Tor Project is looking for a Communications Director!

The Tor Project is looking for a Communications Director!

This senior level position will report directly to the Executive Director and will be part of the organization's leadership team. The Communications Director will set and guide the strategy for all communications and public relations messages to consistently articulate the Tor Project's mission. This job includes working closely with this diverse, international community of people who make Tor and related software products. This is a hands-on position for a highly skilled communications professional.

This is a full-time position. The Tor Project’s main office is in Seattle, and we’d be delighted to supply a desk for the Communications Director there, however, this job can be done remotely. Knowledge of media and press contacts within the United States is essential.

The job description, including instructions on how to apply, can be viewed here: https://www.torproject.org/about/jobs-comm-director.html.en

If you know someone who would be awesome at this job, please direct them to the job posting!

Cheers,
Erin Wyatt
HR Manager

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

What about Kate Krauss? Where is she?

Kate is still with us, but she will be leaving in March.

so i was wondering what was going to happen to Orweb for orbot. is someone else going to keep up the development or are you guys going to throw it away entirly?

Orfox replaces Orweb. Orweb is a bug-ridden mess that was lousily coded together. Orfox is made by the same project but is a closer fork of the original Firefox Mobile and Tor Browser code-base. I don't see any reason existing for using Orweb over Orfox.

When I read this post I hoped that a Communications director was going to finally carry the task of expanding the translation for the Tor Browser. Democratize security and privacy on internet through Tor cannot, in no way, be achieved without a consistent work on translation. The call for contribution on the site leads to Transifex, where many translation projects have already been done. It seems to last for about 3 years. So, one could reasonably ask when versions of Tor will be available to at least a dozen of languages.
Thanks

Translation for Tor Browser is indeed an important item to work on, but also as you say it is different from a communications director.

Translation for Tor Browser is in scope for the applications team:
https://trac.torproject.org/projects/tor/wiki/org/teams/ApplicationsTeam

And speaking of versions of Tor available in at least a dozen languages, you can find 16 languages here:
https://www.torproject.org/projects/torbrowser.html.en#downloads

oh ok kool. any suggestions for lighter alternative because my phone is a moto e 2nd gen with 800mb RAM(wich is apparently low...). and orfox is timing out and crashing constantly. lightning browser also keeps kicking me out of incognito mode and i cant find a trusted multi tab browser -although i sometimes use duckduckgo app but only 1 tab cuz its a quick search- that works properly

WHY DON"T YOU SIMPLIFY TOR CODING? I MEAN IF YOU HAVE THE BASIC CODING YOU DO NOT REALLY NEED TO KEEP UPDATING IT BECAUSE THE CORE CODE IS THERE AND THAT IS IT TO PROTECT SECURITY AND PRIVACY AND YOUR ID. CODE IS STILL CODE. JUST MAKE A QUANTUM TOR SYSTEM THAT IS IMPENETRABLE FOREVER. THAT IS IT!

Maybe this should be a good interview question for the communications director position. :)

I suspect the OP might not be entirely serious, but I'll take a stab at trying to make some very basic points:

> WHY DON"T YOU SIMPLIFY TOR CODING?

Complexity is the enemy of security, so it is certainly desirable to keep the code (especially for core functions) as simple as possible. However, Tor software must attempt to address many problems which are unfortunately far from simple, which leads to some hard to reduce complexities.

> I MEAN IF YOU HAVE THE BASIC CODING YOU DO NOT REALLY NEED TO KEEP UPDATING IT

In an ideal world, coders would have reliable proofs that their software is free of security flaws. Indeed, for decades leading researchers have struggled to provide just such a framework. Pretty much everyone agrees (sadly) that they have failed, completely and utterly.

In the real world, coders are in an endless arms race against state-sponsored bad actors (and other kinds of bad actors) who continually uncover and exploit flaws which the good guys have overlooked. For this reason, every cybersecurity expert (as far as I can see) says that the single most important thing anyone can do to improve their security is to promptly update their software as soon as security patches are released. In the case of Tor Browser, Tails, etc., this means promptly updating as soon as the latest stable version is released.

> BECAUSE THE CORE CODE IS THERE AND THAT IS IT TO PROTECT SECURITY AND PRIVACY AND YOUR ID. CODE IS STILL CODE.

??

> JUST MAKE A QUANTUM TOR SYSTEM THAT IS IMPENETRABLE FOREVER. THAT IS IT!

Oh my, if only one could wave a magic wand and make everything secure against quantum computer attacks. And if you were talking about quantum encryption, as far as I know this is best described as a research topic on which many smart people have been working for years, but which is so far not practical for everyday use on the Internet as it now exists.

Unfortunately, in keeping with the incredible disparity between (current) offensive techniques and (currently available) defenses, my understanding is that hybrid quantum-conventional computers designed to *break* existing encryption is coming on line far faster than well tested quantum encryption which could potentially defeat quantum cryptanalysis of conventional cryptography.

NIST (a small US federal agency which has had a USG mandate to produce industy standards for strong cryptography for use by US businesses and private citizens, and which has suffered in the recent past from being gulled by NSA and is determined to resist future NSA efforts to mess with NIST) has devoted a considerable part of its limited budget to fostering research into resisting quantum computing attacks on cryptography in conventional computers. Long known alternative public key methods may turn out to be more resistant than RSA, for example. And the greatest risk appears to threaten public key encryption, not the kind of encryption used by LUKS to encrypt hard drives or USBs. This may help to calm some (but not all) fears about quantum cryptanalysis.

Not that I am applying for the position myself :)

> In the real world, coders are in an endless arms race against state-sponsored bad actors (and other kinds of bad actors)

Hugh Grant?

will he/she plan to be in contact with dev team who are not working for Torproject like dev mac or dev grc or dns operators ?

Will Communications Director and Executive Director be based in same US city? (Seattle?) This could have enormous advantages for planning strategy, but is also a potential danger as the situation for US NGOs becomes increasingly perilous.

As a project, suggest reaching out to staffers for members of Congress who are members of the Privacy Coalition.

As the job page says, "The Tor Project’s main office is in Seattle, and we’d be delighted to supply a desk for the Communications Director there, however, this job can be done remotely. Knowledge of media and press contacts within the United States is essential."

So, they won't necessarily be in the same city, but maybe they will be. We'll see!

hi,
should it be possible to add like an pop-up or alarm saying:
:
- cookies enable
- https not enabled
- javascript enable

sometimes i forgot i did few hours before ... these pop-up will be a nice reminder/improvement for distrait/tired person like me.

i do not know where posting this request : sorry for the inconvenience.
thanks.

I think that would result in a lot of pop-ups leading to pop-up fatigue which is not a good idea. I think your best bet is getting used to use the security slider Tor Browser ships. Regarding the place to post this idea. The tor-talk mailing list would be a good venue for discussing ideas. If you have a particular feature request to implement our bug tracker at trac.torproject.org would be a good place.

hi
are torproject torbrowser users subjected to mozilla company legal/terms etc? for an example, could torproject torbrowser be compromised indirectly and perhaps unknowingly by a legal process on mozilla company? thanks

We just take the code and add our own patches to it. We are not bound to any legal orders reaching Mozilla.

@gk:

Can you explain how Debian Project cryptographically signs debs?

Someone who I hope was merely trolling suggested that when a Debian user installs software from anything other than the main repository, the software is not verified cryptographically.

I am also unclear on whether debs are signed individually, or whether the signature refers to a list of MD-5 hashes. If the latter, I fear that is inadequate against adversaries such as NSA.

This is of course relevant to those who use Tor to download debs via the Onion mirrors, since our judgment that this is a safer depends heavily upon assuming that the debs are securely signed, since one can expect adversaries to mess with anything involving onions.

hardened tor work on linux suse 64 bit ,but can not start on solaris 11.3
Where is possible ground ?
in Solaris for equal downloading

tar -xvJf ...tor*

J -unknown function modifier

Solaris not support tar.xz ?

Exist version of otr in tar.gz

Hi gk, rest of team,

tanks for your work! As I have no other way of contacting you and this is the most recent blog post:

What about bug #19369 ? Is this really unfixable as it is already known for 7 or 17 months respectively since bug #16889.
I suppose there was a reason for the latter bugs "solution" beeing the slogan of the 33c3.

Relatively sure it wasn't a problem for me in the 5.x versions on windows (yeah I know, need it for work) but as it now seems to have happened at least once in linux (https://tor.stackexchange.com/questions/11876/never-remember-history-is-not-the-default-setting-tbb-6-0-1-on-lubuntu-14-04) , mac and windows versions, wouldn't that suggest a general issue?

Tested it with installs on 3 different locations and even 2 different exe versions, first verified, and it occurs every time while still on default settings.
So?...

It is certainly not unfixable. Is that more than a usability issue? It seems to me Tor Browser is still working as expected or do you have evidence to the contrary?

WTF ?

I don't get it. Now I have the same fucking privacy preferences bug on TAILS!!! Tor browser upon first startup is not set to "never remember history" but on "use custom settings for history" with cookies enabled for 1 party only.
I can uncheck the cookie box but for the live of me can't change it back to not remembering what sites I've visited which all are visible under the "recently closed tabs" section of the history.

Pls, any advice would be appreciated on how I could have that bug on windows and tails...

> Now I have the same fucking privacy preferences bug on TAILS!!!

Tails 2.9.1? Did you burn a verified ISO image to a DVD, or are you using a USB?

Possibly, although I hope this is very unlikely, your USB has been maliciously modified.

> Tor browser upon first startup is not set to "never remember history" but on "use custom settings for history" with cookies enabled for 1 party only.

Are you looking at the Preferences menu obtained by pressing the button at upper right with horizontal bars (whatever that iconography is supposed to suggest!) in Tor Browser window?

I can't find the item you mention.

It's possible that Tails devs have made some odd-seeming choices as they try to balance anonymity, security, and usability, three somewhat contradictory goals. Also, it can be very hard to make default choices which are ideal for every user--- personal situations and locations vary so widely.

Tails 2.10 was just released, so anyone having problems with Tails 2.9.1 (or not) should upgrade.

This position seems like it would be fairly endless damage control. The media is totally out to get you, no matter how well-connected you are.

That's part of the challenge -- yes there's some damage control to be done, but we need to get ahead of it and tell people about the great things we do, rather than always spending our time denying the misinformation from attackers.

@ Roger:

Plus one for following the strategy of getting ahead of the curve by anticipating and attempting to thwart in advance hostile spook-friendly "spin" of stories involving Tor in some way.

Tails 2.10 includes OnionShare, which should prove invaluable for anyone who needs to share files securely on an ad hoc basis (e.g. two medical providers, a lawyer and her client, a reporter and his source, a cybersecurity researcher and the developer of a flawed app, two climate scientists who want to share raw data or draft papers... the list goes on an on). This is a fine example of the kind of positive development the Media team could try to highlight in discussions with reporters. Far from making problems for the many USG agencies suffering from security issues, Tor can be part of the solution! And we need to try to educate them about that.

An easier half hour project would be to collect permalinks to all the Tor at the Heart series posts and put them in an easily found page, so that Tor advocates can point non-users who need to start using Tor to them.

Has anyone else encountered a strange problem while using Tor Browser in which certain entry nodes seem to consistently create a huge clock skew while trying to connect to the Tor network, resulting in onion services being unusable or even in being unable to fetch the Tor consensus?

@ Roger:

If you see a message saying "unable to fetch Tor consensus", but ten minutes later the Tor icon appears and Tor Browser suggests one is indeed using Tor, is it safe to use Tor or does this mean one is using Tor without a known good consensus? That could be bad if a state actor has compromised enough Directory Authorities, yes?

Need some advice from Tor Project.

Trying to reach a reporter at buzzfeed.com using Tor.

The website buzzfeed.com (or an adversary injecting a spoofed page?) gives PGP fingerprints for some reporters, which allow me to fetch public keys. But these are only self-signed, which seems suspicious.

Further, at the website buzzfeed.com, the PKI certificate is not registered to buzzfeed but to Fastly Inc in San Francisco/

(The serial number of the cert I see is 40:92:D1:F8:BE:FA:C3:C5:D4:57:66:94)

Is this evidence that a tech-savvy reporter misunderstands web of trust, or that an adversary is trying something ugly?

Does anyone know whether Buzzfeed has a Secure Drop site? Similar questions about verifying that a given onion really is operated by buzzfeed.com.

ACLU is also going hi-tech in its effort to win hearts and minds:

https://arstechnica.com/tech-policy/2017/01/aclu-turns-to-y-combinator-for-leading-edge-tech-skills-to-battle-trump/
Flush with anti-Trump donations, ACLU gets Y Combinator’s mentorship
ACLU raised $24 million over the weekend in wake of Trump's immigration order.
David Kravets
31 Jan 2017

> President Donald Trump has been good to the American Civil Liberties Union—that is, his policies have. The New York-based civil rights group said it collected as much as $24 million in donations over the weekend in response to the president's executive order on immigration. So what's a nearly century-old civil-rights law firm to do with all that cash? Well, join Y Combinator as a non-profit tech startup—of course—and receive the startup accelerator's mentorship.
> ...
> Anthony Romero, the ACLU's executive director, told Ars in an e-mail that the rights group hopes to get Y Combinator to teach it how to spread its message. He wants the ACLU to "be at the leading edge of technology."

> The Tor Project’s main office is in Seattle

Your mail drop is a short walk to both the FBI Seattle field office and the USCG maritime intelligence center. And to customary protest march paths.

I doubt that this entirely explains so much FBI surveillance (agents both in vehicles and in C-182T and C-206H aircraft such as N921LS, N879WM, N632TK).

Be careful out there!

https://theintercept.com/series/the-fbis-secret-rules/

> N921LS

The published pictures (e.g. at Wikimedia commons) are out of date. This Cessna 206H is now all white and sports an L-3 WESCAM camera turret on the right side just abaft the passenger cabin. New tactics: wide circles at about 6000-8000 feet alternating with low-level passes at about 1500 feet above ground or less. Often seen with an all white Robinson R-22 beta II two seater helicopter, N300JM. When Tor people venture near Pioneer Square, these are among the most likely spy aircraft you will see if you look up.

Beware of spooky black helicopters from the New World Order poisoning you with chemtrails while you're at it.

Can Tor Project reach out to the RO protestors to increase use of Tor by ordinary citizens in RO?

https://www.theguardian.com/world/2017/feb/06/27-years-of-corruption-is-enough-romanians-on-why-theyre-protesting
'27 years of corruption is enough': Romanians on why they are protesting
Thousands of Romanians have spent six nights marching in towns and cities across the country. We asked them why
Carmen Fishwick and Guardian readers
6 Feb 2017

Experience gained in RO could be useful for a similar US campaign:

https://www.theatlantic.com/magazine/archive/2017/03/how-to-build-an-autocracy/513872/
theatlantic.com
How to Build an Autocracy
The preconditions are present in the U.S. today. Here’s the playbook Donald Trump could use to set the country down a path toward illiberalism.
David Frum
March 2017

Have comments been closed in all the earlier Tor at the Heart series?

Wanted to ask Rachel for comments on this:

https://cran.r-project.org/src/contrib/stylo_0.6.4.tar.gz
https://journal.r-project.org/archive/2016-1/eder-rybicki-kestemont.pdf

Can Rachel provide defenses in a TP product?

> Have comments been closed in all the earlier Tor at the Heart series?

Not yet, it seems.

Rachel?

Post new comment

  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <em> <strong> <cite> <code> <ul> <ol> <li> <b> <i> <strike> <p> <br>

More information about formatting options

Syndicate content Syndicate content