Tor at the Heart: Notes from a Board Member

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today!

Tor Saves Lives

by Cindy Cohn

I joined the Tor Board of Directors because Tor saves lives.

By allowing people to access knowledge, share information, organize and find communities of support in otherwise hostile environments, Tor represents one of the strongest examples of how technology can be marshaled to serve the causes of freedom, safety, liberty and human rights for people around the world. It’s easy enough to say: “speak truth to power” when the risks are low. To ensure that people can really do that in today’s digital world – where the stakes can be much, much higher – often requires some technical assistance. That’s where Tor comes in.

Before I started fighting for freedom online, I was a human rights lawyer. I spent time at the United Nations and helped organize a small NGO, called the Unrepresented Nations and Peoples Organization, which serves as a central hub for oppressed groups seeking a voice internationally. Its members range from the Ogoni in Nigeria to Tibetans to West Papuans. I saw first hand how hard it is to sneak information about human rights abuses out of repressive countries and how important it is to build networks of support inside and outside of those environments.

This experience is why, when I first learned about Tor, I immediately saw how it sits at the heart of ensuring that the world we’re building with digital technologies can be at least as much, if not more humane than the physical world. In addition to helping those facing government repression, Tor also serves as protection closer to home, and even inside the home for those seeking information and assistance to escape from domestic abuse. Tor of course has other uses, some good and some rotten, but that’s no different than most technologies. Even a hammer can be used to hit someone over the head. The difference is in what we do with it.

So when Shari Steele and I talked about how to usher Tor into its next phase, I offered to join with her to do it.

I have a core belief that those of us with access to power – be it personal, technical, legal or situational – have a duty to try to steer it toward empowering the people in the rest of the world to live better, safer and more free lives. That Tor exists demonstrates that many others share this core belief. The knowledge that there is a large posse of us building and supporting these tools, along with the courage shown by those who rely on Tor, keeps me energized.

There’s no doubt that a strong, well-run Tor can help more people. While the work of ensuring that the organization stays strong, stays on course, pays its bills and treats people well isn’t always the glamorous part, it’s necessary. For me, helping Tor do that well is how I help Tor save lives.

Please support the Tor Project!
Donate today!

Tor Messenger 0.3.0b2 is released

We are pleased to announce another public beta release of Tor Messenger. This release features important improvements to the stability and security of Instantbird. All users are encouraged to upgrade.

Tor Messenger 0.3.0b1 users will be automatically prompted to install the update (similar to Tor Browser). On installing and restarting, the update will be applied; your account settings and OTR keys will be preserved.


Please note that Tor Messenger is still in beta. The purpose of this release is to help test the application and provide feedback. At-risk users should not depend on it for their privacy and safety.

Linux (32-bit)

Linux (64-bit)




The sha256sums-signed-build.txt file containing hashes of the bundles is signed with the key 0xB01C8B006DA77FAA (fingerprint: E4AC D397 5427 A5BA 8450 A1BE B01C 8B00 6DA7 7FAA). Please verify the fingerprint from the signing keys page on Tor Project's website.


Tor Messenger 0.3.0b2 -- 29 December, 2016

  • All Platforms
    • Use the tor-browser-45.6.0esr-6.0-1-build1 tag on tor-browser
    • Use the THUNDERBIRD_45_6_0_RELEASE tag on comm-esr45
    • Update ctypes-otr to 0.0.4
    • Update tor-browser to 6.0.8
    • Don't allow javascript: links in themes
    • Permit storing cert. exceptions in private browsing mode
    • Bugzilla 1321420: Add a pref to disable JavaScript in browser requests
    • Bugzilla 1321641: Disable svg and mathml in content

Tor at the Heart: Qubes OS

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today!

Qubes OS

by Michael Carbone and Andrew David Wong

Qubes OS is a security and privacy-oriented free and open source operating system that provides you with a safe platform for communications and information management. Its architecture is built to enable you to define different security environments (or "qubes") on your computer to manage the various parts of your digital life, including safely using Tor.

"If you're serious about security, @QubesOS is the best OS available today. It's what I use, and free. Nobody does VM isolation better."
--- Edward Snowden

Qubes OS allows you to safely manage the different communications, data, and identities in your digital life in securely compartmentalized qubes. All of these qubes are integrated into a single desktop environment with unforgeable colored window borders so that you can easily identify applications and windows from different security environments.

Some features of Qubes OS include:

Safer anonymous browsing

Qubes incorporates Whonix to provide a safer way to use Tor Browser, by compartmentalizing the Tor Browser and Tor process in separate qubes. This means that if the Tor Browser is exploited, the attacker still cannot discover your real IP address, because the Tor Browser and its qube do not know your real IP address. Moreover, that compromise cannot spread from Tor Browser to the Tor process, since they are isolated in different qubes, so any other Tor-related activities you have in other qubes remain secure and private.

Enforce Tor use for non-Tor-aware applications

Once a qube is set to use the Tor network, all network traffic that leaves it is forced to go through Tor. This means that no matter which applications you use, they will not be able to leak your real IP address, even if they are not Tor-aware.

All software and OS updates through Tor

Qubes allows users to download all software and OS updates through Tor, which means that network attackers can't target you with malicious updates or selectively block you from receiving certain updates. In addition, downloading all updates through Tor preserves your privacy, since it prevents your ISP and package repositories from tracking which packages you install.

Robust and safe networking

In addition to easily running non-Tor-aware programs through the Tor network, you can -- at the same time -- have other qubes go through VPNs or be non-networked, for instance to enable easily accessible but offline storage of sensitive information like your password manager. Common attack vectors like network cards are isolated in their own hardware qube while their functionality is preserved through secure networking and firewalls.

Secure communications

Qubes is integrated with existing secure communications tools like Pretty Good Privacy (PGP) to provide security-in-depth and reduce user error. With Split-GPG functionality, a compromise of your email client does not enable an adversary to access your private PGP key.

Safely interact with untrusted media

You can open an untrusted attachment from your email client, and any potential malicious payload in the document is isolated to a separate disposable, non-networked qube. No information from that session can be sent to the attacker, since it is not connected to the internet, and after the document has been read, the entire domain is deleted. You can convert the PDF to a “trusted PDF” that is known not to be malicious, which you could then share with colleagues or save in an offline Documents qube for later reference. In the same way, a potentially malicious DOC file can be opened in a disposable qube that enables the user to edit the file, save it, and send it without providing an opportunity for potential computer compromise.

Windows integration

Many users still rely on Windows-based programs for their work. Qubes enables them to do so securely.

Physical security

Qubes also protects your computer against some physical attacks. If an adversary plugs a malicious USB device into your computer while you're not watching, it isn't game over. Qubes isolates the entire USB stack from the rest of the system. And if you want to dual-boot, or if your computer is seized at the border and then returned, you can tell whether a malicious bootloader was installed, so you know not to input your decryption password.

Smooth integration of qubes

Integrated file and clipboard copy and paste operations make it easy to work across various qubes without compromising security. The innovative Template system separates software installation from software use, allowing qubes to share a root filesystem without sacrificing security (and saving disk space).

There are many different ways to contribute to Qubes, including creating artwork, reporting bugs, editing documentation, making financial contributions and more. If your company would like to license Qubes, please contact the Qubes team.

Tor at the Heart: Whonix

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today!


Whonix is a privacy ecosystem that utilizes compartmentalization to provide a private, leak-resistant environment for many desktop computing activities. Whonix helps users use their favorite desktop applications anonymously. A web browser, IRC client, word processor, and more come pre-installed with safe defaults, and users can safely install custom applications and personalize their desktops with Whonix.

Whonix is designed to run inside a VM and to be paired with Tor. Whonix is composed of two or more virtual machines that run on top of an existing operating system. The primary purpose of this design is to isolate the critical Tor software from the risk-laden environments that often host user-applications, such as email clients and web browsers. Whonix consists of two parts: the first part solely runs Tor and acts as a gateway for a user's Internet traffic, called Whonix-Gateway. The other, called Whonix-Workstation, is for a user's work and is located on a completely isolated network. Even if the user's workstation is compromised with root privileges, it cannot easily reveal IP addresses or leak DNS requests or bypass Tor, because it has neither full knowledge nor control over where and how its traffic is routed. This is security by isolation, and it averts many threats posed by malware, misbehaving applications, and user error.

One of Whonix's core strengths is its flexibility. Whonix can run on Linux, MacOS, or Windows. It can torrify nearly any application's traffic running on nearly any operating system, and it doesn't depend on the application's cooperation. It can even isolate a server behind a Tor Hidden Service running on a separate OS. It can route traffic over VPNs, SSH tunnels, SOCKS proxies, and major anonymity networks, giving users flexibility in their system setups.

Whonix was originally built around compatibility-focused Virtualbox, then time-tested KVM was added as an option. Now Whonix is shipped-by-default with the advanced, security-focused virtualization platform QubesOS. Whonix even supports Qubes' DisposableVMs.

Whonix has a safe default configuration that includes a restrictive firewall, privacy-enhanced settings for Debian, AppArmor profiles, and pre-configured and stream isolated applications.

The Whonix team is currently focused on improving usability for new Whonix users. A Quick-Start Guide will be available shortly to allow users to install and try Whonix on most existing systems.

Whonix is based in Germany but has users and developers from around the world. Like many open-source projects, Whonix depends on the donations and contributions of supporters. It's easy to get involved!

Tor at the Heart: NetAidKit

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today!

by Menso Heus

The NetAidKit is a USB-powered router that connects to your wired or wireless network and helps you increase your privacy and beat online censorship for all your devices. Acting as a friendly man-in-the-middle, the NetAidKit is able to send all your network traffic over a VPN or Tor connection without needing to configure any of your devices. This also means that if you have specific hardware devices that are unable to run Tor, you can simple connect them to the NetAidKit to make all the traffic go over Tor anyway.

Free Press Unlimited and Radically Open Security developed the NetAidKit specifically for non-technical users, and the NetAidKit comes with an easy to use web interface that allows users to connect to Tor or upload OpenVPN configuration files and connect to VPN networks.

The NetAidKit transparently routes traffic over Tor. We believe this is a great (and free) way to circumvent censorship, but it obviously does not provide the same anonymity benefits that the Tor Browser Bundle provides. This is something we warn users about specifically every time they connect to Tor, recommending they also the Tor Browser Bundle if they wish to remain anonymous.

At the same time, by routing all traffic over Tor, NetAidKit provides a tool for users' e-mail, social media clients and other network applications to run over Tor as well, providing Tor's benefits to applications other than a browser.

The NetAidKit runs on OpenWRT and uses the OpenWRT tor client. Current challenges include getting the obfuscating protocols to work on the NetAidKit since it has a limited storage capacity. We hope that in 2017 we can improve Tor support further by collaborating with the Tor Project.

For more information and links to our Github repository, visit

Tor at the Heart: Tahoe-LAFS

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today!


Tahoe-LAFS is a free and open source decentralized data storage system, with provider-independent security and fine-grained access control. This means that data stored using Tahoe-LAFS remains confidential and retrievable even if some storage servers fail or are taken over by an attacker.

Using a Tahoe-LAFS client, you turn a large file into a redundant collection of shares referenced via a filecap. Shares are encrypted chunks of data distributed across many storage servers. A filecap is a short cryptographic string containing enough information to retrieve, re-assemble and decrypt the shares. Filecaps come in up to three variants: a read-cap, a verify-cap and (for mutable files) a write-cap.

Starting with version 1.12.0, Tahoe-LAFS has added Tor support to give users the option of connecting anonymously and to give node operators the option of offering anonymous services.

Data Storage

At the lowest level, Tahoe-LAFS is essentially a key-value store. The store uses relatively short strings (around 100 bytes) called capabilities as the keys and arbitrary binary data (up to "dozens of gigabytes" and beyond) for the values.

On top of the key-value store is built a file storage layer, with directories, allowing you to share sub-trees with others (without, for example, revealing the existence or contents of parent directories).

A "backup" command exists on top of the file storage layer, backing up a directory of files to the Grid. There is also a feature called "magic folder" built on top of the filesystem layer which automatically synchronizes a directory between two participants.


When adding a value, the client first encrypts it (with a symmetric key), then splits it into segments of manageable sizes, and then erasure-encodes these for redundancy. So, for example, a "2-of-3" erasure-encoding means that the segment is split into a total of 3 pieces, but any 2 of them are enough to reconstruct the original (read more about ZFEC). These segments then become shares, which are stored on particular Storage nodes. Storage nodes are a data repository for shares; users do not rely on them for integrity or confidentiality of the data.

Ultimately, the encryption-key and some information to help find the right Storage nodes become part of the "capability string" (read more about the encoding process). The important point is that a capability string is both necessary and sufficient to retrieve a value from the Grid -- the case where this will fail is when too many nodes have become unavailable (or gone offline) and you can no longer retrieve enough shares.

There are write-capabilities, read-capabilities and verify capabilities; one can be diminished into the "less authoritative" capabilities offline. That is, someone with a write-capability can turn it into a read-capability (without interacting with a server). A verify-capability can confirm the existence and integrity of a value, but not decrypt the contents. It is possible to put both mutable and immutable values into the Grid; naturally, immutable values don't have a write-capability at all.

Sharing Capabilities

You can share these capabilities to give others access to certain values in the Grid. For example, you could give the read-capability to your friend, and retain the write-cap for yourself: then you can keep updating the contents, but your friend is limited to passively seeing the changes. (They need to be connected to the same Grid).

To delete a value, you simply forget (i.e. delete) the capability string, after which it is impossible to recover the data. (Storage servers do have a way to garbage-collect unreferenced shares).

System Topology

In a Tahoe-LAFS system (usually called a Grid) there are three types of nodes: an Introducer, one or more Storage nodes and some number of Client nodes. A node can act as both a Storage and Client node at the same time.

An Introducer tells new clients about all the currently known Storage nodes. If all of the Introducers fail, new clients won't be able to discover the Storage servers but the Grid will continue to function normally for all existing users. Client nodes connect to all known Storage servers. It's also possible to run a Grid without any Introducers at all, by distributing a list of Storage servers out-of-band.

These connections use TLS via an object-capability system called Foolscap which is based on the ideas of the E Language. The important two things about this are: the transport is encrypted, and it does not rely on Certificate Authorities for security.

The storage redundancy also happens to enable faster downloads! Because the values are redundantly-stored across several Storage servers, a Client can download from many Storage servers at once (kind of like BitTorrent). For example, a "2-of-3" encoding means you need 2 shares to recover the original value, so you can download from 2 different Storage servers at once.

Tor Connections

Recently, Tahoe-LAFS has added full Tor support. This means the ability to make client-type connections over Tor -- for example, a Client connecting to an Introducer or a Client connecting to a Storage server and also the ability to listen as an Onion service for Introducer and Storage nodes is now possible! This allows for a fully Tor-ified Tahoe-LAFS Grid, where all network connections are done via Tor and the network locations of all participants are kept hidden by Tor.

One immediate advantage of using Tor is for users behind NAT (Network Address Translation) routers, such as most home users. Making a Storage node available over a Tor Onion service means users don't have to change firewall rules (or similar techniques, like STUN) in order for other users to connect to their Storage node. This is because all Tor connections are made out-bound to the Tor network.

While the Foolscap URIs used internally by Tahoe-LAFS already have integrity-assurance, the use of Onion services also provides benefits in the form of self-certifying network addresses: instead of, for example, relying on DNS and Certificate Authorities, a user receiving an Onion URI from a trusted source can be assured they're connecting to the intended service.

Some Grid operators may want assurance that all clients are using Tor to access their service. Setting up the Grid to listen only via Tor Onion Services provides such assurance. Of course, users running a Client can also choose to use Tor at their own option for connections to the Grid regardless of whether the Grid itself is using Tor onion services. This can help clients who are in hostile network environments reach their data in a secure way.

The Tahoe-LAFS Project is actively working towards an easy to use data- storage system that respects the user and Tor is a great compliment to that mission.

More Information

This short article only provides a brief overview of the Tahoe-LAFS system. We are always interested in attention to our cryptographic protocols or code! You can reach us on or on GitHub at and the IRC channel #tahoe-lafs on freenode.

Thanks to Chris Wood, Brian Warner, Liz Steininger and David Stainton for feedback on this post.

Tor at the Heart: OnionShare

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today!

By Micah Lee

In August 2013, David Miranda was detained for nine hours and searched at Heathrow Airport in London while he was trying to board a plane back home to Rio de Janeiro. Working on a journalism assignment for the Guardian, he was carrying an encrypted USB stick that contained classified government documents. When I first learned about this story, I knew there must be safer ways to move sensitive documents across the world than physically carrying them, one that didn’t involve putting individual people at risk from border agents and draconian “terrorism” laws that are used to stifle award-winning journalism.

Here’s how I would have done it: In Berlin (where the secret files originated), I would set up a local web server on my computer, that isn’t accessible from the internet. The only thing on the website would be a download link to an encrypted file that contained the secret documents. Then I would setup a Tor onion service -- one of the coolest and most under-appreciated technologies on the internet, in my opinion -- to make this simple website accessible from a special “.onion” domain name. I would send my colleague in Rio (in this case, Glenn Greenwald) the URL to the onion service. He would open it in Tor Browser and download the encrypted file. As soon as he finished the download, I would stop the local web server and remove the onion service, so it would no longer be on the internet at all.

Of course, the problem is that while this may be simple for seasoned nerds like myself, it’s not for many journalists, activists, or lawyers who run into similar problems on a regular basis. Inspired by this idea, I developed a simple and user-friendly open source tool called OnionShare that automates this process. You open OnionShare, drag some files into it, and click the “Start Sharing” button. After a moment, OnionShare gives you URL that looks something like http://4a7kqhcc7ko6a5rd.onion/logan-chopin. You send this URL to someone you’d like to share files with, and they load it using Tor Browser and download the files directly from the web server running on your computer. The moment the download is complete, OnionShare shuts down the web service, the URL no longer works, and the files you shared disappear from the internet. (Since OnionShare runs a server directly on your computer, this also means that your computer needs to be online for the URL to work -- if you suspend your laptop, for example, the URL won’t work until you get back online.)

Onionshare server side

Onionshare client side

I’m the developer of OnionShare, but I have no idea how many users it has. I consider this a feature. It’s completely decentralized, anonymous, and private. I don’t run a central service -- instead, every user runs their own short-lived service, often only for a few minutes, and that service disappears as soon as they finish sharing their files.

However, I do know that people use it. I use it on a regular basis myself while working on sensitive journalism projects with my colleagues at The Intercept. Sources use it to send me and other journalists documents. I’ve heard from digital security trainers that OnionShare is used by the Movement for Black Lives in the United States, and by activists in Latin America. A European human rights lawyer told me that their client in Africa used it to send them sensitive files.

What OnionShare protects against:

  • Third parties don't have access to files being shared. The files are hosted directly on the sender's computer and don't get uploaded to any server. Instead, the sender's computer becomes the server. Traditional ways of sending files, like in an email or using a cloud hosting service like Dropbox or Google Drive, require trusting the service with access to the files being shared.

  • Network eavesdroppers can't spy on files in transit. Because connections between Tor onion services and Tor Browser are end-to-end encrypted, no network attackers can eavesdrop on the shared files while the recipient is downloading them. If the eavesdropper is positioned on the sender's end, the recipient's end, or is a malicious Tor node, they will only see Tor encrypted traffic.

  • Anonymity of sender and recipient are protected by Tor. OnionShare and Tor Browser protect the anonymity of the users. As long as the sender anonymously communicates the OnionShare URL with the recipient, the recipient and eavesdroppers can't learn the identity of the sender.

  • If an attacker enumerates the onion service, the shared files remain safe. There have been attacks against the Tor network that can enumerate onion services. If someone discovers the .onion address of an OnionShare onion service, they still cannot download the shared files without knowing the full URL, and OnionShare has rate-limited to protect against attempts to guess the URL.

What OnionShare doesn't protect against:

  • Communicating the OnionShare URL might not be secure. The sender is responsible for securely communicating the OnionShare URL with the recipient. If they send it insecurely (such as through an email message, and their email is being monitored by an attacker), the eavesdropper will learn that they're sending files with OnionShare. If the attacker loads the URL in Tor Browser before the legitimate recipient gets to it, they can download the files being shared. If this risk fits the sender's threat model, they must find a more secure way to communicate the URL, such as in an encrypted email, chat, or voice call. This isn't necessary in cases where the files being shared aren't secret.

  • Communicating the OnionShare URL might not be anonymous. While OnionShare and Tor Browser allow for anonymously sending files, if the sender wishes to remain anonymous they must take extra steps to ensure this while communicating the OnionShare URL. For example, they might need to use Tor to create a new anonymous email or chat account, and only access it over Tor, to use for sharing the URL. This isn't necessary in cases where there's no need to protect anonymity, such as coworkers who know each other sharing work documents.

You can find the source code for OnionShare here, and you download it from its website here.

Tor at the Heart: OONI Highlights from 2016

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today!

In this post we provide some highlights from OONI, a project under The Tor Project.

The Open Observatory of Network Interference (OONI) is a free software project under The Tor Project that aims to uncover internet censorship around the world. Recently we published an overview of OONI which can be found here.

Today we are providing some OONI highlights from 2016. These include our research findings in collaboration with our partners, and the new features we have developed and released to meet our users’ needs.

Research findings

As part of the OONI Partnership Program we collaborate with various local and international non-profit organizations around the world on the study of internet censorship. Below we provide some highlights from our research findings this year.

Censorship during elections

  • Uganda: Facebook and Twitter blocked during 2016 general elections. In collaboration with DefendDefenders we examined the blocking of social media in Uganda during its 2016 general elections and when the country’s President was inaugurated. View our findings here.
  • Zambia: Internet censorship events during 2016 general elections. OONI monitored internet censorship events during Zambia’s 2016 general election period in collaboration with Strathmore University’s Centre for Intellectual Property and Information Technology Law (CIPIT). A full report of our study can be found here.
  • The Gambia: Internet shutdown during 2016 presidential election. We attempted to examine whether websites were blocked during the Gambia’s 2016 presidential election. Instead, we came across a country-wide internet blackout. View our findings here.
  • Venezuela: Blocking of sites during elections. IPYS conducted a study of internet censorship in Venezuela through the use of ooniprobe. Their full report can be found here.

Censorship during other political events

  • Ethiopia: Deep Packet Inspection (DPI) technology used to block media websites during major political protests. OONI joined forces with Amnesty International to examine internet censorship events during Ethiopia’s wave of protests. We not only detected DPI filtering technology, but we also found numerous sites - including news outlets,, LGBTI and human rights sites - to be tampered with. Now Ethiopia is in a state of emergency. Our report can be found here.
  • Turkey: Internet access disruptions during attempted military coup. In collaboration with RIPE Atlas we examined the throttling of social media in Turkey during the attempted military coup in July. View the findings here.
  • Ethiopia: Internet shutdown amidst political protests. Ethiopia’s government pulled the plug on the internet in the middle of heavy protests in August. We examined the internet shutdown in collaboration with Strathmore University’s Centre for Intellectual Property and Information Technology Law (CIPIT) and published our findings here.

Tor blocking

  • Egypt: Tor interference. Our community informed us that certain services were inaccessible in Egypt. We investigated the issue and also found Tor to be tampered with. View our findings here.
  • Belarus: Tor block. An anonymous cypherpunk helped us collect evidence of Tor blocking in Belarus. View the data here.

WhatsApp blocking and DNS censorship

  • Brazil: Blocking of WhatsApp. Thanks to Coding Rights who ran our newly developed WhatsApp test, we were able to detect and collect evidence of the blocking of WhatsApp in Brazil earlier this year. View the data here.
  • Malaysia: DNS blocking of news outlets,, and sites expressing political criticism. Following the 1MDB scandal, various news outlets were reportedly blocked in Malaysia. OONI joined forces with Sinar Project to examine and collect evidence of internet censorship events in Malaysia. Our report can be found here.

New releases

If you’ve known OONI for a while, you might be more familiar with ooniprobe as a command line tool. To meet our users’ needs, we developed a variety of features this year, including the following:

  • OONI Explorer: A global map to explore and interact with all of the network measurements that OONI has collected from 2012 to date.
  • Measurement API: Explore and analyze OONI’s data via its new API.
  • OONI web UI: Run censorship tests from your web browser!
  • WhatsApp & Facebook Messenger tests: Examine the reachability of WhatsApp and Facebook Messenger with OONI’s new tests!
  • Web Connectivity test: Examine DNS, TCP/IP, HTTP blocking of sites all in one test!
  • Lepidopter: Run ooniprobe from a Raspberry Pi!
  • OONI mobile: We have developed the beta version of ooniprobe for Android and iOS. Look out for ooniprobe’s mobile app in early 2017!

Over the last year, many non-profit organizations around the world have started running ooniprobe daily. The graph below illustrates the expansion of ooniprobe’s global coverage thanks to our users.

By supporting Tor, you’re also supporting the OONI project. Help us continue to increase transparency around internet censorship by donating to The Tor Project.

Written by Maria Xynou, OONI’s Research and Partnerships Coordinator.

Syndicate content Syndicate content