Today, the board of directors of the Tor Project is announcing a bold decision in keeping with its commitment to the best possible health of the organization.
Says Tor's Executive Director Shari Steele, "I think this was an incredibly brave and selfless thing for the board to do. They’re making a clear statement that they want the organization to become its best self."
A Statement from the Board of Directors of The Tor Project
As Tor's board of directors, we consider it our duty to ensure that the Tor Project has the best possible leadership. The importance of Tor's mission requires it; the public standing of the organization makes it possible; and we are committed to achieve it.
We had that duty in mind when we conducted an Executive Director search last year, and appreciate the leadership Shari Steele has brought. To support her, we further believe that it is time that we pass the baton of board oversight as the Tor Project moves into its second decade of operations.
Accordingly, we are pleased to announce an excellent slate of new directors who have agreed to serve on Tor's board. The old directors have, as of July 12, 2016, elected these directors as the new Tor board:
Roger Dingledine and Nick Mathewson will continue in their roles as co-founders of the Tor Project, leading Tor's technical research and development. We will all continue to support Tor's mission, community, management, and organization; and we are happy to offer Shari, the new board, and the entire team our help and knowledge. We thank the Tor community for their patience and help in this transition.
Meredith Hoban Dunn
Rabbi Rob Thomas
Biographies of Incoming Board Members
(Photos available upon request)
Matt Blaze is a professor in the computer and information science department at the University of Pennsylvania, where he directs the Distributed Systems Laboratory. He has been doing research on surveillance technology for over 20 years, as well as cryptography, secure systems, and public policy.
Cindy Cohn is the Executive Director of the Electronic Frontier Foundation (EFF). From 2000 to 2015 she served as EFF’s Legal Director as well as its General Counsel. Ms. Cohn first became involved with EFF in 1993, when EFF asked her to serve as the outside lead attorney in Bernstein v. Dept. of Justice, the successful First Amendment challenge to the U.S. export restrictions on cryptography. Since then, Ms. Cohn has worked to ensure that people around the world have the right to access information and communicate privately and anonymously, including mounting lawsuits against NSA spying, providing legal counsel to computer programmers building and developing privacy and anonymity tools, and helping to develop the Necessary and Proportionate Principles applying international human rights standards to digital communications surveillance.
The National Law Journal named Ms. Cohn one of 100 most influential lawyers in America in 2013, noting: "[I]f Big Brother is watching, he better look out for Cindy Cohn." She was also named one of the 100 most influential lawyers in 2006 for "rushing to the barricades wherever freedom and civil liberties are at stake online." In 2007 the National Law Journal named her one of the 50 most influential women lawyers in America. In 2010 the Intellectual Property Section of the State Bar of California awarded her its Intellectual Property Vanguard Award and in 2012 the Northern California Chapter of the Society of Professional Journalists awarded her the James Madison Freedom of Information Award.
Bruce Schneier is an internationally renowned security technologist; called a "security guru" by The Economist. He is the author of 14 books -- including the New York Times best-seller Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World -- as well as hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram" and blog "Schneier on Security" are read by over 250,000 people. Schneier is a fellow at the Berkman Center for Internet and Society at Harvard University, a Lecturer in Public Policy at the Harvard Kennedy School, a board member of the Electronic Frontier Foundation and the Tor Project, and an advisory board member of EPIC and VerifiedVoting.org. He is also a special advisor to IBM Security and the Chief Technology Officer of Resilient.
Gabriella (Biella) Coleman holds the Wolfe Chair in Scientific and Technological Literacy at McGill University. Trained as an anthropologist, her scholarship explores the intersection of the cultures of hacking and politics, with a focus on the sociopolitical implications of the free software movement and the digital protest ensemble Anonymous. She has authored two books, Coding Freedom: The Ethics and Aesthetics of Hacking (Princeton University Press, 2012) and Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous (Verso, 2014), which was named to Kirkus Reviews’ Best Books of 2014 and was awarded the Diana Forsythe Prize by the American Anthropological Association. Her work has been featured in numerous scholarly journals and edited volumes. Committed to public ethnography, she routinely presents her work to diverse audiences, teaches undergraduate and graduate courses, and has written for popular media outlets, including the New York Times, Slate, Wired, MIT Technology Review, Huffington Post, and the Atlantic.
Linus Nordberg is a longtime internet and privacy activist who has been involved with Tor since 2009. He's a software developer who specializes in network security and operating internet services. Since his start at Tor he's developed code, run services, and advocated for the Tor Project. He's one of the founders of the Swedish digital rights organization DFRI (Digitala Fri- och Rättigheter) and through that involved in the European umbrella public policy organization EDRi (European Digital Rights).
Megan Price, Executive Director of the Human Rights Data Analysis Group, designs strategies and methods for statistical analysis of human rights data for projects in a variety of locations including Guatemala, Colombia, and Syria. Her work in Guatemala includes serving as the lead statistician on a project in which she analyzes documents from the National Police Archive; she has also contributed analyses submitted as evidence in two court cases in Guatemala. Her work in Syria includes serving as the lead statistician and author on three reports, commissioned by the Office of the United Nations High Commissioner of Human Rights (OHCHR), on documented deaths in that country.
Megan is a member of the Technical Advisory Board for the Office of the Prosecutor at the International Criminal Court, a Research Fellow at the Carnegie Mellon University Center for Human Rights Science, and she is the Human Rights Editor for the Statistical Journal of the International Association for Official Statistics (IAOS). She earned her doctorate in biostatistics and a Certificate in Human Rights from the Rollins School of Public Health at Emory University. She also holds a master of science degree and bachelor of science degree in Statistics from Case Western Reserve University.
The Tor Project develops and distributes free software and has built an open and free network that helps people defend against online surveillance that threatens personal freedom and privacy. Tor is used by human rights defenders, diplomats, government officials, and millions of ordinary people who value freedom from surveillance.
The Tor Project's Mission Statement: "To advance human rights and freedoms by creating and deploying free and open anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding."
For media inquiries, contact press at tor project dot org.
Tor 0.2.8.5-rc has been released! You can download the source from the Tor website. Packages should be available over the next week or so.
Tor 0.2.8.5-rc is the second release candidate in the Tor 0.2.8 series. If we find no new bugs or regressions here, the first stable 0.2.8 release will be identical to it. It has a few small bugfixes against previous versions.
PLEASE NOTE: This is a release candidate. We think that we solved all of the showstopper bugs, but we also thought the same thing about 0.2.8.4-rc: crucial bugs may remain. Please only run this release if you're willing to test and find bugs. If no showstopper bugs are found, we'll be putting out 0.2.8.6 as a stable release.
Changes in version 0.2.8.5-rc - 2016-07-07
- Directory authority changes:
- Urras is no longer a directory authority. Closes ticket 19271.
- Major bugfixes (heartbeat):
- Fix a regression that would crash Tor when the periodic "heartbeat" log messages were disabled. Fixes bug 19454; bugfix on tor-0.2.8.1-alpha. Reported by "kubaku".
- Minor features (build):
- Minor bugfixes (fallback directory selection):
- Avoid errors during fallback selection if there are no eligible fallbacks. Fixes bug 19480; bugfix on 0.2.8.3-alpha. Patch by teor.
- Minor bugfixes (IPv6, microdescriptors):
- Don't check node addresses when we only have a routerstatus. This allows IPv6-only clients to bootstrap by fetching microdescriptors from fallback directory mirrors. (The microdescriptor consensus has no IPv6 addresses in it.) Fixes bug 19608; bugfix on 0.2.8.2-alpha.
- Minor bugfixes (logging):
- Reduce pointlessly verbose log messages when directory servers can't be found. Fixes bug 18849; bugfix on 0.2.8.3-alpha and 0.2.8.1-alpha. Patch by teor.
- When a fallback directory changes its fingerprint from the hard- coded fingerprint, log a less severe, more explanatory log message. Fixes bug 18812; bugfix on 0.2.8.1-alpha. Patch by teor.
- Minor bugfixes (Linux seccomp2 sandboxing):
- Allow statistics to be written to disk when "Sandbox 1" is enabled. Fixes bugs 19556 and 19957; bugfix on 0.2.5.1-alpha and 0.2.6.1-alpha respectively.
- Minor bugfixes (user interface):
- Remove a warning message "Service [scrubbed] not found after descriptor upload". This message appears when one uses HSPOST control command to upload a service descriptor. Since there is only a descriptor and no service, showing this message is pointless and confusing. Fixes bug 19464; bugfix on 0.2.7.2-alpha.
- Fallback directory list:
- Add a comment to the generated fallback directory list that explains how to comment out unsuitable fallbacks in a way that's compatible with the stem fallback parser.
- Update fallback whitelist and blacklist based on relay operator emails. Blacklist unsuitable (non-working, over-volatile) fallbacks. Resolves ticket 19071. Patch by teor.
- Update hard-coded fallback list to remove unsuitable fallbacks. Resolves ticket 19071. Patch by teor.
Georg Koppen is a longtime Tor browser developer. He and Tor developer Mike Perry worked to integrate Selfrando into Tor browser.
Tell us about Selfrando, the new code being tested for Tor Browser.
Selfrando randomizes Tor browser code to ensure that an attacker doesn't know where the code is on your computer. This makes it much harder for someone to construct a reliable attack--and harder for them to use a flaw in your Tor Browser to de-anonymize you.
How were you and Tor's Mike Perry involved in the project?
We mainly worked on integrating Selfrando in Tor Browser where needed and tested it as well as we could. We closely read the paper and helped to improve it. The bulk of the work was done by the other researchers. These are Mauro Conti, Stephen Crane, Tommaso Frassetto, Andrei Homescu, Per Larsen, Christopher Liebchen, and Ahmad-Reza Sadeghi.
Can you talk about Tor's relationship with the research community?
Tor relies on the research community to ethically investigate unsolved issues with Tor software. We work closely with research groups in the anonymity space, the security space, in privacy research, etc.
Tor is the focus of many researchers. We have rigorous documentation and open, transparent development processes. We also have a working product, Tor Browser, that easily reaches 1 to 2 million users, with testing channels where one can try new defenses first and refine them as needed, as we are doing with the Selfrando project.
When will Selfrando be available for ordinary Tor users (in the stable version)?
The first thing to note here is that Selfrando is currently only available for a fraction of our users; those who have a 64-bit Linux systems. The Selfrando folks are working on a version for Windows which is not yet ready.
I think that Tor browser version 6.5 might be a bit too early for a stable release. However, if user testing shows this is okay, Selfrando will make it in. A more conservative approach is pointing to Tor browser version 7.0.
That’s a pretty long time from now (next Spring!) How can people help Tor speed it up?
We need more users testing things--more experienced people trying out our nightly/alpha builds.
Selfrando's development is good so far and the browser integration work has not been so tricky; the main problem is being confident enough that it does not break some random user setups while everything is fine and working on our testing machines.
Specifically, we need more experienced people running Linux 64-bit operating systems to download and try our hardened nightly builds. They can download the latest hardened nightly build and look for the latest "nightly-hardened" build in general at https://people.torproject.org/~linus/builds/. Obviously, these are test versions of the Tor Browser--we're trying to look for bugs.
Will there will be future collaborations with these researchers?
To port Selfrando to Windows and OSX and make it available to our users, yes!
How do you feel about the fact that the research community is teaming up with Tor to strengthen Tor browser against attacks?
I think this is great as it gives us another valuable ally to make our users safer. And in the longer run, all other users with "normal" browsers could benefit from that, too.
The researchers behind Selfrando will present their project in July at the Privacy Enhancing Technologies Symposium in Darmstadt, Germany.
An advance copy of their research paper is available here.
Selfrando is available for use in other open-source projects on Github.
We are pleased to announce the sixth beta release of TorBirdy and the first in the 0.2 series: TorBirdy 0.2.0. All users are encouraged to upgrade as this release fixes numerous security and privacy issues.
Notable changes include fixing local timestamp disclosure in the date and the message-ID headers, as detailed in tickets #6314 and #6315. The patch for sanitizing the date header is shipped with TorBirdy. The patch for the message-ID header was submitted upstream to Mozilla and merged in Thunderbird 45, and it is therefore recommended that you upgrade to Thunderbird 45 if possible.
There are currently no known leaks in TorBirdy but please note that we are still in beta, so the usual caveats apply.
If you are using TorBirdy for the first time, visit the wiki to get started.
Other changes in this release include:
0.2.0, 27 Jun 2016
* Bug #6314: Prevent local timestamp disclosure via Date header
* Bug #6315: Prevent local timestamp disclosure via Message-ID header
* Bug #13721: Fix usage of wrong locale
* Bug #17426: Allow configuration of default email protocol
* Bug #15459: Add support for deterministic XPI generation
* Bug #11387, #13006: Fix non-standard EHLO argument
* Bug #17118: Allow manual account configuration for Gmail with OAuth2
* Bug #19031: Add and audit support for RSS reader
* Bug #7847: Audit and update support for NNTP
* Bug #10683: Update Thunderbird UI to reflect TorBirdy's state
* Bug #19330: Set secure defaults for outgoing mail servers
* Removed compatibility for older versions of Thunderbird and added support for Thunderbird 37+
* Added support for automatic configuration of Riseup email accounts
* Updated various privacy and security settings (see commit 2bdeffbb for a list of the changes)
* Update translations for current languages
Many thanks to Arthur Edelstein and the Tails Developers for this release!
We offer two ways of installing TorBirdy -- either by visiting our website (GPG signature; signed by
0xB01C8B006DA77FAA) or by visiting the Mozilla Add-ons page for TorBirdy. Please note that there may be a delay -- which can range from a few hours to days -- before the extension is reviewed by Mozilla and updated on the Add-ons page.
(Packages for Debian GNU/Linux will be created and uploaded shortly.)
Good news for data enthusiasts who trust numbers more than words: The Tor Project has just received an award from Mozilla's Open Source Support program to improve Tor metrics over the next 12 months.
While some analytics programs collect data in ways that violate the privacy of users, Tor's metrics program seeks to keep users safe as we collect and analyze data. We use the data to develop ways to allow more people to access the free Internet via Tor, and we make all data available to the world, so that Tor users, developers, journalists, and funders can see and understand the ways that people use Tor worldwide.
Mozilla's mission is to ensure the Internet is a global public resource, open and accessible to all. Mozilla Open Source Support (MOSS) is an awards program specifically focused on supporting the Open Source and Free Software movement. Their Mission Partners track is open to any open source/free software project undertaking an activity which significantly furthers Mozilla's mission.
Over the coming year, our main goals for this project will be:
1. To make CollecTor (our primary data collection service) more resilient to single-point failures, by enabling multiple CollecTor instances to gather data independently and exchange it in an automated fashion. Doing this will reduce the number of gaps in our data, and make it less likely that an error at one server will make the data invalid.
2. To create an easy-to-use observation kit containing DescripTor (our library for parsing and analyzing Tor servers' descriptions of themselves) together with user-friendly tutorials for evaluating Tor network data. This will make it easier for programmers to write tools that examine historical and current data about the servers that make up the Tor network.
4. To further reduce the amount of sensitive usage data (such as bandwidth totals and connections-per-country) stored on Tor relays and reported to the Tor directory authorities. While we believe that this data is safe the way we handle it today, we believe that improved cryptographic and statistical techniques would allow us to store and share even less data.
5. To improve the accuracy of performance measurements by developing better methods and tools to analyze and simulate average user behavior;
6. To make the Tor Metrics website more usable, so that users, developers, and researchers can more easily find, compare, and interpret information about Tor's usage and performance.
We're excited about this news for a great many reasons.
First, it is one more important step in diversifying Tor's funding.
Second, while the project focuses on improving six important aspects of Tor metrics, it also aims at more general improvements to make Tor metrics software more stable, scalable, maintainable, and usable. These improvements are typically harder to "sell" in funding proposals because their results are less visible to funders. It's reassuring that Mozilla understands that these improvements are important, too.
Third, this award is the first one awarded to Tor's young metrics team, only established 12 months ago in June, 2015. It's an appreciation of the initial work done by the metrics team and a very good basis for the upcoming 12 months.
Writing the award proposal was a successful cooperation of a number of Tor people: it would simply not have happened without Isabela, who made contact with Mozilla people; it would not have been readable without Cass's remarkable ability to translate from tech to English; it would not have contained as many good reasons for getting accepted without iwakeh's invaluable input; and it would not have been accepted without Shari's efforts in asking a leading security expert to write an endorsement of our award request. Finally, this blog post would certainly not have been as readable without Kate's and Nick's editorial capabilities. And now let's go write some code.
Tor Browser 6.0.2 is a fixup release to address the most pressing issues we found after switching to Firefox 45.2.0esr.
In particular, we resolved a possible crash bug visible e.g. on Faceboook or mega.nz and we fixed the broken PDF download button in the PDF reader.
Note: In version 6.0 we started code signing the OS X bundle for Gatekeeper support. A side effect of this signature is that it makes it harder to compare the bundles we ship with the bundles produced using reproducible builds, therefore we plan to post instructions for removing the OS X code signing parts on our website soon. An other effect is that the incremental update will not be working for users who installed the previous version using the .dmg file, due to bug 19410. The internal updater should still work, though, doing a complete update.
Update (June 23, 12:38 UTC): We have still some users that report crashes on Facebook and mega.nz. We suspect this happens because those users are not using Tor Browser in its default configuration but have left the Private Browsing Mode. There are at least two workarounds for this: 1) Using a clean new Tor Browser 6.0.2 (including a new profile) solves the problem. 2) As files cached by those websites in the Tor Browser profile are causing the crashes, deleting them helps as well. See bug 19400 for more details in this regard.
Here is the full changelog since 6.0.1:
- All Platforms
- Bug 19348: Adapt to more than one build target on Windows (fixes updates)
- Bug 19276: Disable Xrender due to possible performance regressions
Today and tomorrow, the Electronic Frontier Foundation is partnering with the Tor Project and a broad coalition of groups for a Worldwide Day of Action protesting changes to Rule 41 of the US Federal Rules of Criminal Procedure. These changes will allow federal magistrate judges to grant search warrants to the Department of Justice (including the FBI) to legally hack into computing devices that use Tor or a VPN—-wherever the devices are--starting on December 1, 2016. EFF has organized a coalition of organizations and companies—from Fight for the Future to PayPal—to oppose these rules—but this is an uphill climb, and we need your help.
The broad search warrants allowable under these new rules will apply to people using Tor in any country—even if they are journalists, members of a legislature, or human rights activists. They will allow the FBI to hack into a person’s computer or phone remotely and search through and remove their data.
There are already examples of the FBI using one warrant to gain access to thousands of computers, and US Senator Ron Wyden has said that "Under the proposed rules, the government would now be able to obtain a single warrant to access and search thousands or millions of computers at once."
This pattern of abuse will only be exacerbated by more judges issuing these hacking warrants. The warrants must still be part of a criminal investigation and issued by a judge, but we're deeply concerned about the dramatic rise in government hacking this rule change is likely to cause.
The purpose of tomorrow’s Worldwide Day of Action is to educate people and mobilize them to act--either by signing a petition or emailing US Congress (depending on where they live). Then, members of US Congress will use this public pressure to try to pass the “Stop Mass Hacking Act” (#SMHAct), draft legislation that would block these rule changes.
Senator Wyden (D-OR) and a bipartisan group of members of Congress
are sponsoring this bill. They are deeply troubled that such sweeping infringement on personal privacy is happening through a seemingly trivial rule change.
Already, many Tor users can view the campaign banner on the Tor website and click through to sign the petition or contact US Congress. A special campaign website (NoGlobalWarrants.org) will launch starting at about 9:30 am UTC Tuesday. If the banner isn’t working for you, go directly to NoGlobalWarrants.org after that time.
Please sign the petition or contact Congress, and then tweet and retweet about this situation--all day if you can. Email your lists. Tell your friends. Tweet photos of yourself (or your cat) with a handwritten sign.
Do whatever you think will help get people to act.
Tor 0.2.8.4-rc has been released! You can download the source from the Tor website. Packages should be available over the next week or so.
Tor 0.2.8.4-rc is the first release candidate in the Tor 0.2.8 series. If we find no new bugs or regressions here, the first stable 0.2.8 release will be identical to it. It has a few small bugfixes against previous versions.
PLEASE NOTE: This is a release candidate. We think that we solved all
of the showstopper bugs, but crucial bugs may remain. Please only run
this release if you're willing to test and find bugs. If no
showstopper bugs are found, we'll be putting out 0.2.8.5 as a stable
Changes in version 0.2.8.4-rc - 2016-06-15
- Major bugfixes (user interface):
- Correctly give a warning in the cases where a relay is specified by nickname, and one such relay is found, but it is not officially Named. Fixes bug 19203; bugfix on 0.2.3.1-alpha.
- Minor features (build):
- Tor now builds once again with the recent OpenSSL 1.1 development branch (tested against 1.1.0-pre5 and 1.1.0-pre6-dev).