Support the Tor Project 2016!

by ssteele | November 23, 2016

Today the Tor Project launches our end-of-year crowdfunding campaign, themed "Tor: at the Heart of Internet Freedom." This is part of our initiative to diversify our funding sources and improve our communications with you, our contributors and supporters. We're using the open-source membership platform CiviCRM to help us manage things, and donors should receive thank-you notes and swag in a timely fashion.

The Tor Project has been around for ten years, making tools that promote and protect the essential human rights of people around the world. Our work protects activists from persecution, whistleblowers from retribution, and vulnerable and marginalized people from further attacks and isolation.

The need for Tor is greater than ever.

Surveillance and censorship harm our freedom to exchange ideas, connect with our families and friends, and improve our lives--matters of the head...and the heart.

The Tor Project is more than a software organization. Tor is a labor of love by an international community passionate about preserving your freedom to express yourself fearlessly and keep private things private.

As another year comes to a close, won't you join us as we provide anonymizing technologies crucial to protecting our human rights? Please support this important work by making a tax-deductible donation now:

https://donate.torproject.org/

Here are some of the things we've accomplished over the last year, thanks in part to donations from our community:

· Updated and released over a dozen stable versions of the Tor Browser, a critical tool for securely and anonymously accessing the Tor Network and all Internet websites, to add features and fix bugs in coordination with new releases of Mozilla Firefox.

· Added additional Pluggable Transports (PTs) to the Tor Browser, making it easier for users under repressive governments to connect to the Tor network and bypass censorship.

· Improved the security and performance of the core Tor program, the underlying proxy software that Tor Browser uses to protect your traffic.

· Researched post-quantum cryptography alternatives for deployment to ensure the security of our systems into the future.

· Upgraded our cryptographic backends to ensure that Tor can provide the widest number of supported cryptographic algorithms, as well as support platform specific implementations.

· Strengthened our external community by ramping up work on better user support and documentation, including a new Tor Browser manual.

· Strengthened our internal community by coming together around the Tor Social Contract, which affirms our commitment to our beliefs, including our promise to never put backdoors into Tor.

· Grew the Community Team to build the network of people around the world doing Tor outreach and to provide them with training resources.

· Empowered people in Brazil, Russia, Turkey, and other countries suffering from increased censorship in 2016.

· Improved GetTor, helping more people who live under oppressive censorship regimes to easily access the Tor Browser and other vital information.

· Released the public beta of OONI Explorer, a global map of Internet censorship (and how well Tor circumvents it) in over 100 countries over the last three years.

· Made great progress toward next-generation Onion Services, including deployment throughout the Debian infrastructure, and tools like OnionBalance, a server tool that helps improve the stability and availability of popular Onion Services.

· Conducted an informal review of our major bugs from the last few years to look for trends and patterns to help us use our time and resources more effectively to write our code more safely over the coming years.

· Served as a founding partner in a Day of Action protesting changes to Rule 41 of the US Federal Rules of Criminal Procedure. This rule will make it easier for the FBI to legally hack into devices that use Tor or a VPN, wherever in the world those devices are located.

· Released an experimental prototype of a Tor Android phone, an important step in providing uncensored Internet access for millions of worldwide mobile device users.

· Built a sandbox system for Tor Browser for Linux, to be released in alpha form by the end of the year, that will help protect users from malicious attacks at the application layer.

· Grew the community of enthusiastic privacy and security developers, including mentoring seven students in the Google Summer of Code program.

· Continued our central role in the privacy research community, pointing academic research groups at the most pressing problems and helping their results to have real-world impact.

In the coming year, we can do so much more! Please help us keep up the good fight. Make your tax-deductible contribution to the Tor Project today:

https://donate.torproject.org/

Thank you for your support!

Shari Steele
Executive Director
The Tor Project

Comments

Please note that the comment area below has been archived.

November 23, 2016

Permalink

What should one specify in a Last Will and Testament (UK) in order to ensure that one could leave money to the Tor Project after death?

Was think of leaving it to the cat's home, but Tor is worth supporting!

Thanks for thinking of it! I actually don't know the answer, especially for UK.

I would suggest asking a finance / accounting person in the UK, since I bet that's a simple question for such a person.

Also, you could contact giving@tpo (where tpo is "torproject.org") to ask this question, which will hopefully get it escalated to our accounting people in case they can help.

I know that Shari has been working on ways to streamline giving stocks, etc, since many Tor supporters also happen to have jobs at large tech companies. I would bet that the answers are related.

Let us know what you learn!

November 23, 2016

Permalink

In the middle of the year, Tor (the company) used its money to make investigation into the sex-life of a former employee. This might be a standard procedure for a company in the us (in similar cases). I still thinks that's ethically just wrong (as is trail-by-rumour) and therefore I made the choice not to support the company but instead to donate money to tails (tails.boum.org ) and torservers.net.

Thanks for supporting parts of the Tor ecosystem! All the parts of the Tor ecosystem are working towards the same goals, and we'll be strongest if all of them succeed.

As for the investigation, there sure has been a lot of confusion around that topic. I think Tor needed to do its own investigation after the complaints -- to figure out for ourselves about what happened. I also think it is a mistake though to blame all of the problems on the investigation: that is getting the order of things wrong.

All of that said, I encourage us to focus here on the future and what we all still need to do to make the world safe.

November 24, 2016

In reply to arma

Permalink

I certainly have confusion around the investigation. Last I heard, TP had started an investigation after said employee had already resigned. I didn't hear anything after that. What did the investigation find? Not asking for details, but was it worth it? I don't recall seeing a press release or anything after the investigation, although I could be wrong. The OP makes a good point, and I would understand why people might be apprehensive about donating in light of that.

December 12, 2016

In reply to arma

Permalink

> All of that said, I encourage us to focus here on the future and what we all still need to do to make the world safe.

I tend to agree, but I sure hope that in future Tor Project is determined to avoid hiring any more CIA moles, eh?

Without taking any stance on the credibility of very serious accusations against the former Tor employee who exposed DC, as a Tor user I would urge all Tor employees to consider that despite working for such a tiny organization, they are effectively high profile people simply because they work for Tor Project, and should accordingly possibly consider attempting to avoid doing anything at work--- or outside work--- which our enemies could exploit to damage the Project, without any greater gain to the cause of civil liberties and human rights. This might entail curtailing some of the very activities which you are working so hard to ensure ordinary citizens can engage in without fear of government (or corporate) reprisals.

I.e. live like a monk or a nun and avoid entanglements with dangerous persons (e.g. people allied with USIC) in order that others may live boldly. Just a suggestion.

If Tor Project becomes more internationally secure and more diversely funded, I hope that the current global trend toward authoritarianism, organized sectarian violence, and brutal repression of anyone who is "different" will reverse, possibly to the point where even those under constant government scrutiny can relax and enjoy life a bit more than may be realistically possible for the foreseeable future.

November 23, 2016

Permalink

To all the Tor Project members: A BIG THANK YOU!!!!

We owe you so much for helping us protect our right to privacy.

I hope you continue your progress over the years!

November 23, 2016

Permalink

Follow these steps if you want to never get a Tor tshirt:

- Donate $100 via the Tor Project website
- Run dozens of exit nodes and relays
- Email donations@torproject.org multiple times and get zero response
- Join the Tor IRC channels and ask for help

I'm just going to give up on ever getting a shirt now. It's been 6-7 months and 0 luck and 0 shirt LOL.

I'm sorry to hear that! We didn't do a good job in the past of handling tshirts, I agree. I'm under the impression that we are caught up on all the swag from last year's donation campaign, so if you have fallen through the cracks, please do contact us, at giving@tpo (where tpo is torproject.org) and let us know the details.

That part is actually what Shari meant by mentioning the civicrm installation for doing our logistics better -- "donors should receive thank-you notes and swag in a timely fashion" left out phrases like "This time," but those of us from last year could see that it was implicit. :)

November 23, 2016

Permalink

donate with paypal or creditcard, the NSA will register you as suspicious and track your records. great deal!

Answer #1: That's why the privacy policy on the donate page talks so much about the risks of giving your info to paypal, and offers suggestions on ways to donate where you actually retain your anonymity:
https://donate.torproject.org/privacy-policy.html
and question 23 on
https://donate.torproject.org/donor-faq.html

Answer #2: Unfortunately, I worry that the model of "if you do something suspicious, you'll get tracked" is outdated. The new model is simply "you'll get tracked". It's easier for them to just collect all the data and hope they will make sense of it later.

Answer #3: If you're in a position where you can stand up and declare that you think privacy is important and valuable in the world, then do it publicly! A lot of the battle here is whether we can normalize privacy in the world -- i.e., whether we can make it so everybody thinks you're reasonable and normal for supporting privacy, rather than worrying about threats or retaliation.

November 24, 2016

In reply to arma

Permalink

Over the past few years, I've chosen #3, and I've found it's contagious and overall a good thing. In light of recent leaks and disclosures, most namely the Snowden revelations, it's become more generally acceptable to care about privacy and realize the possibility that various companies and agencies are spying on us. We still have progress to make, but I've found that in some cases, coming out about your privacy awareness might be just enough to cause the same reaction from the acquantances you'd least expect. Long story short, the more people that openly care about privacy, the less each of them stick out from the crowd.

(Sorry for hijacking a thread about PayPal donations -- I just thought it would be an interesting anecdote.)

November 24, 2016

In reply to arma

Permalink

> offers suggestions on ways to donate where you actually retain your anonymity

One of the suggestions is bitcoin, but your bitcoin donation link blocks Tor users. And I don't really know how to buy bitcoin anonymously. I'd look at Localbitcoins, but they block Tor users. I looked at various online brokers some time ago, and none had very clear information on whether/when proof of identity would be required (I might be willing to be less than fully anonymous on that end, but no way in hell would I send a scan of an identity document). I've heard of bitcoin ATMs but they seem to often have biometric requirements; I'd use the Internet Archive's system if I were anywhere near SF.

The pages you linked don't mention anything specific about postal money orders. Can non-US people use these, and would we have to get something USD-denominated? Does the postal worker need to know who the recipient(s) will be?

You still don't get it? The whole point about the Surveillance State is that *everyone* is regarded as eternally suspicious! *Everyone* is tracked. Always. 24/7/365.

What you meant to say is that some people are temporarily regarded as "more" suspicious than others. And everyone is continually reviewed for a possible "upgrade" in their level of suspicion.

They also register you as suspicious if you read LinuxJournal or vote libertarian.
As described above you can donate anonymously.

November 24, 2016

Permalink

Whew! You've been so quiet that I was seriously worried!

That's a fine summary of all the great work Tor Project is doing (reaching for my checkbook)! Glad to see you mentioned all my favorite things :)

Three requests, if I may:

1. Can you provide an update on the last-minute push to stop the changes to Rule 41 before Monday 28 Nov 2016?

Congress returns from a long weekend at 9AM or so and will in principle have a dozen working hours left to stop the changes before midnight Thu 1 Dec 2016. I still hope we can get many US Tor users to call their representatives in the House and Senate and

o explain that we are not in fact using Tor for child pron (the only thing US Asst Attorney General Caldwell mentions as things someone might use Tor for in his DOJ blogs arguing for the changes),

o remind our representatives of

+ FBI's political interference in the recent election, decried (at different points) by both major parties,

+ FBI's standard practice of lying to judges, juries and even prosecutors about how it collects evidence presented in criminal cases; for example, ACLU has obtained under FOIA internal documents showing FBI teaches local LEAs how to disguise the fact that "cell-site simulators" or criminal informations were used, apparently illegally,

+ FBI's renewed habit of bugging people and places they shouldn't; for example, civil rights groups in CA discovered that FBI had bugged courthouse lobbies, planters outside the courthouse, and bus shelters near the courthouse, in order to listen in on attorney-client conversations,

+ In one recent instance of "using an investigative technique" (FBI doublespeak for sending malware), FBI apparently sent phishing emails to *every* user account at tormail.com, apparently trying to locate a single person they thought *might* have an account there--- in other words, FBI intentionally sent malware laden phishing emails to thousands of unknown persons they knew were not suspected of any crime.

If we create enough fuss, just possibly Congress might act to delay the changes until July.

I suggest that callers begin by saying they

o support House Bill HR 6341, "Review the Rule Act", and the yet unnamed Senate counterpart,

o both bills have bipartisan support.

2. Can you provide some kind of explanation of what steps the Project is taking to ensure that Tor continues to be there for people all over the world who depend upon it, sometimes for their very lives, in case the USG literally or effectively outlaws encryption or anonmyzing software, or declares Tor Project an illegal organization? The threat from FBI's drive to outlaw unbackdoored encryption in the US is very real, despite intense opposition from enormous companies, the Surveillance State now seems to be absolutely uncontrollable by any political process, or even by a new authoritarian President.

In my view, one can only conclude that Tor Project simply must up and leave the USA for a less dangerous home base. Others may feel that is too drastic, but I hope they will review the history of the rise of the Third Reich. Those of us who in childhood knew survivors well remember that they survived because their families were wise enough (and wealthy enough) to leave Germany while they still could. Other intelligent people refused to believe that the most civilized nation ever was descending into genocidal barbarism, and they perished.

In any case, I think everyone will agree that the threats are sufficiently dire that Tor Project needs to move key assets (literally encryption keys, also at least some key employees, and at least some key servers) outside the USA so that the Project can try to reconstitute itself if the USG suddenly strikes at Tor people and servers in the USA.

It seems clear that FBI has every intention of immediately attacking US collectives such as Riseup (Riseup Networks provides a critical part of Tails Project) on midnight 1 Dec 2016, and I have no doubt they will attack every Tor employee too. I hope you have contacted Citizen Labs to arrange for assistance in capturing malware or at least documenting its effects if FBI behaves as badly as I expect.

3. Once the donations from the new funding drive are tallied, can you provide two pie charts similar to what Tails does? (One chart shows where the money comes from, the other how it is spent.) Pie charts were introduced by the pioneering medical statistician Florence Nightingale, and while some modern data scientists dislike them, this is one place where I think they are actually pretty useful. Almost any statistical package should support making them.

If the new funding drive falls short of what the project needs to win independency from the USG-tied three letter entities (SRI, NED), at least Tor users around the world will understand what the Project is facing in terms of surviving while under concerted attack from other three letter USG agencies (NSA, CIA, FBI).

I'd suggest planning a summer fundraising drive for 2017 (those impoverished users who survived their winter heating bills may have a bit more money to share by summer).

At this point things seem so dire wrt USG I'd rather see Tor Project approach foreign governments for funding, as long as no one "block" exceeds say 20% of total funding. Maybe Iceland or Denmark can help?

IMO you may be more truthfully described as "leader of the free world" than a certain unloved politician who is visibly aging even before he takes office (sources say that TS/SCI briefing he just received was a doozy), and I appreciate that your job is not less difficult than the one that person has unfortunately been given.

Tails Project is not yet dead, so we all have something to celebrate this Thanksgiving!

In the short term, I agree with the first half of this post. We have less than a week until Dec 1st. It's do or die -- after that we can put that issue to bed (hopefully only until July 2017). Time to go for broke, I.e. do an updated blog post about Review the Rule Act, possibly reach out to other organizations like the EFF and any civil rights sites that can get exposure to the issue, and/or start (or revive the earlier) social media campaign.

The rest is also important in the long term. I'm not sure moving TP outside the USG will do much more than move the problem elsewhere. It might buy us some time, but it think the key is redundancy (not much can be done with that for employees, but for keys and servers, etc.).

> I'm not sure moving TP outside the [USA] will do much more than move the problem elsewhere. It might buy us some time, but it think the key is redundancy (not much can be done with that for employees, but for keys and servers, etc.).

I don't think we really disagree even there.

I think the political situation in the US is so dire that TP must immediately move critical assets (money, people, servers, encryption material) outside the US, to the extent this can be done rapidly without doing more harm than good.

But as I have said many times, all the world's governments seem to be taking a sharp turn toward authoritarianism of the worst kind-- authoritarianism heavily tinged with the sort of state-sponsored ethnic hatreds which always presage genocides.

It follows that TP should remove as much as possible from the USA as quicly as possible, and then to diversify and decentralize as much as possible.

November 24, 2016

Permalink

When you will get rid of directory authorities, to make Tor fully decentralized and trustless? Now it takes only nine subverted machines to demolish Tor security. I am able to pay large sums of money to anyone who will free Tor from "directory authorities" and dependence on "Tor Browser Bundle" to easily configure things. I am thinking about something like AdvOR (which is not updated, unfortunately). Please somebody make Tor the *real* thing!

I share your concern about a critical component of Tor not yet being decentralized (I also worry a lot about Tor Project and so many Tor People being located in a dangerous country, although these days it might be hard to name a country which is *not* dangerous).

However, my understanding is that despite considerable research no-one yet knows how to safely replace the current setup for the Directory Authorities.

By the way, does anyone have any information on the rumored secret NSA/FBI/DHS program (Stifle) to shut down the Tor network entirely "in an emergency"?

I have no info of "stifle" but Tor has been DDoS'd before.
To maintain access, save a few obfs4 bridges in case of DPI censoring.
Set up I2P and Freenet in case whole Tor goes down.
Set up mesh networking (e.g. Serval/Rumble) in case Internet goes down.
You don't have to run them 24/7, just have them set up for if ever needed.

I've recently experienced a strange problem while trying to connect to the Tor network via bridges in which the clock appeared to be skewing wildly, as if the time had been off by hours. I disconnected and checked carefully, and the system time on my computer was correct.

Since many servers use an insecure protocol (NTP) to try to keep their clocks accurate, and since accurate clocks are necessary for hidden services to work, I worry that this might be yet another problem which needs to be addressed.

The fixes you suggest are far beyond my current capability.

Several years ago, i2p did poorly in a security audit. Were the problems fixed?

Earlier today I could not connect to Tor at all, and was worried that FBI had struck a fatal blow even before midnight 1 Dec 2016.

Then I noticed my ethernet cable had been mysteriously severed, which has led to an unpleasant and somewhat one-sided conversation in which I angrily accused my pet stoat of being an American agent. Fortunately replacing an ethernet cable is one thing I know how to do.

Directory authorities are a strength, if they can be trusted then it is straightforward to show that the network's design is sound.

Without directory authorities, it is hard to find a source of trust, and it is hard to have security without trust.

I'm pretty sure I2P does it fully decentralized just by hardcoding bootstrap hosts and keys in the application. Okay that's not "fully decentralized" either, but what else can you do but brute force the whole IP address space looking for peers? The point is that there's nothing special about those bootstrap nodes, they're just regular peers. Of course, using this approach would imply that Tor is willing to move towards a peer-to-peer design, but it shows it is possible to introduce nodes to a network without centralized servers and without sacrificing trust. I haven't read the tech docs in a long time, but as I recall there is a detailed article on i2p2.de about bootstrapping.

November 24, 2016

Permalink

Seeing Crimea not included into Russia in OONI Explorer makes it harder to state you are not a biased organization.

That's because it's an occupied territory like Western Sahara (by Morocco), Abkhazia and South Ossetia (by Russia). As a long as the occupation isn't recognized by any international body, why should the tor project change the status of this region on its maps?

Tor Project is a nonpartisan humans rights NGO. That said, no human rights organization anywhere in the world, that I know of, approves of invasions in order to grab territory, or for that matter is particularly enthusiastic about the Putin regime.

The question is whether - or not - Crimea is and was ever part of the republic of Ukraine, de jure - that is, whether its administrative tranfer, by an internal "ukaz" of the then government and/or communist party of the USSR (actually, by Khruchev's fantasy), from the (soviet federative) republic of Russia to the (soviet) republic of the Ukraine has any standing in international law - which it has none (opinions may vary).

As you wrote, the Torproject is nonpartisan & hence, it should not take a position (pro or against) Russia, Putin, and/or the Ukraine and her US sockpuppet, so-called president.

But of course, it TP did as you suggest, the Ukraine government could make the same argument, with the countries (Ukraine, RU) transposed.

TP is currently facing existential threats--- technical, legal, political--- from numerous sources, and has very limited resources to devote to confronting lesser matters. But you have to give credit to Mike Perry for allowing you to raise the point, even at the risk of being included in the next edition of the list of supposed "pro-Putin websites" just published by a mysterious US-based entity. (That list includes a number of legit media sites which just so happen to be critical of numerous governments, including US, RU, and CN.)

In a comment to this blog I made a year or two ago, I gently mocked the RU government for the crude nature of its US-aimed propaganda, compared to the much more subtle--- and highly effective--- propaganda from the CN government, which is mostly aimed at US businesspersons rather than consumers or activists.

Maybe the agentura took my criticism to heart?

November 24, 2016

Permalink

Congrats on coming this far.
hope that U.S. Hacking thing doesn't become reality, seriously freedom to hack into any computer they want, what a joke.
seriously i'll vote for radicalism if they get that sort of freedom, just sayin'.

November 24, 2016

Permalink

Unfortunately some of your developers couln't care less for actual users who out of choice or necessity are not running the greatest, newest and most expensive computers ! I won't name names, but as an example - whereas Tor itself - the core onion router - runs and works perfectly on AMD athlon XP processors, "obfuscated" transports (such as obfs4) do NOT - only because the developer, when asked politely, stated in reply he would never "get out of his way" (sic) and recompile his stuff the without improper options (the tyranny of the default; that needlessly force the compiled obsfproxy to use SS2 hence preventing it from running on AMD K7 and earlier.)

With this (absolutely disgusting) example in mind and a few more dubious recent moves, I won't - regretfully- contribute financially although I've been a Tor fan years before the "Torproject" existed as such... IMHO you ceased helping those that most need Tor in favor of whatever other goals, hidden or not

Sorry you had a bad experience.

Can someone check the claims? I agree with the principle that the Project should try to take account of the fact that people in some of the most dangerous places may not have access to latest and bestest hardware. OTH, I also agree with the principle that when making changes would probably break other parts of Tor, the changes shouldn't be made until those issues are resolved.

https://tor.stackexchange.com/questions/12609/is-the-obfs4proxy-exe-sup…

Judge for yourself. Instructions on how to solve the problem (which require a full toolchain rebuild, because the compiler makes the assumption that SSE2 is available on x86 targets unless told otherwise) were provided first.

As a side note, I am responsible for a grand total of 0 binary packages, so this was more a question/request better directed at people who actually do make binary packages.to begin with.

I don't think anyone can reasonably be said to be assuming the "latest and bestest hardware" when they ship binaries that use CPU instructions first introduced in 2001, that happen to break on a hardware line that ceased production in 2005.

November 25, 2016

In reply to yawning

Permalink

It's bad to hear this from devs! You state that them can't cope with compilers and don't understand why SSE2 is bad (as a part of the greatest crap in history from Intel - P4), and why only lamers (e.g. recent Mozilla) use supplementary instructions as mandatory!

Unfortunately the developer you're referring to has been extremely busy with other projects (such as sandboxing) it would be very dishonest to blame him for not making something work on 0.01% of processors in the world

I do NOT have go installed - like 99.998% of us Tor /users/ -
Since - as you are confirming here, it is a "trivial" fix to configuration files that is needed to get rid of the evil dependency to SSE2 in obfs4proxy.exe, it goes without saying that this trivial change should be implemented by the good people in charge with official Tor compiles, ASAP - doesn't it ?

Please don't hate the whole project for one member making one mistake.
If he did that it was bad, sure, but look at Tor's enemies like PLA-great firewall of China/NSA-bullrun/GCHQ-opticnerve, most of their members do evil on purpose most ofmthe time. So please don't hate Tor project. If you want to donate to freedom and democracy but you hate Tor, please donate to riseup/tails/i2p/freenet/serval/rumble(mesh networking).
Happy Thanksgiving!

Please don't hate a whole project for one overworked member of their overworked team making a mistake. Judging by the issue tracker there is simply far too much work andnfar too little developers to fix issues and review changes (such as enabling SSE2 optimization without having time to make a fallback codepath).
I know this sounds cliche but it's true; the more donations they get, the more developers they can hire.

November 24, 2016

Permalink

https://www.torproject.org/donate/donate-options.html.en#bitcoin

I want to send 0.001 BTC - it is 0.74 $ approximately.

Please select a value that is not less than 0.01.

I have no 7$ for you, only 0.74$.
Are you interesting?

What is actual interest in enabling digital crypto-currency oriented on small(tiny)-transactions, like 0.0000 0001 Satoshi,
but lock it with dirty exchanger to 1,000,000 !!!! ONE MILLION rounding of Power of Currency.

Hey! Yeah, I wanna to spent 0.0000 1984 BTC just to be sure you are remember Orwell and what he did for your existence.

No, you are locking me.... No less than 7$...

It is big sum!! It is 4, FOUR bottles of champagne there, where I'm living.
Dirty, Warm, Soviet Champagne - so cheap... ahhahahaa...

Hey, Where is this brutal, angry, evil method - just to post ADDRESS, like this did cryptome.org. Like this did Snowden... Like anyone who are using this digital-money-network.

It is hardcoded into project - to use such HASHEs - and it is pretty cool.

Where do you moving, when cutting %.8f to %.2f???
Why are you using side exchanger to collect our moneys?

GIVE US BTC ADDRESS - HARDCODED inside tor's source code!!!
We will use it intensively.
Without stupid limits - "no less than 7$"

The reason Tor doesn't accept direct bitcoin donations is because we want to pass our yearly audits (see https://blog.torproject.org/category/tags/financial-statements), and no US non-profit has ever possessed bitcoins and passed its audit. That's not to say it can't be done, but, choose your battles.

In the mean time, if you want to give tiny amounts of bitcoin in support of Tor, check out these non-profits that run exit relays and (last I checked) accept bitcoin directly:
https://www.torproject.org/docs/faq#RelayDonations

Thanks!

November 24, 2016

In reply to arma

Permalink

Thanks arma&other Tor project members for protecting democracy.
If this isn't too presumptious to suggest, might you consider including a hardcoded bitcoin address in Tor, that goes to some Tor-related project, since you can't include one for Tor itself? Maybe in GUI about page and CLI banner?

November 25, 2016

In reply to arma

Permalink

Anyway, I did not see a reason to be so pure, white and fluffy behind the government.

I've seen Snowden's movie yesterday.
Seems, they are not playing on your side.

This is true, that the Russia is not the best place to travel, while you are trying to repair something with Rights in U.S.A.
As well as Assange's Ecuador's embassy.

From the other side, where is this place?

And it is exist.

Here! ---> Behind Tor.

At this point.
Just look at your "taxes policy" as one of such whistle-blower.
Do you like that Snowden opened all of secrets of your government about tapping & sniffing, what is new here?
Opened it inside country which was a long time potential adversary to your country?

Looks like traitor's or dirty double agent's "fair" play.

1) Snowden declassifying top secrets documents in Russia.

2) Tor's project taking grants from Department of Defense.
Plus, rejecting tiny/small "anonymous" donations via Bitcoin.

3) ? What can be else the same curiously?
Putin, who are making fork from FreeNet project?

November 25, 2016

In reply to arma

Permalink

The first reply, isn't from me. But I think it should mentioned that's not probably not that uncommon if some makes a Bitcoin transaction and than would like just to dispose that account and if there's still something left (like few bugs), it's probably not the worst idea to give it like small amount of change to some organization/charity etc. (eg some shops have jar or boxes to collect change)

But its also great to help the wider tor-ecosystem (like tails), and if you have some bitcoin to spare it's great if you help them, eg. groups/organizations run parts of the infrastructure (like directory authorities, eg riseup, ccc etc. (may have changed cos there where some changes regarding directory authorities in the year) ) and/or (relative) trust-worthy exits like the ccc or

  • torservers.net is a German charitable non-profit that runs a wide variety of exit relays worldwide. They also like donations of bandwidth from ISPs.
  • Noisebridge is a US-based 501(c)(3) non-profit that collects donations and turns them into more US-based exit relay capacity.
  • Nos Oignons is a French charitable non-profit that runs fast exit relays in France.
  • DFRI is a Swedish non-profit running exit relays.

Most of them have IBAN and BIC euro-accounts (as does Tor) and the banks probably take a "small cut" (fees) than paypal does.

Other ways of donating to Tor are describt on
https://www.torproject.org/donate/donate-options.html.en
https://www.torproject.org/donate/donate-options.html.en#eubanks

eg Donate via European Bank Transfer, unfortunately it seems to me that that option is a bit hidden

November 25, 2016

In reply to arma

Permalink

Roger, the good humor with which you handle comments like the parent make me eager to donate more to the project.

I wanted to give thanks for your leadership and your life's example.

November 25, 2016

Permalink

even do we live in dark times i see some great future for tor, with the ipbill in the uk more people will be aware about tor and will use ultimately adding the anonymity set of tor

November 25, 2016

Permalink

I wish you a lot of success for this end-of-year crowdfunding campaign.
https://torproject.org/donate/donate-blog
I read & read "how to run a tor-relay" but it looks that this opportunity could be taken only for the enterprises/companies which offers a fast & secure bandwidth ; as single user , i doubt to be useful in the goal of supporting the tor-project.
Good luck.

Every relay helps.
Non-exit relays won't get DCMA takedown notices, ever.
If your country is safe to be a Tor user in without Plugfable Transports(like obfs4), then it's probably safe to be a non-exit relay there. It will be known that Tor id associated with your IP, which is already known if you are a regular Tor user without PT.

November 25, 2016

Permalink

Should Tor be freed from state sponsoring and more diverse in its funding?
Diversity, like in nature, is key, more diverse sources more security if one
stops.
Witch states could replace or fund Tor if USG fails?
Not here in France, not here in UK, not here everywhere, so what's left ?
Us, the People, through our little means but we are millions, so let's do it
before it's too late, when we still can.

Long live the Tor Project.

Well, it probably needs some encouragement and some explanation to people, that there are service that are gratis but finance them selves but collecting and selling their user's data and there are project that need donations to stay free, as in freedom (to plagiarize rms) -- basically, a lot of people are happy to throw money at murky vpn-providers (not all of them are murky, for some use-case they are the better option like bittorent, etc.) if they would start making regular or monthly donations to Tor Project and/or the wider tor-ecosystem a lot could be done (or other project that might be interesting like i2p, freenet etc.)

On the other hand Tor is free software and any government should be allowed to contribute and use the Tor software as the license allows them to do. (If you don't trust in the integrity of the developer-community and the review, it's probably better not to use the software in the first place -- but of course, some issue remain, how much influence a "big donator" has over decision like priorities, staff (At least in the past their were rumors that the Tor company may prefer not seeing their employee working with Wikileaks, or traveling to Cuba and the DPRK but who knows safe the tor cadres :D) ))

November 25, 2016

Permalink

Dear developers, one of the attacks described in the NSA's "Tor Stinks" slide is to literally worsen Tor user's experience. I think cloudflare does exactly that, without mentioning all the sites that block Tor. Please fix that, especially cloudflare's captchas, with my 50kb/s it's getting ridiculous......

November 25, 2016

Permalink

When a vulnerability was found in SSL/TLS that enabled hackers to degrade their victims' security to RSA_EXPORT, called Logjam(CVE-2015-4000) was exposed, authorities reacted quickly to protect people from this breach, and SSL/TLS implementations were secured to no longer be vulnerable to downgrade hacks. Problem solved, government networks win, corporate networks win, civilian networks win.

When a vulnerability was found in GSM that enabled hackers to degrade their victims' security to A5/2, called Stingray(no CVE number for some reason) was exposed, authorities reacted quickly to commercialize the exploit kits and sell them to brutal dictators, and GSM was never trusted again, nor was any phone which fell back to it (almost all do). Problem amplified, government cell-nets lose, corporate cell-nets lose, civilian cell-nets lose.

What a strange contradiction. Maybe Russia is responsible. Or North Korea, China, Cuba, Vietnam, or some other red fraction.

November 26, 2016

Permalink

Saying "choose totalitarianism or let America be over-run by terrorists and anarchists" is a false dichotomy.
The choice isn't between having the feds continue to nullify more and more of the bill of rights, and total anarchy/oligarchy with no government whatsoever.
Libertarianism isn't the former or latter. Republicans are the former (Bush's 8 year War on Liberty) and Democrats are the former (Obama's 8 year War on Liberty) is the former.

Libertarianism is having the bill of righta protect citizens from corrupt government officials, as well as protecting them from corrupt business executives.
Libertarianism is giving power to the government that the constitution says that the government can have.

Giving the powers that the constitution says are reserved to the people, back to the people, doesn't mean the government having no power. It means the government having as much power as it did in the beginning, plus the power to enforce ratified ammendments that were legally added, such as letting African Americans and women vote.

Libertarianism means the feds have very little power, just the power that is really important for them to have, with most of the government power going to the states, and any powers not explicitly granted to the government being reserved by the people.

I just want to see America succeed, and for that to happen it needs a leader who keeps his oath to uphold the constitution.

November 27, 2016

In reply to by Anonymous (not verified)

Permalink

> Republicans are the former (Bush's 8 year War on Liberty) and Democrats are the former (Obama's 8 year War on Liberty) is the former.

As someone coming from the opposite end of the political spectrum (radical socialism), I find it encouraging that Socialists, Greens and Libertarians are all passionately opposed to authoritarian governments which are responsive only to the desires of the billionaires. The two "mainstream" parties are both quite frightened by possibility that such common ground among people who prefer such disparate ideologies might further fracture and erode their own member base. Here's hoping that the long overdue end of their repressive hegemony is nigh.

November 27, 2016

In reply to by Anonymous (not verified)

Permalink

I agree with the majority of your statements yet I see that the likely ability of seeing a physical change is slim to none. There needs to be a redistribution of wealth in order for America to succeed. As a redistribution of wealth will inadvertently redistribute power back to the lower end of the less economically enabled. Unfortunately ignorance breeds more ignorance especially on matters of this magnitude (there is actual scientific research behind this and I"m not talking out of my butt).

Since wealth(money) is only a tool used to capture power, it should be the starting point for real change.....can I borrow five buck?

November 26, 2016

Permalink

Thank you Shari for all of the work you and everyone at the Tor Project do. I use Tor daily to protect my privacy from my supposedly democratic government. I can't thank you and all of the developers, researchers, etc. enough for all the work you do.

November 27, 2016

Permalink

While I support the objectives of privacy advocacy, I am also opposed to it as well...Let me explain..

IMO, which is just mine, I feel that privacy is of the utmost concern...yet I am compelled to state that the ability to use technology for surveillance is needed....before you huff and puff let me explain further

For example, my issue is with the lack of transparency on what technology is in possession of regulatory authorities. While I agree that enforcement agencies should have the capabilities to source data to monitor illegal activities (ex. a suspected child molester, etc.) the collateral information (those that are innocent but collected in a "cluster" of data) should be purged. If a government came out at said "we have technology to read what you write in real time, look through your cameras when you think they are off, and listen to your phone conversations while you speak" it may have been more able to have been acceptable by a larger population scale.

The after the fact notice is the problem. The manner in which people found out because of the lack of transparency is what helps to foster disdain for trust issues. Now in regards to the collateral data being used to see what I'm looking at in order for media and advertisement campaigns is absolutely absurd and should be made illegal. This data collection should be against the law when it does in fact breech my privacy. Just because I look at camera's on google doesn't mean that I should be receiving advertisements about it for the next week and a half on 90% of the non-camera webpages that I visit.

I think the problems with ability is involved in capability. The ability to do something has been proven. What scares people is the capability to do something. Unfortunately, humanity is based on greed, money, and power. Those with money become hungry for power influenced by greed. And crypto-currency (bitcoin) directly threatens the power that has already been attained by those that should NOT have the power that they do. If you redistribute wealth, (which is needed IMO) then you redistribute POWER. Which threatens those with power (Governmental agencies, political powers, evil corporations, etc.) then they will try to evade or destroy the attempts of the redistribution.

IMO, all human beings should have equal power, period..Political leaders are supposed to represent the people (who have actual power even though people may not realize the power they actually have when organized) and the interests of the people, in a sense that the elected official actually have NO power or influence. As documented in research https://www.apa.org/pubs/journals/releases/psp-102-2-264.pdf unfortunately ignorance does not foster the desire to educate yourself. When ignorance actually fosters a reliance on major issues economically, environmentally, etc. to continue ignorance. This idea is crazy!!

I know that I have come extremely far off topic but all stated. I support your contributions to Privacy and the need for Privacy. I am just disgusted with in which Humanity has turned towards corruption in all forms....I just hope that people can understand that not everyone is out to get them and that there are way more good people than bad people, but somehow bad people seem to directly influence power and exploit those things intended to be good....

This is interesting. I largely agree with you here. I too have struggled to find a balance between privacy and security. I agree agencies must have the ability to monitor communications, hack into devices and the like. This is probably the best way to counter privacy tools like Tor, Signal, and encryption in general. However, the problem I see is how authorities constantly abuse their tools to spy on innocent people, such as activists, critics of government and politicians, etc. When innocent people are targeted it makes me not want the government to have the ability to crack anyone's encryption because what they are doing is wrong and if the law cannot stop them, and force cannot stop them, then technology must. But if the technology can be cracked of a law-abiding citizen what is the point of secure technology? It is the abuse of power and complete feeling of helplessness that I worry about. I want my communications to be private with my friends and loved ones without worry that I won't have my privacy illegally violated. I don't want anyone viewing the private pictures, communications, or video on my electronic devices.

Of course, I know there is no such thing as absolute security and if the government wants to hack you, they will. I suppose we need transparency and accountability via strict laws (and shut down changes to rule 41, which I dread very much since I use Tor constantly and I fear that will make me a target and my privacy violated for no reason and my private property harmed at the same time). On the other hand, as we have seen under so many past and current Presidents, the law is all too often ignored when it is inconvenient. So what good is law?

With the backsliding of transparency, human rights, privacy, and come on, just plain decency the last few decades, I wonder if nothing but outright revolution is the only way to get our rights back. As Jefferson said, "the tree of liberty must be refreshed from time to time with the blood of patriots & tyrants. it is it’s natural manure." Just my two cents.

@ Shari:

Are all commments opposing the "I support surveillance" viewpoint to be censored, then? That would be very strange.

Not everyone here agrees with the cited point of view.

> So what good is law ? a law against your right , especially about freedom , does not exist and cannot be voted (in a democratic system) so they (the elected persons , the lobbies) use some tricks which one is the pretext to be hidden as *wanted but not found* by the encryption protocol or by an unknown source ... in short , if they do not know you as v.i.p. you are a danger for the others. Maybe because you are one of their resources of their power/fortune/standings/privilege.
> But if the technology can be cracked of a law-abiding citizen what is the point of secure technology? Do the mathematics laws protect us and how ? I thing they success more by blackmail , corruption or secret agreement than by their intelligence.
> As Jefferson said ... it is a dream about french revolution -1789- , it will never happen in the u.s.a _ in god we trust.
> Just my two cents.
I would like add that the law is supporting by the number of voters/residents : more you are , more the law apply correctly and Tor is running on the same principle.

Like it is strange ... they want a freedom but a jail beside ...
It is :
1 _ or an open world where your own private life is yours
2 _ or a country of dead souls

[Moderator please pass this comment, or explain why you censored it]

You write:

> humanity is based on greed, money, and power.

Following the definition of Herodotus, "History" has too often been taken to mean "the narrative of major national-scale events". [enormous multi-page off-topic rant that was preventing people from finding anything else on the page snipped]

I'm the one (well, one of the ones) who has been deleting your enormous multi-page off-topic essays. Sorry / you're welcome. Please have some compassion for the other folks here who want to read blog comments rather than be confronted with walls of text that have little to do with the topic of the post. I'm aiming for having the site be useful.

I recognize that we don't necessarily write blog posts that match the topic you'd like to post about -- if you want to post your own blog posts, please feel free to go do that somewhere.

Thanks / sorry!

(We also, separately from this topic, have a backlog of about 500 comments that somebody needs to go through and approve. See https://lists.torproject.org/pipermail/tor-project/2016-November/000799… for more details there.)

November 30, 2016

Permalink

There is currently a Firefox exploit which affects torbrowser.

Shouldn't you be talking about this?

November 30, 2016

Permalink

Authoritarian governments are cheering the election of Donald Trump. Whose advisors are claiming that "social media is terrorism" [sic]. This kind of development, which is happening more and more often all over the world (Spain, Poland, Russia, USA, Cameroon...) shows why the world needs Tor:

techdirt.com
Cameroonian Government Calls Social Media A 'New Form Of Terrorism'
from the dangerous-as-a-missile dept
30 Nov 2016

> As Techdirt readers know, there's a bit of a debate going on currently about the influence that social media exerts on politics and society. If you are still a little undecided as to where you stand on this vexed subject, Cavaye Djibril, Speaker of the National Assembly in Cameroon, has a few thoughts on the subject (pdf):
>
>> I would like at this juncture to deplore what is developing into a new form of terrorism -- the social malaise now affecting the cyberspace, that is, the insidious effects of the social media. The social media, which was initially perceived as a medium for online communication and information sharing, is now being used for misinformation, and even intoxication and manipulation of consciences thereby instilling fear in the general public. In fact, it has become as dangerous as a missile.

Thank you, NSA, for militarizing the Internet.

Thank you for enabling turn-key fascism in the USA.

The key has turned. You have only yourselves to blame for the disaster.

November 30, 2016

Permalink

@ Shari or arma:

How does this affect Tor users in the UK? Tor nodes geolocated in the UK?

http://www.theregister.co.uk/2016/11/30/investigatory_powers_act_backdo…
UK's new Snoopers' Charter just passed an encryption backdoor law by the backdoor
How far will it go? You'll have to ask the Home Secretary
Kieren McCarthy
30 Nov 2016

> Among the many unpleasant things in the Investigatory Powers Act that was officially signed into law this week, one that has not gained as much attention is the apparent ability for the UK government to undermine encryption and demand surveillance backdoors. As the bill was passing through Parliament, several organizations noted their alarm at section 217 which obliged ISPs, telcos and other communications providers to let the government know in advance of any new products and services being deployed and allow the government to demand "technical" changes to software and systems.

The UK and USA are like North Korea and China now, and the effects are similar to the effects of moving to North Korra. They are no longer free nations.

November 30, 2016

Permalink

Latest Tor Browser Exploit Shows Firefox's Urgent Need To Increase Security
by Lucian Armasu November 30, 2016 at 6:30 PM - Source: Tor Project