transfers) to name a few.

Hats off to you all involved in anyway with Tor.

Namaste,
imu.

December 02, 2015

Permalink

"Think about how and why Tor is meaningful in your life and consider writing or tweeting about it. Be sure to let us know so we can amplify your voice."

I've been using Tor for many years. In a time, when you even have to fear to lose your job for expressing your opinions publicy, Tor gives me a voice in a world full of self-censorship and fearful anticipatory obedience.

Tor protects me against corporate surveillance.
Tor protects me against unlawful and unjust government mass surveillance.
Tor protects me against other criminals.

Tor makes me rest easy.
Tor makes me happy.
I have no longer to worry about most of the threats to my online privacy.

Thanks Tor!

> Tor protects me against other criminals.

Rephrase to: Tor protects me against criminals.

> I have no longer to worry about most of the threats to my online privacy.

Rephrase to: I no longer have to worry about most of the threats to my online privacy.

Thanks for correcting me! :)

But I really meant "Tor protects me against *other* criminals." NOT because I were a criminal. I am not.
The term "other criminals" refers to criminal government agencies and criminal corporations in one line with OTHER "normal" criminals (like the Mafia).

December 02, 2015

Permalink

Raise the awareness of Tor in a healthy/reasonable way. Do not let it fall in fake presentation. In other words, it can really be useful for ordinary people and if such campaigns can take broader public to think and talk (and try if they wish so) such tools and they are legitimate, then it is great. Hope that the good/healthy/reasonable uses of Tor will get more popular. This post is only a temporary opinion.

December 02, 2015

Permalink

Even if your using Tor, every action is documented by the ISP, no? Every action is converted into metadata. Although, they do not know what your doing, they know what action you took? For example, clicked on image X, then clicked in link Y, and so on, right? How do you block metadata collection? Doesn't HTML5 force collection of metadata too? That is why a pop up comes up to allow or disallow. Damn internet!

I don't even understand the question. "Doing" vs "action taking"??

Hard to tell if the questioner did not bother to read the very basics about Tor (like what the Tor user's ISP does not know and what the web site's ISP does not know).

Or if the writer has a poor-paying job trying to spread FUD against Tor?

December 02, 2015

Permalink

Apologies if it is listed somewhere, but I couldn't find anything about the t-shirt sizes. How big or small do they run?

December 02, 2015

Permalink

Terrific post! Thank you, Roger.

I wish I could give TP a billion bucks. I can't but I'm giving something. I greatly hope this funding drive goes well, because I deeply believe that Tor needs to diversify (and grow!) its funding.

TP's increasing political and media sophistication also bodes well for the future.

December 03, 2015

Permalink

Thank you for helping people achieve better privacy and freedom of speech by providing a tool to defend against surveilling regimes. Thank you for helping people collaborate on this magnificent piece of software. My donation is nothing compared to the impact Tor has on peoples lives, but I am sure you can put it to use. Making tools accessible to everyone is an important step to helping people help themselves. May freedom flourish!

December 04, 2015

Permalink

Is there a way to limit my donation so that it doesn't cover things like travel that I don't appreciate?

https://www.torproject.org/donate/donor-faq

"Can I donate to a specific project, or restrict my donation to a particular purpose?

No, sorry. If we accept a donation from someone who has specified how they want it used, we're required by the IRS to track and report separately on that money. That would be a big administrative burden for a small organization, and we don't think it's a good idea for us. However, we would be very happy to hear your ideas and feedback about our work. If you're donating using a mechanism that allows for comments, feel free to send your thoughts that way."

Tor people giving live presentations to audiences is one of the most important things they do. Especially these days when even the very idea of private communication is in legal jeopardy. If anything, more people should be discussing Tor with groups of influential people. If we let them criminalize operating Tor relays, we will have lost everything.

> If we let them criminalize operating Tor relays, we will have lost everything.

Exactly. Winning Cryptowar II and evading political hazards must be a priority at this time.

That is your choice, of course, but I'd like to encourage you to rethink your attitude toward travel (by Tor people, I presume you mean) in view of the severe political threats which now face the Tor Project. I think travel for in-person meetings with a variety of "stakeholders" is essential at this time, in order to help Tor developers get to know each other and share sensitive ideas non-electronically, and for Tor Project leaders to meet with tech reporters and leaders of other civil liberties organizations.

One of the superb "sea changes" in how the Project operates is that tech leaders everywhere now seem to recognize that Tor has become an essential part of the internet infrastructure. Our project depends on others (such as Debian) which in turn depend on ours, so it's important for the leaders to meet in person and talk. In particular, Berlin is currently one of the best places to meet people to talk about privacy/security/anonymity issues.

December 04, 2015

Permalink

In a "wonderful world" Tor should be state sponsored as a part of
public education, but we are not yet there.
If you can, give, educate, spread the world.

Stay classy, Tor.

idd maybe a few of us could potentially rally up by using the freedom of information (act or legislation) requests and find out what their "tor project" policy/status is and then create some kind of heat map ? for targeted free speech literature etc.

Like most of users of tor, i do think that it is a shame to use it ; in a " wonderful word " ,you could say to the pope that you thinking about his own corrupted mind and black soul without to be treated as a disturbed or ID person (of course change 'pope' with the name of your favorite enemy lol ).
We are using tor because it is not possible to communicate without to be in danger.
Public education means spreading the world with military rules, so working for the interest of someone else, so repeating the words of a master.
Tor like the word privacy, cryptography, means that you work for yourself with your own words, identity, personality ...
I do not wish that tor be a part of a public education,sponsored by a state or being an us product but it is yet the case ... we are manipulated and tor does not solve this big problem, it created it in a vicious way since the beginning.
Hidden Service sound a better way for a "wonderful word".
Donate to Tor for a better future,

December 04, 2015

Permalink

> Stay classy, Tor

Plus one.

The situation faced by We the People is indeed grim, but from time to time something happens which appears to offer hope for a better future. Here is a very recent example:

Unlike the US Constitution, the Russian Constitution (and almost all EU Constitutions) explicitly recognizes that citizens must enjoy privacy rights:

http://www.theregister.co.uk/2015/12/04/mass_telephone_comms_intercepti…
ECHR rules Russia’s mass telephone surveillance unlawful
Alexander J Martin
4 Dec 2015

> [Russia's Constitution] guarantees "the right to privacy of correspondence, of telephone conversations, postal, telegraph and other messages"

Of course, such Constitutional guarantees are only as good as the willingness of courts to uphold them. Just as in the US, UK and EU countries, the Russian courts have shot down lawsuits pointing out that SORM violates both the Russian Constitution and the Convention on Human Rights (which Russia has ratified, making it the law of the land in Russia).

But in a landmark decision the European Court of Human Rights (ECHR) has just found in favor of a Russian citizen who argues that SORM is illegal:

> Russia's mass surveillance of all its citizens' telephone communications has been found [by ECHR] to be a violation of the European Convention on Human Rights, which [Russia] ratified in 1998.

The USG has consistently answered court challenges to its own dragnet surveillance by cynically arguing that litigants "have no standing" [sic] because they (supposedly) cannot prove they have been personally victimized by deeply secretive NSA dragnet surveillance programs. While US appeals courts have fallen over themselves in their eagerness to "validate" [sic] this disgusting legal ploy, the ECHR appears to specifically repudiate it:

> Zakharov's challenge was dismissed by [Russian] courts, as "he had failed to prove that his telephone conversations had been intercepted or that the mobile operators had transmitted protected information to unauthorised persons".

Precisely the same argument is applied by both the Russian and US governments regarding the issue of "intelligence/CT analysts" being granted secret access to the complete medical records of citizens.

> the Russian Constitution (and almost all EU Constitutions) explicitly recognizes that citizens must enjoy privacy rights

that is a good reason to participate at the " -first-real-donations-campaign " , without tor and others organizations, users ; it should not be possible.

A great country and a real democracy people/state like russia do understand that more people will struggle for their their rights more they will enjoy it.

Plan to donate.

------------------------------------------------------------------------------------------

* in the real life, privacy is an us concept written in the us constitution.
(so not available out side the frontiers)
* eu never recognized that and will not recognize these terms 'enjoy privacy rights' and will never do , in fact it is accepted like a genuine right as freedom principles that it means : you are an human being free (not a slave) and that you are able to do is your identity , your own privacy , your right at a future.
(so not available if you are sick, handicapped, slave or without personality/future/money- ),
* the respect of medical records and telephone conversations are a German concept.
(so not available in no-german countries)
* a law, 'such Constitutional guarantees' is/are applied by the will of the people.
(so not available if it is an agreement-corruption between two persons _ in Russia, the riches pay a lot for to be informed about their friends/opponents like in the usa)
* if a mass surveillance program exist and if individual persons use it for their personal interest : it is certainly because >50% of the people do it and want it.
(so not available for the other <50%)

> in the real life, privacy is an us concept written in the us constitution

Alas not true: privacy is *not* explicitly guaranteed by the Bill of Rights, although some legal scholars argue that the proscription against the government forcibly billeting troops in a citizen's home could be reasonably interpreted to proscribe backdoored cell phones, smart TVs, Stingrays, radar, thermal imaging systems, room-tapping lasers, audio transmitters in potted plants, dragnet surveillance of websurfers, etc. from snooping on persons inside their own homes, without probable cause and a search warrant from a judge.

> A great country and a real democracy people/state like russia do understand that more people will struggle for their their rights more they will enjoy it.

Turgenev once complained that he couldn't understand how a great language (Russian) had been granted to an unworthy nation (Russia). I think he meant: an unworthy government (Tsarist regime).

I imagine Nabokov might have agreed with similar puzzlement about another great language (English) granted to more unworthy governments (USG, HMG).

US, Russia, North Korea, Iran, Saudi Arabia, Syria... just as in the late eighteenth century, every great people sharing a great language and a rich history is being smothered under the oppressive weight of some appallingly awful government.

It's all of them against all of us.

is privacy written in the us constitution ? you are alas misinformed ;

https://en.wikipedia.org/wiki/Right_to_privacy
https://en.wikipedia.org/wiki/Privacy_laws_of_the_United_States
http://tenthamendmentcenter.com/2009/11/30/does-the-constitution-contai…
http://hubpages.com/education/answer/254019/where-is-the-right-to-priva…
http://constitution.laws.com/right-to-privacy
http://www.preservearticles.com/201106258609/what-is-the-difference-bet…

Be certain that privacy is an american conception and it is written in the constitution and even explicitly in some state (california i.d.) ; it is about insurance and propriety ; how could you open a world market -imperialisme- or trading without guaranties and the right to make things in a secret manner without this wonderful right of privacy ?
usa judges, at the hight level, yet had understood how to manage the future and the present for their people and have discussed about that publicly.

Turgenev (novelist) complained to not be honored and payed as a vip (tsar regime ? no, jealousy ...).
Nabokov (novelist) complained to not have had his piece of paradise, his own american way of life without rules and punishment (intellectual thought ? no, jealousy ...).

i disagree strongly with your comment above !
" US, Russia, North Korea, Iran, Saudi Arabia, Syria... just as in the late eighteenth century, every great people sharing a great language and a rich history is being smothered under the oppressive weight of some appallingly awful government "

language,history,people build their world , yesterday like today, it is another time for another challenge in a new world for another people.
A government do not destroy a language, a culture, a tradition, a people, it did not exist and it does not exist ; these attacks come from abroad.
if it is a foreign government who sell, kill, torture and if this country has "rules", it must be the people of this country who have to stop them ! not you , not me, not something or someone else ...
it is the reason why the right of privacy is absolutely the voice of the freedom and can stop and avoid the errors of the government.
it can be a marketing mistake, a policy incompetent, a corrupted agreement, or a lost mind , a mafia organization ... the right of the privacy can allow you to say no ; i should not follow you if you take this way.

# US is a very young country without a real history, like Israel, sharing/feeling are not something genuine in the young babies minds ; the " oppressive weight of some appallingly awful government " can also be the will of the people !

Twas not my intention to offend, but in a way I love it that Russians (I presume) can still get worked up about the East-facing/West-facing themes in the novels of Turgenev or Tolstoy!

I can't imagine many Americans rushing to denounce the political views of Melville!

> A government do not destroy a language, a culture, a tradition, a people, it did not exist and it does not exist ; these attacks come from abroad.

Now you sound like a character in the dystopian novel "Petersburg" by Andrei Bely. If you don't mind my saying so.

> US is a very young country without a real history, like Israel

Well, those countries certainly have *shorter* histories than Russia or France, but they are *interesting* histories which can help us all better understand the situation ordinary folk face at the dawn of the 21st Century.

Other than the issue of Turgenev's character, I am not sure we actually disagree about the important stuff. I was trying to warn that the US courts have generally not interpreted privacy as a right enshrined in the Bill of Rights, while you are arguing that they should so interpret the Constitution. In short, if I understand you correctly, we both want more privacy for all.

no, i am speaking about a real world with real characters in a real life.

usa & israel have :
1) nothing to learn to the others,
2) none *interesting* histories.

the US courts are deeply structured and obey to the congress so the sources is the Constitution (which the boss is the president Obama) and not a point of view/interpretation or an opinion/pressure : e.g. last month, a woman was imprisoned because she refused to accept a marriage in the usa arguing that it was the voice of *her conscience*.

In short, if I understand you correctly, we should not want the same privacy for all.

i am speaking about equality under the same norms with the same "no" in the same direction and you are interpreting like a melting-pot (error) under one people (error) with a third part (error) _ your own view of the universe _ It is certainly interesting or true - why not ? - but not in the straight line for a quick and fast result and cannot be applied out of your home or your dreams.

In fact, happy few can read between the lines and understand, concept, manage a message made by the artist (AndreiBelyTurgenevTolstoymelville etc.).

privacy is not a political or artistic idea : it is an argument for not be in front of a court , at a trial , in jail , ; it is a legitimate exception/exemption allowing you to do illegal/amoral/immoral things and illegally : it is an us idiom checkpoint and business diplomatic paradox.

note : BelyTurgenevTolstoymelville were payed from the budget of the government/people defending culturehistorytraditionlanguage.It was the reflect of a period.

i am using tor because the services run with which this blog.

suggestion for improvement on the tor blog :
tab for key ID ?

> > [Russia's Constitution] guarantees "the right to privacy of correspondence, of telephone conversations, postal, telegraph and other messages"
>
> Of course, such Constitutional guarantees are only as good as the willingness of courts to uphold them.

It's important for anyone working to slow the encroachment of explicit censorship into US, France, etc. to know that Iran is very far from being a political monolith. Just as in China, Russia, there are many intellectuals who are placing themselves in danger by speaking out in various ways. Tor can help them to do this a little more safely.

Iran's Constitution prohibits media censorship, but here too the courts have been unwilling to shoot down unconstitutional practices. (In fact, in Iran, the courts are often the most "hard-line" political institution.)

In a bold step which we should all applaud, a major Iranian newspaper has just published an open letter condemning political censorship:

http://www.theguardian.com/world/2015/dec/09/iranian-newspaper-ettelaat…
Iranian newspaper condemns media censorship in rare front-page editorial
9 Dec 2015

> The Islamic republic’s constitution has explicitly made clear that censorship is prohibited but the country has one of the world’s worst records of press freedom, with dozens of journalists and bloggers currently held behind bars.

Everyone in countries like France, USA is no doubt aware of the ascension of fascism in their own country. One effect the mainstreaming of far right views has is that "moderate" views now encompass such ideas as the recent suggestion by Rep. McCaul (chair of the US House of Rep Homeland Security Committee) that *any* "inflamatory" blogging "helps ISIS":

http://thehill.com/policy/national-security/262594-inflammatory-rhetori…
'Inflammatory' rhetoric helps ISIS, says chairman for Homeland Security
Julian Hattem
9 Dec 2015

> “Any time somebody is making inflammatory statements about Muslims or whatever, they can take that and use it to their advantage for recruiting purposes,” Rep. Michael McCaul (R-Texas) told reporters at a breakfast sponsored by the Christian Science Monitor.

http://america.aljazeera.com/articles/2015/12/8/whatever-happens-to-don…
Whatever happens to Donald Trump, Trumpism is here to stay
Ned Resnikoff
8 Dec 2015

> Americans are used to such venom dripping from the lips of talk radio hosts and the occasional Fox News anchor. But to be uttered by the frontrunner for the nomination of one of the two main parties was more than many had bargained for. What once had been considered hate speech confined to the margins of political life is now out and proud in the mainstream... [Trump's] base is not too different from that of the Front National, which just triumphed in the French regional elections, Ukip or any of the range of far-right parties currently making headway in Europe.

All Tor users should follow the fate of CISA, the US bill, which has passed both Senate and House with all privacy amendments voted down, so that the two versions of the law are being "reconciled" by McCaul and others, because it is virtually certain that NSA will use the information they get to target all Tor users whose Tor circuits sometimes pass through the US, i.e. all Tor users, using the excuse that "we have to see whether they are using Tor for cyberintrusion" [sic].

The one remaining provision which might have offered some civil rights protections was that most Senators and Reps who voted for the bills did so under the understanding that DHS would try to remove PHI before passing information on to NSA, etc., but behind closed doors even this has been removed. Since privacy advocates have been reduced to attempting to exploit turf wars between DHS, NSA, CIA, we should support the effort of--- believe it or not--- McCaul, who is no friend to privacy or network security to force the DHS role to remain in the law when it goes to the President for signature.

http://thehill.com/policy/cybersecurity/262598-white-house-reviewing-ne…
White House reviewing cyber compromise
Cory Bennett
9 Dec 2015

> The White House is reviewing a near-final draft of major cybersecurity legislation that would encourage companies to share more data on hackers with the government, according to multiple people with direct knowledge of the negotiations...the Obama administration’s approval is not certain... portions of the text [are] still being negotiated.

In the context of a last-minute rush to avoid a USG shutdown this weekend, new bills are being introduced by powerful politicians trying to force them through at the last minute without debate:

http://thehill.com/policy/cybersecurity/262530-social-media-terrorism-b…
Bill targeting social media 'terrorist activity' faces backlash
Katie Bo Williams
8 Dec 2015

> Feinstein, the Senate Intelligence Committee's top Democrat, has been pushing for legislation to try to stall the growing use of social media by extremist groups to spread propaganda, recruit followers and plan attacks.

It is easy to forget that there appears to be little if any credible evidence supporting this assumption, much less the assumption that alleged recruitment drives are actually accomplishing what Feinstein claims to fear.

As we have seen in Iran, once you give censors the power to block political views they dislike, they will abuse their power.

I hope to see a global grassroots movement making an international outcry against censorship and oppression everywhere. And calling for the courts to uphold constitutions everywhere.

If Iranian journalists are courageous enough to speak out, so should FVEY and French journalists.

December 04, 2015

Permalink

Another alternative to raise funds for new paid staff would be for those who choose not to be anonymous to sponsor an employee. If 100 donors contribute $100/month it would raise $120,000 per year. Enough for one, or perhaps two employees. As a reward for their donation, the donor could receive 10 hours of computer/Tor assistance per year. (Which they could use themselves, donate back to Tor, or donate to some other worthy group)

December 06, 2015

Permalink

Tor represent the free, uncontrollable web, as many of us was knowing it in the past (for example without mass-sourveillance ...). The entire web as we know now, exist, due to uncontrollable web users like you guys: from this way of being we can expect freedom without compromises. There is no other way.
Tor holds the soul of the web alive.
And only for the importance of this aspect, a Thank You is not enough.

"about to block Tor" and "the cops have been hyping that they want that" are fortunately not quite the same thing.

We need to support our friends in French NGOs to help them fight for civil liberties and reasonable policies in their country. For example, our friends at:
http://www.laquadrature.net/

And lastly, this reminds me of my discussion with Belgian law enforcement back in 2013 -- search for the phrase 'Great Firewall of Belgium':
https://blog.torproject.org/blog/trip-report-tor-trainings-dutch-and-be…

December 08, 2015

In reply to arma

Permalink

Are you really that relaxed towards the current fear-loaded climate, especially in France? The French Police will get whatever they want. There is no meaningful civil society or opposition in France.

Additionally, La Quadrature is weak. France has no powerful NGOs.
In Germany, the situation is quite different, e.g. the CCC is very powerful.

PS: Do have plans to talk directly to French authorities?
Do you have a Tor crisis intervention team to react to such situations?

December 12, 2015

In reply to arma

Permalink

http://arstechnica.com/tech-policy/2015/12/france-wont-block-public-wi-…
France won’t block public Wi-Fi or ban Tor after all
Andrii Degeler (UK)
11 Dec 2015

> Days after the reports on the proposal surfaced in the French newspaper Le Monde, the country's prime minister Manuel Valls said he had never heard of such requests by police. "A ban on Wi-Fi is not a course of action envisaged," he added according to The Connexxion.
>
> Valls also said he wasn't in favour of banning Tor, and denied any knowledge of the police authorities requesting a law to "require [service] providers to give security forces access codes."

This is good news, but it doesn't change the fact that whenever we hear of proposals to ban crypto, Tor, or other critical aspects of internet infrastructure such as open WiFi access points, we all need to push back immediately, because such outlandish proposals will eventually be enacted unless we succeed in getting them shot down as impractical, ineffective, counterproductive and oppressive each time they are proposed. We all need to bear in mind that with each new terror attack, mass shooting, major offensive cybercrime case, our enemies will try to exploit shameless fear mongering to further expand their surveillance/cyberattack powers targeting individual citizens.

(Fortunately, I think Shari Steele is already sufficiently familiar with how our political enemies think to understand the dangers we face, but I won't let that stop me from urging her to prioritize the current political fight against the most lethal enemies of the internet, for example by preparing contingency plans against the hopefully less than 0.2 probability that France might suddenly declare Tails or Tor effectively illegal.)

> hopefully less than 0.2 probability that France might suddenly declare Tails or Tor effectively illegal.

Maybe the probability is bigger than 0.2 after all.

An article in The Intercept points out that the State of Emergency declared by Hollande suspends key portions of the Constitution:

https://theintercept.com/2015/12/12/terrorist-attacks-spark-crackdown-c…
“Emergency” Measures May Be Written Into The French Constitution
Martin Untersinger
12 Dec 2015

I believe that constantly placing links to anti-Tor propaganda in these comment sections cause that propaganda to have high search relevance when people search for Tor.

I very much doubt that this is true, and I question the assumption that all links point to "anti-Tor propaganda" (indeed, another poster complained about links to "pro-Tor propaganda".

In any case, keeping the user base geopolitically well-informed about issues which affect Tor users is surely laudable, even necessary at a time when the political threats confronting the Tor Project are just as dangerous to the future of Tor as the technical threats.

I think both of you have valid points.

Warning people about the dangers of upcoming harmful moves by governments (or other large organizations) is good to do -- so they can help fight back.

But also, giving people the impression that tools like Tor are fringe, or fragile, or about to disappear, can reinforce these misunderstandings in the eyes of people who are still making up their mind what to think about the privacy struggle.

December 06, 2015

Permalink

> Even if you [are] using Tor, every action is documented by the ISP, no? Every action is converted into metadata. Although, they do not know what you [are] doing, they know what action you took? For example, clicked on image X, then clicked in link Y, and so on, right? How do you block metadata collection? Doesn't HTML5 force collection of metadata too? That is why a pop up comes up to allow or disallow. Damn internet!

Tor implements an onion routing network. That means that, generally speaking, the "they" (the operators of some website, and snoops watching possibly the unencrypted packets passing between the exit node and the website) who know that some unknown visitor using some IP (the IP of the exit node in some Tor circuit) clicked on some link is not the same as the "they" (your ISP, and snoops watching the encrypted packets passing between your IP address and the entry node).

Further, the three hops and the onion encryption used in building Tor circuits mean that the operators of the exit node cannot easily deduce which entry node is being used by a given circuit exiting from their node, and the operators of the entry node cannot easily correlate IP addresses of Tor users with packets exiting from exit nodes.

Further, dns lookup and ocsp lookup (translation of urls to IP addresses and fetching https certificates) is done by the exit node, cutting off two further avenues for snoops to try to deduce what a given user (you, say) is doing in real time.

Further, Tor uses encryption which is safe from many known and dangerous vulnerabilities which exploit flaws in encryption protocols, eg. POODLE, BEAST. And Tor uses perfect forward secrecy, which cuts off another easy vulnerability which governments can and do routinely exploit.

Further, Tor Browser actually does block much metadata collection by the operators of the websites you visit. (See the "Security Slider"). And that metadata which is collected anyway is not easily tied to your real life identity.

This is strong protection, especially if the only threat which concerns you is the kind of corporate-sponsored dragnet surveillance used to implement targeted behavioral advertising. But that would be silly, given the known fact that agencies like NSA have essentially declared war on every living person (including American grandmas, judges, Senate staffers, NSA employees, etc.).

Tor can possibly be circumvented if

o you log in to some social media site which can be tied to your real identity using "traditional" targeted behavioral advertising or investigatory methods,

o you have been remotely targeted with APT malware (see the recently published factsheet from HMG on "Targeted Equipment Interference" powers included in the Investigatory Powers Bill, aka "snoopers charter", which permits GCHQ to target any IP address in any country without meaningful oversight),

o your computer has been tampered with, perhaps by installing a hardware keylogger or some other kind of "hardware implant",

o another item of electrical equipment on your personal LAN has been compromised (e.g. a networked printer),

o a hidden camera is looking over your shoulder (quite possible if you are surfing from a workplace cubicle),

o you are being surveilled using equipment designed to read stray electromagnetic emissions given off by any operating item of electrical equipment (NSA is particularly fond of targeting both CRT and flat screen displays; some of their methods require clandestine physical access to replace your ethernet cable with one which contains a hidden "retroreflector" used to monitor your emissions from a nearby location).

All that might sound scary, but the more people who routinely use Tor (and millions already do), the harder it will be for snoops to use such targeted advanced methods (which typically require some expert attention by experienced malware writers, analysts and burglars) "at scale". IOW, if everyone used Tor routinely, dragnet surveillance would be virtually impossible. Governments would have to carefully pick who they really really want to monitor, which would mean they would have to fall back on such "obsolete" notions as probable cause and (person-specific) warrants. Or simply kicking in your door.

> Further, the three hops and the onion encryption used in building Tor circuits mean that the operators of the exit node cannot easily deduce which entry node is being used by a given circuit exiting from their node, and the operators of the entry node cannot easily correlate IP addresses of Tor users with packets exiting from exit nodes.

Middle relays know both the entry and exit relays. In my opinion, Tor circuits should be four relays in length so that there are effectively two middle relays: one entry-side middle and one exit-side middle. Neither of them would know both endpoints (entry and exit) as having four relays would ensure that at least one endpoint is behind a two-circuit onion route.

My concern is an adversary that has resources that can be readily mobilized to mount a correlation attack when both ends of the Tor circuit are known.

Paul Syverson wrote about onion route circuit length choices in his paper "A Peel of Onion" which can be accessed at: https://www.acsac.org/2011/program/keynotes/syverson.pdf

December 06, 2015

Permalink

> kewl digs

Regarding the concern about the USG possibly suddenly outlawing Tor, or restricting travel of persons who might be considered "dangerous", such as Tor developers and Tor Project leaders: some LANL employees have been urging DHS to install 50-65 "security checkpoints" located 5 to 50 miles from the center of Boston. These checkpoints could range from hard-to-miss border crossing style checkpoints to clandestine stations containing radiological monitors, cameras tied to facial identification databases, detectors which attempt to enumerate the unique identifier of every item of WiFi enabled equipment which passes by the station, etc.

In a staggeringly repugnant use of a method which is probably familiar to many readers of this blog, the LANL employees chose potential locations by converting the Boston road map into a network and applying the Ford-Fulkerson algorithm to determine the minimal cut set. As in, "completely cut off Boston from the outside world". They also urged further checkpoints intended to interrupt all train and airport travel in or out of Boston, whenever the USG desires.

The LANL snoops want to install similar checkpoints surrounding 49 other major American cities.

December 06, 2015

Permalink

can anybody plz tell me why tails is based on debian and not fedora? is debian safer than fedora????

Mostly it's because the Tails people are more familiar with Debian.

But that said, the free software community in general does rally around, and better support, Debian, compared to Fedora. Yay free software community.

December 06, 2015

Permalink

I know this has nothing to do with the topic, however I am new to all this. I just downloaded Tor & I am looking for someone to help me learn what I need to know. if there is anyone out there willing to help a newby please comment on how to contact you. Thanks in advance!

BB

December 07, 2015

Permalink

hi

are the TOR merchandise products listed on cafepress official? do tor benefit from those purchases?

thanks for everything.

is your isp blocking tor ? is it possible to do it ?
inside the eu , the answer is no.

As soon as you pay monthly your bill , they cannot (us secret agent in freelance from a consulate in a foreign country or super-police or spy-cables are off-topic here) because it is in the contract (but a firewall, a server, a monitored connection:computer can do it easily - a member of your family or your teacher can ask to the isp to block it, i.d.).

Usually they run your internet connections in a lan-restricted area using tricks (fake/bad o.s ; compromised updates/dns ; computer with backdoor/malware ; etc.).

If you are in trouble about that ; the first step is to verify and install correctly your o.s and tor then change your dns and set https/noscripts/tor at a safe level.
(e.g uncensored DNS Servers http://blog.censurfridns.dk/en/ip)
the second step is to try onion address, site under control (school/university e.g.) and why not, let us know why, how, where your tor network access is blocked (it is not illegal and even isp promote its usage ; it is safer with than without).

do not forget that more they are users; more you are protected, more the access is free and uncensored.

December 07, 2015

Permalink

> As a reward for their donation, the donor could receive 10 hours of computer/Tor assistance per year.

I'd be concerned that such "donors" might include V. Putin or C. Koch, and that they'd demand to be assisted in breaking Tor.

I think donors should be encouraged to donate because the world needs more Tor, lots more Tor, not because they are entitled to special treatment or a personal "reward" (beyond that highly coveted T-shirt).

> > As a reward for their donation, the donor could receive 10 hours of computer/Tor assistance per year.

>I'd be concerned that such "donors" might include V. Putin or C. Koch, and that they'd demand to be assisted in breaking Tor.

That's an outlandish scenario. "Hey tech support, I have a very special request..."

Maybe so, but we must all bear in mind that before Snowden's leaks, the mainstream view was that the following claims were all "outlandish", "absurd", or even "insane" [sic]:

o NSA is breaking into internet choke points all over the world in order to spy on all the world's packets

o NSA is determined to read and analyze all the world's communications and data (in motion, at rest)

o NSA is targeting ordinary citizens because they happen to work as Telecom engineers

o NSA is actively targeting large corporations such as Petrobas

o NSA deliberately weakens encryption standards in order to ensure that they can break encryption

o NSA breaks into the networks of smart phone makers to steal the factory installed encryption keys of everyone who buys a phone

o NSA buys zero-day exploits just like the criminals do

o NSA is actively trolling bulletin boards and breaking into social media servers in order to spy on ordinary people

o NSA is exploiting ubiquitous cookies (e.g. Google and single-sign-on schemes) to spy on ordinary people

o NSA is exploiting bug reports to target people with tailored malware

o NSA has made targeting Tor a high priority

I could go on, but you get the idea: all of these outlandish claims turned out to be *true*. Perhaps the most important lesson from the Snowden leaks: nothing is too outlandish for NSA, FBI and other lavishly funded intelligence agencies.

December 07, 2015

Permalink

> While US appeals courts have fallen over themselves in their eagerness to "validate" [sic] this disgusting legal ploy, the ECHR appears to specifically repudiate it:

Just as the USG ignores international courts and tribunals which rule against it, acting upon an obsessive compulsion to achieve some logical consistency with her endemic human rights violations, Russia has responded to the ECHR ruling declaring SORM illegal by declaring that ECHR rulings are illegal in Russia:

http://www.theregister.co.uk/2015/12/07/russia_new_law_restrains_echr_j…
Putin's Russia outlaws ECHR judgments after mass surveillance case
Lower house says gov can ignore inconvenient European rulings
Alexander J Martin
7 Dec 2015

Dear person who enjoys writing these blog comments:

Could I convince you to learn how to use the 'reply' button when writing comments? That way the comment threads will be, well, threaded. :)

Thanks!

December 08, 2015

In reply to arma

Permalink

You mean this invisible green on green button I just discovered by moving the mouse?

Yes, exactly that one.

Except to me it's green on white, and easy to spot.

You must hate this blog format. I sure do look forward to its replacement. :)

December 09, 2015

In reply to arma

Permalink

OK, its an extra step but I'll try to use the button now that I know how to find it.

December 08, 2015

Permalink

arma how unsafe is it to use a old torbrowser like 3.6.x series.?... I know you say to always stay up to date with latest..... but if one uses older ver does it automatically mean you get hacked?

December 09, 2015

In reply to arma

Permalink

does the site you are visiting have to have evil code in it for dangers to occur with using old TBB ver? what like switching off javascript would that mitigate the dangers of old tbb

I really think you should listen to arma and use only the current version of TBB.

Many people use the next-most-recent version to get the current version as soon as it becomes available, so if you managed to navigate to this blog while using Tor Browser, you should be able to download the most recent version of TBB using your Tor Browser. Don't forget to verify the detached signature!

December 15, 2015

Permalink

Story making the rounds about someone with questionable taste who probably won't donate to the Tor Project any time soon:

Not long ago, senior FBI agents briefed Director James Comey about a HS website devoted to a rather unusual fetish, involving the navels of adolescent slavs, or some such thing. Anyway, the agents explained how after much effort they were able to definitively identity the person in Russia operating the website. Comey asked why, in that case, the agents looked so glum. What's the hold up, let's ask the Russians to extradite. Then the agents dropped the bombshell: the Russian Federation is very unlikely to extradite the operator, because...

Well let's just say that he's better known as someone who doesn't move his arms when he walks.

A news story supporting the hypothesis that the anecdote might not be entirely apocryphal:

http://arstechnica.com/tech-policy/2016/01/putins-top-internet-adviser-…
Putin’s top Internet adviser seems to own a piracy torrent site
Site owner is also head of Russia's Internet Development Institute.
Glyn Moody
20 Jan 2016

> Vladimir Putin's special adviser on the Internet, German (Herman) Klimenko appears to be the owner of a Russian torrent website, according to an investigation by TorrentFreak.
> ...
> Klimenko became Putin's special adviser on all things Internet earlier this month.
> ...
> The site is torrNADO.ru, a pun on the Russian phrase "torrenti nado?"—do you need torrents? It offers the usual range of films, music, games, software, and e-books, all for free, and so presumably pirated.
> ...
> Klimenko's loyalty to his boss probably explains how he manages to be the country's top Internet official while downplaying the urgency of dealing with piracy in Russia.

December 19, 2015

Permalink

Roger, What about Bitcoin?

There is everything to create 10000% of new Exits and Middles easy & simply with Bitcoin.

1) Let everybody put his own Bitcoin address to the "Nickname field".

2) Publish ONE and only ONE Bitcoin address for Donation to the Tor Project in the Top of torproject.org site.

3) Spread Bitcoins each day / week / month from this address to the Nicknames addresses according to the atlas.torproject.org info.

All this data would be checked easy by blockchain.info and little peace of code on the torproject.org site side.

Cheers!

January 10, 2016

Permalink

@ Shari:

The following suggests that word is not getting out about the Funding Drive. Maybe someone should email another announcement to tor-talk?

Subject: Funding Tor Development trough Referral/Affiliate Marketing
From: Scfith Rise up
Date: Jan 10 2016

> I didn't realize The Tor Project needed to investigate other options to raise more money. They have a decently paid staff, and plenty of beneficiaries. At least according to their 2013 tax filings. So, while your idea is interesting, this is a solution seeking a problem with the wrong entity.

By the way, the suggestion from naif is so awful that I can't believe he said it. Not that I think you would even consider such a thing, but obviously spoofing headers without the permission/knowledge of the user is just the kind of thing Tor is against, not the kind of thing it should ever considering doing.