Tor Browser Downloads Are Up in 2017

We love releasing new features and giving talks about where the Tor Network is going next. Still, it’s good to take stock every now and then, especially when we can share good news.

The Tor Metrics website provides all sorts of information about the Tor Network, including how fast the network is, or how many daily users it has. The Metrics team recently expanded the Metrics page with a Mozilla grant, strengthening the infrastructure used to collect data.

One of the things Tor Metrics measures is how many times Tor Browser has been downloaded, and we decided to investigate how the first six months of 2017 measures up to the same time last year. Data from Tor Metrics tells us there was a 1.4 million increase in the number of Tor Browser downloads in the first six months of this year, compared to the same period last year. In all, download numbers increased from 16.1 million to 17.5 million.

The more Tor, the better

More Tor is good for lots of reasons: it means that journalists, activists, and other privacy-conscious individuals are taking steps to evade internet censorship or stop websites from tracking them as they browse the web. An increase in the number of Tor Browser downloads could also be evidence of some new censorship event, when users circumvent internet censors to access online resources and communities.

Privacy protections rolled back by the US government in March gave ISPs free reign to collect and sell your private information. We’re delighted that more people are realizing that there’s an alternative to the pervasive tracking and surveillance that many websites, ISPs, and agencies carry out.

Tor makes every user look the same, and the diversity of our user base is part of what makes Tor strong. The more people who use the network, the better Tor’s anonymity.

Browser download numbers don’t tell us everything -- we have no way of knowing many of those downloads are repeat downloaders, or for how long they stay using Tor. Those would be privacy-invasive metrics, and we don’t gather such information. But we still think that this number is meaningful, and we’re glad to see it increasing.

As always, you can download Tor Browser here. Why not make the Tor Network stronger and faster for everyone by running a relay?

Amnesia has another bugs which 2 are funs :
1a - install both set TorBrowser (noscript_https-tab_forcehttps&cookiesprotected) & close it.
1b - then open Torsandbox (terminal) and you will see your noscript settings in TB be copied in the noscript-tab of the Torsandbox.
2a - open Torsandbox (terminal) _ set it _ close it then open it again :
2b - the version unstable downgrades to the stable version 7.0.4. with the bad update.
it is not important that it could be reproducible or not ; i think it is fun to see an update becomes suddenly a stable downgrade ;) which contains some big bugs/corruption/hacks.
do the Tor team & eff staff & noscript team use Tor ? i have a big doubt suddenly like a bug in my trust chain.

Anonymous

August 23, 2017

Permalink

I have to admit I never actually downloaded Tor before two days ago. I downloaded it to read the Daily Stormer, not because I believe that codswallop they're selling (I'm actually somewhere down their list of people up against the wall after the revolution comes...) but because I believe in their right to say it.

The banning of the Stormer marks a sea change in who uses the "dark web". Before it was a handful of idealists, plus clients who were doing or saying things that were actually illegal. I might believe unabashedly in unrestricted freedom of speech but that doesn't mean I want to go to a kiddie porn site or a credit card number auction house and test my browser security just as a show of ideological purity. So the "dark web" lacked *destinations*, as far as I could tell - at least, destinations I would feel safe or interested in going to. But with the Stomer, we now see the crooked cabal behind the domain name racket has finally shown their true colors. They're not content simply chiseling away our money any more - they want to decide what we read and what we can't. And that means that there is now an .onion link required for a site that is entirely legal to read. And with the apparent banning of the Daily Rebel by one DNS, soon another. The slippery slope won't stop there -- before long you won't be able to look at pictures of a bull-fight or read an editorial praising enforcement of immigration law without going to the "dark web". Simply put, as of this week, the "dark web" became the only real internet there is. Not having a Tor browser is not having an Internet browser.

To be sure, I don't know if Tor can survive success -- I don't know if the only reason it was ever allowed is because practically nobody used it. It is possible that a coordinated campaign of idiots DDOSing and doxxing node operators and software developers will leave the network in shambles. If they do, of course, it will be no step forward against racism. A person with half a brain should be able to see that if racists resort to meeting in person to exchange "El Paquete" like the Cubans under Castro, those meetings will include hand-offs of more than just computer files, and vulnerable minority members who happen to be found near them will be in real danger. But far more damaging in the long run is that if racists aren't allowed to speak, people will no longer know that they have nothing persuasive to say. Worse than that, they will actually begin to believe that racism has been vanquished, even as vastly disproportionate numbers of blacks languish in prison cells, even as the same holier-than-thou tech overlords like Facebook invent mechanisms like "social credit" and "artificial intelligence" to allow businesses all over the world to discriminate against blacks systematically without being "racist".

# I don't know if the only reason it was ever allowed is because practically nobody used it.
a lot of persons are using pgp & tor but , at home, few let tor running 24/24.
Tor metrics must be happy to know that the more freedom of speech is prohibited the more tor users increase their download from tor-project (onionshare e.g).
i do not care of u.s.a problems : they have created it from scratch , it does not exist outside : social credit or ai comes from u.s.a bankers innovation.
i do not like the false assertion saying that racism is bad or melting-pot is the right attitude :
the incompatibility between human being is an evidence which imperialism/colonialism is the source.

I have noticed the same thing for many months and have the same question.

I think it's quite possible that this is innocuous, but I also think someone knowledgeable should check up on the issue.

I along with others appear to have posted this question to several places on the web and there has been no real solid answer so far, nothing but kick the can type of shit.

The best "places on the web" to post this question, are not here but Tails wonderlands (tails.boum.org).

Trying to answer this here, it indicates a (temporary?) error to obtain an essential file from the Debian archive via its official onion mirrors (as announced on onion.debian.org). First, make sure you are running the latest stable version of Tails (3.1 as of writing) and if it occurs again, you could use the hammer (systemctl restart tor.service) to force building new circuits and then, just try again (apt update).

There are always been alternative to "web forums" AFAIK, browse Tails website to learn about them.

Anyway, this might be wider in scope than just Tails (I didn't investigate that particular issue), see Ned Ryerson's links

> There are always been alternative to "web forums" AFAIK, browse Tails website to learn about them.

First, I am assuming we are talking about anon comms, so mailing lists and IRC unprotected by Tor are out. If you are making a different assumption you should clarify.

Second, I have used Tails since zero point something. Over the years the comms channels with the devs has evolved greatly, in part owing to events beyond their control, but it has always been very difficult.

Whisperback can be useful in small doses but many users may not realize that Whisperback does not encrypt comments by default, and if no valid email and public key is provided, Tails cannot reply. So this is at best one-way communication.

Despite these issues, Tails is a wonderful product and I think everyone should use it often.

Various people have offered email/XMPP clearnet/onion services in the past, without rejecting Tor users. Are there none left? I can guess why Tails support moved from IRC to XMPP, Tails OS still includes a preconfigured Pidgin client for both over Tor. Does it fail?

That is true, and I agree it is a serious problem, one which Tails Project is working to mitigate, but it is a hard problem.

Another is the difficulty of rapidly acquiring (e.g. from random system noice) high quality entropy when your system has only recently booted up, which poses a problem for cryptography. Once high-quality entropy generators become more widely available, this should be solvable.

Nevertheless, Tails is an essential tool, especially for applications where using an "amnesiac OS" is crucially important. Such applications are often off-line, so that the above problems are less relevant.

(-:

There's a thread at TAILS' Developer Mailing List:
https://mailman.boum.org/pipermail/tails-dev/2017-August/011610.html

No solution from them, yet. Expect that link to disappear though. They had a users type of ML open twice and twice they closed it to the public. What good is a ML if you can't specify a public one for users?

And there's this at the Debian Users Mailing List:

https://lists.debian.org/debian-user/2017/08/msg01420.html
With no solution yet, either! But at least some users tried to help. One would think this matter would be passed on to whomever runs the hidden service!

> The best "places on the web" to post this question, are not here but Tails wonderlands (tails.boum.org).

It's been posted to TAILS -and- Debian mailing lists with no solution in sight. Posting here is an attempt for this bug to catch more eyes, being as this is Tor, TAILS, and Debian related.

> force building new circuits and then, just try again

Tried and failed even after system reboots. This is why I'm posting this issue here as well, more eyes and the lack of a solution.

Just to clarify:

When I am updating my non-amnesiac OS (Debian stable) via the onion mirrors, I sometimes experience problems including the one you mentioned (other issues may be related to server load). As someone mentioned, restarting (Debian) Tor service with systemctl sometimes works. If not, try waiting a few hours (off-line) then try again. In my experience rebooting makes no difference, these problems appear to be issues with the onion mirrors.

According to my understanding, you should *not* use the onion mirrors to try to update a Tails system, but rather wait for the next issue of Tails to appear. Regardless of whether you boot from a R/O DVD (the most secure method) or a USB (much more convenient but less secure).

It seems there is considerable interest from the Debian community in using the onion mirrors, so I hope the people who maintain the onions will post a followup in this blog, correcting any misunderstandings which have arisen among users.

> I'm seeing this in Tails when I refresh the package repositories

Oops, previously overlooked "in Tails". AFAIK, Tails does not intend anyone to try to update software on their Tails system using the onion mirrors for the Debian repositories, although you should follow that route when you are using your non-amnesiac OS, if you use Debian.

However, I have noticed this issue when updating Debian stable via the onion mirrors. AFAIK it is innocuous, but I worry. Good answers would have to come from the people who maintain the onion mirrors. Since I think they sometimes read this blog, perhaps they can look into the issue?

Anonymous

August 25, 2017

Permalink

Big malware time? Look at the metric figures for the netherlands 2017-07-28 / 2017-08-25. 7 to 8 times higher than the usual average of 35.000 and 45.000 users at most.
By the way, you would't believe it months ago and also kept censoring warnings on this topic on your website, but the dutch have finally their big surveillance law and it will be starting at the first of january 2018 (officially).
Reason enough to use Torbrowser because the dutch will wiretap all traffic that is trespassing and they will share it worldwide. But that is probably not the reason for this 8 time doubling usertraffic. Dutch privacy awareness is not really a general topic and therefor not a reason to change internet behavior.
Any how, I guess that dutch surveillance teams will absolutely try to focus on timing attacks and all the tricks you can do when controlling or monitoring dutch (entry/middle and exit)nodes. Maybe it is better tot totally stay away from dutch nodes, dutch unencrypted websites an (free) services (and servers gifts anybody?) at all!

> By the way, you would't believe it months ago and also kept censoring warnings on this topic on your website, but the dutch have finally their big surveillance law and it will be starting at the first of january 2018 (officially).

I don't know why TP appears to sometimes censor well-intentioned warnings from users, but it's possible that they already knew about developments in NL from other sources. It's also possible that they know something we don't about political threats inside the US, where TP is based. So while I sometimes share your frustration about apparent censorship even in this blog, I think we all need to try to give TP employees the benefit of the doubt.

The UK and NL dragnets are global in scope, particularly for Tor users, so we should all be at least somewhat concerned. UK is part of FVEY, and NL has been very close to US FBI for many years (as was discussed in this blog several years ago), and FBI attacks computers all over the world, so...

Dutch people, British people, and US people should certainly use Tor Browser (or Tails) for all their browsing. We are all, it seems, at risk.

> 8 times higher than the usual average of 35.000 and 45.000 users at most.

Could this be related to a new family of tor nodes? Nusenu?

Intels all over the planet have long been snooping as much as they can, irrespective to their legal frameworks. Themselves are crying and crying they'd have no other choice to carry on, qualifying their own practices "a-legal" openly, to press their parliaments pass batches of new bills in emergency procedures to cover their *sses retroactively.

Sure, more encryption won't hurt koalas. Knowing what percentage of relays are actually run by which Intels, is another story.

> more encryption won't hurt koalas.

The book Future Crimes by Marc Goodman should scare the bejesus out of ordinary computer users who have somehow missed all the bad news about consumer device insecurities. Given that Goodman is a former FBI agent, it is not surprising that Tor users will disagree with the unrelentingly dark portrait he paints of Tor, but the interesting fact in this context is that after leaving FBI and spending time with computer experts, Goodman broke with FBI doctrine and in his book strongly *supports* strong crypto for all. Thus I urge TP's media team to read the book because I think this can be useful in persuading powerful US Congresspersons that FBI doctrine is dead wrong when it comes to encryption.

Goodman also acknowledges advice from Steve Santorelli, another person with US LEA background, who is only one hop from the Tor Project board, so Goodman is "selectable" by NSA under the two hops calling circle policy (reduced from three hops by Obama but possibly secretly increased again bhy Drumpkim).

It appears possible to me that if TP reaches to Goodman, we might be able to persaude him that he is wrong about Tor too. This is not inconsistent with my warning about bringing TLA moles into TP, because all TP employees would be fully aware of his strong TLA connections when they speak to him.

> Intels all over the planet have long been snooping as much as they can, irrespective to their legal frameworks.

The most dangerous spooks are arguably employed by NSA, although I think we should all be very worried about CN, RU, an increasing number of MEA (Middle East and Africa) nations, and even EU (e.g. UK, DE, FR, and as someone else mentioned NL). The book American Spies by Jennifer Grannick (formerly of EFF) is a superb survey, focusing on the issue of the enormous and shocking illegality of the NSA enterprise, and the way in which US TLA's abuse language to disguise this illegality. Possibly the best chapter in the book is her impassioned defense of unbackdoored cryptography for all. Thus I urge TP's media team to read this book also, so that they can use its arguments in discussions with journalists and policy advisors.1

Thank you for your post.
The book Future Crimes by Marc Goodman > it is translated in different language and if a free download is provided by yourself or another guy ; i should read it.
book American Spies by Jennifer Grannick (formerly of EFF) > same.
the real challenge is create a community and make the encryption a right, not a path for their interest.

We noticed the strange increase in users from the Netherlands. There are also recent unexplained increases in the Seychelles, Lithuania, and Romania. Here is a post about it: https://lists.torproject.org/pipermail/metrics-team/2017-August/000428.html.

We have a wiki page where we keep track of occurrences like these, and write explanation when we know of them: MetricsTimeline. You're welcome to add entries to the page.

The same data also appears (in a read-only form) on the Tor Metrics site: Tor Metrics News.

Anonymous

August 26, 2017

Permalink

IF YOU RESTART YOUR TOR BROWSER WHY IS THE CLIPBOARD ON YOUR CPU NOT CLEARED? YOU CAN COPY AND SAVE AND RESTART TOR AND STILL PASTE PREVIOUS CLIPBOARD FROM TOR INTO NEW TOR...IS THAT SAFE?

That's what your clipboard is designed to do, it's not a bug, it's a feature (provided by your OS) and has nothing to do with Tor Browser.

NOW RELAX AND STOP SHOUTING! :)

If you find this unsafe, read about "Security by Isolation" and read about virtual machines and sandboxes, SubGraph OS, Whonix, Qubes, etc.

> That's what your clipboard is designed to do, it's not a bug, it's a feature (provided by your OS)

I don't disagree with that as far as it goes, but I fear you (and the devs) are overlooking abuses of the clipboard by the bad guys (spooks, crims). The Snowden leaks include documents showing that NSA/TAO is interested in messing with the clipboard, which should set off alarm bells IMO.

Tor Browser is different from other browsers in that TB users are more endangered by exploitable flaws.

@ ALL CAPS:

Really, please do turn off your caps lock, it isn't helping us to understand your issue.

> but I fear you (and the devs) are overlooking abuses of the clipboard

See the second part of my previous comment.

> by the bad guys

These have a lot more attack surface, than time to exploit it all :) I don't look at Tor/i2p/* as magic fortresses for individual secrets, but as tools to increase costs of surveillance and censure, for use by the largest part of the population.

Not quite there yet, according to Metrics we're in progress, and back on topic! :)

costs of surveillance and censure, for use by the largest part of the population.

Yes, I entirely agree with that.

It's an arms race, and contrary to what some naysayers would have us believe, dramatically raising the costs for and (exposure) risks to attackers appears to be an achievable goal.

Many thanks to all the devs and other citizens who are working towards this end!

Anonymous

August 26, 2017

Permalink

HOW TO BYPASS THE CAPTCHA ANY WAY TO STORE A UNIVERSAL CACHE THAT EVEYRONE CAN USE TO BYPASS THE CATCPCHA? THAT THING IS ANNOYING!

Anonymous

August 27, 2017

Permalink

torproject.org : dane-validated successfully

does tor browser dane-validate successfully ?
i have not found an information about that and do not see a hidden dane validator in the addon.

is dane yet implemented in a hidden way ?
is dane a danger running tor browser ?
why have you chosen ocsp ?
does dane interfere with https -everywhere ?
could dane do a better job than ocsp ?

Metrics : do you think that with these minor updates/improvement the number of download of Tor will increase or decrease (incompatibility:crash) ?

Anonymous

September 02, 2017

Permalink

no thanks eff bug !
https-everywhere 2017.8.31 still broken !
last updated september 2 2017
setting/icon is locked on blue : block all uncrypted request (unchecked blocked)
special humour day or glamour cia gay
do they use their add-on ?
that's a shame !
(and no link_email for report it)

by the way , is an .onion without https safe (mitm ?) ?

Join the discussion...

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

11 + 4 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.