Tor Browser Downloads Are Up in 2017
The Tor Metrics website provides all sorts of information about the Tor Network, including how fast the network is, or how many daily users it has. The Metrics team recently expanded the Metrics page with a Mozilla grant, strengthening the infrastructure used to collect data.
One of the things Tor Metrics measures is how many times Tor Browser has been downloaded, and we decided to investigate how the first six months of 2017 measures up to the same time last year. Data from Tor Metrics tells us there was a 1.4 million increase in the number of Tor Browser downloads in the first six months of this year, compared to the same period last year. In all, download numbers increased from 16.1 million to 17.5 million.
The more Tor, the better
More Tor is good for lots of reasons: it means that journalists, activists, and other privacy-conscious individuals are taking steps to evade internet censorship or stop websites from tracking them as they browse the web. An increase in the number of Tor Browser downloads could also be evidence of some new censorship event, when users circumvent internet censors to access online resources and communities.
Privacy protections rolled back by the US government in March gave ISPs free reign to collect and sell your private information. We’re delighted that more people are realizing that there’s an alternative to the pervasive tracking and surveillance that many websites, ISPs, and agencies carry out.
Tor makes every user look the same, and the diversity of our user base is part of what makes Tor strong. The more people who use the network, the better Tor’s anonymity.
Browser download numbers don’t tell us everything -- we have no way of knowing many of those downloads are repeat downloaders, or for how long they stay using Tor. Those would be privacy-invasive metrics, and we don’t gather such information. But we still think that this number is meaningful, and we’re glad to see it increasing.
Someone from Tails Project please correct me ASAP if I am wrong about anything in my response to the following question:
> When I see updates in Tails [Synaptic] for packages like "Tor", should I upgrade via the auto-configured .onion repositories? Or wait for the next release of Tails for it to ship with these updates? TIA
As a long-time Tails user, according to my understanding, you should avoid regularly using synaptic at all while using Tails, and you should not try to upgrade anything from the Debian repos (or elsewhere). While Tails is based upon Debian stable, it features a rather delicate mix of reconfigurations and other tweaks which are intended to make Tails do one thing very well: serve as an "amnesiac" operating system, which is to say, to leave no trace in hardware after you end a Tails session. The other thing it does very well is anonymous browsing, and in the near future we hope it will do anonymous chat very well too. The danger in "upgrading" software in your Tails system via the Debian repos is that you might break something, causing your Tails system to leak information, which could be dangerous.
In contrast, if you also use Debian stable as your "non-amnesiac" operating system, you should absolutely use the onion repos, check them daily (if possible) for updates, and upgrade your Debian system regularly via the onion repos.
Users of Whonix and other privacy-anonymity-enhancing operating systems should follow the advice of the developers of those systems regarding how and when to upgrade software.
Social justice advocates, civil libertarians and scientific/human-rights researchers who use both Tails (amnesiac OS) and Debian (non-amnesiac OS) tend to keep their Debian system offline except for software updates, and to use it for specialized purposes, but to use Tails for almost all interactions with the wider world. This provides little protection against "close-access" technical attacks leveraging stray electronic emanations, but our enemies may sometimes be reluctant to use anything they learn that way, in their ongoing attempts to retaliate against us, for fear of revealing their darkest methods to the entire world, so every little thing we can do to make ordinary methods (malware etc) hard for them can help us protect ourselves and our families from state-sponsored attack.
Very kind of you, thank you.
However, I thought it was encouraged in Tails to update via the built-in .onion repositories? It not, why would such work go into them and why do they exist?
= Debian and Tor Services available as Onion Services
= Debian and Tor Services available as Onion Services
One configures according on his own needs : tail_cd is not built with only one profile in mind.
usually you should not use an old version especially on a live cd :
- repos is for downloading the stable & verified software , rarely for the last updated version.
- it is better to use the last version of tail & download the last version of tor (e.g.) from the project.site.
# In contrast, if you also use Debian stable as your "non-amnesiac" operating system, you should absolutely use the onion repos, check them daily (if possible) for updates, and upgrade your Debian system regularly via the onion repos.
# you should absolutely use the onion repos.
- it is not recommended (outdated) : download Tor from torproject.org.
# updates, and upgrade your Debian system regularly via the onion repos.
- it is not recommended (default=stable=maintained): set hkps_debian source.
# check them daily (if possible) for updates, and upgrade your Debian system regularly via the onion repos..
- it is not recommended (source-list/version) : configure the depo.
In a previous comment, I carelessly advised:
>> In contrast, if you also use Debian stable as your "non-amnesiac" operating system, you should absolutely use the onion repos, check them daily (if possible) for updates, and upgrade your Debian system regularly via the onion repos.
Oops! I forgot to stress a very important point: if you use Debian as your non-amnesiac OS, you should certainly use the onion mirrors of the Debian repos to update your system, with the exception of Tor Browser, which you should replace with the latest version from torproject.org (make sure to use Debian gpg to check the detached signature of the tarball before you unpack it!) as soon as a new version becomes available (your Tor Browser will alert you when it notices that a newer version is available).
Actually, depending upon what is installed in your Debian system, there may be a few other things which you should update from non-Debian sources. Debian offers a nice script to check for debian packages which do not have ongoing support from the Debian security team, generally because critical bugfixes come too rapidly for Debian to keep up with them, so you should probably look for that and install it.