New Tor Browser Packages with Tor 0.2.3 upgrade

After a year of testing, new tor browser bundles which include the new stable branch of Tor are now available. A full changelog is available for every operating system.

The Tor 0.2.3.x stable branch represents over a year of work on improvements to the core Tor technology behind Tor Browser.

Tor Browser is available for download at

Software updates included in this release are:

Tor Browser Bundle (2.3.25-1)

  • Update Tor to
  • Update Firefox 10.0.11esr
  • Update Vidalia to 0.2.21
  • Update NoScript to 2.6.2

The Tor Project's position on the draft Communications Data Bill

The UK government has proposed a new bill which would allow UK law enforcement agencies to require that "telecommunication operators" (e.g. ISPs and website operators) intercept and record their users' traffic data (i.e. details of who is communicating with whom, when, from where, and how much, but not the content of communications). The draft of this bill, the Communications Data Bill (dubbed the "Snoopers' Charter" by some), has been published and has met widespread criticism for the unprecedented intrusion of privacy it would permit.

The impact on Tor is less than some have feared, because it is likely that The Tor Project is not a telecommunication operator for the purposes of the bill (because the nodes which carry data are not run by The Tor Project) and Tor's distributed architecture reduces the harm which may be caused by the compromise of traffic data. However, the proposed bill is still bad for privacy, especially for users of systems which don't offer the same protections as Tor, so I submitted written evidence to the parliamentary committee investigating the bill, on behalf of the Tor Project.

Our submission gave an introduction to Tor, how it works, and how it is used, and in particular how important Tor was for maintaining the safety of human rights activists working in repressive regimes. The submission also discusses the risks of the proposed bill, especially the harm which would come if traffic data collected were compromised (as happened to Google) or interception equipment installed for complying with the bill were enabled without authorization (as happend to Vodafone in Greece).

Our submission has been published with the others, and I was also invited to give evidence to the committee in person. The transcript of this session has been published with some minor redactions requested by other companies presenting evidence, but none of my answers have been redacted. Further information about the activities of this committee, including transcripts of other sessions, can be found on committee's page.

Based on the discussions which have taken place, it appears that the committee has serious reservations about the bill but we will not know for sure until the committee publishes their report, expected within a few weeks. Efforts to campaign against the bill continue, particularly by the Open Rights Group.

We are hiring support assistants and translators!

Your job is to handle support requests via our ticketing system and our new Q&A website, as well as make sure translations for software and documentation are up to date. This is a part-time contractor position starting in Q4 2012 and renewing quarterly.

We are looking for candidates who are fluent in one of Arabic, French, Mandarin, Burmese, Vietnamese, Spanish, and English. All must be fluent in English.

See the full job description for more information.

Updated Tor Cloud images

The Tor Cloud images for all the eight regions have been updated with a minor fix in the rc.local script. In addition, all private bridge images now include Obfsproxy. You will not need to start a new instance if you are already running a Tor Cloud instance with Ubuntu Precise.

Tails 0.15 is out!

Tails, The Amnesic Incognito Live System, version 0.15, is out.

All users must upgrade as soon as possible.

Download it now

Thank you, and congrats, to everyone who helped make this happen!


Notable user-visible changes include:

  • Tor
  • Major new features
  • Minor improvements
    • Add the Hangul (Korean) Input Method Engine for SCIM.
    • Preliminary support for some OpenPGP SmartCard readers.
    • Support printers that need HPIJS PPD and/or the IJS driver.
    • Optimize fonts display for LCD.
    • Update TrueCrypt to version 7.1a.
  • Bugfixes
    • Fix gpgApplet menu display in Windows camouflage mode.
    • Fix Tor reaching an inactive state if it is restarted in "bridge mode",
      e.g. during the time synchronization process.
  • Iceweasel
    • Update iceweasel to 10.0.11esr-1+tails1.
    • Update HTTPS Everywhere to version 3.0.4.
    • Update NoScript to version 2.6.
    • Fix bookmark to I2P router console.
  • Localization
    • The Tails USB installer, tails-persistence-setup and tails-greeter
      are now translated into Bulgarian.
    • Update Chinese translation for tails-greeter.
    • Update Euskadi translation for WhisperBack.

Plus the usual bunch of bug reports and minor improvements.

See the online Changelog for technical details.

Don't hesitate to get in touch with us.

Transparency, openness, and our 2011 financial docs

After our standard audit, our 2011 state and federal tax filings are available. We publish all of our related tax documents because we believe in transparency. All US non-profit organizations are required by law to make their tax filings available to the public on request by US citizens. We want to make them available for all.

Part of our transparency is simply publishing the tax documents for your review. The other part is publishing what we're working on in detail. We hope you'll join us in furthering our mission (a) to develop, improve and distribute free, publicly available tools and programs that promote free speech, free expression, civic engagement and privacy rights online; (b) to conduct scientific research regarding, and to promote the use of and knowledge about, such tools, programs and related issues around the world; (c) to educate the general public around the world about privacy rights and anonymity issues connected to Internet use.

All of this means you can look through all of our source code, including our design documents, and all open tasks, enhancements, and bugs available on our tracking system. Our research reports are available as well. From a technical perspective, all of this free software, documentation, and code allows you and others to assess the safety and trustworthiness of our research and development. On another level, we have a 10 year track record of doing high quality work, saying what we're going to do, and doing what we said.

The world is moving towards new norms for reduced personal privacy and control. This makes anonymity all that more rare and valuable. Please help keep us going through getting involved, donations, or advocating for a free Internet with privacy, anonymity, and keeping control of your identity.

Employers Against Domestic Violence and Technology Panel

I was invited by Employers Against Domestic Violence to give a talk about technology and stalking as part of a larger panel.

On Friday the 16th, I presented Tor and our work with victims of abuse and stalking to around 50 people. Most of my full presentation covered the basics of Tor, a demo of Tails Live System, and then some user stories. Most of the people in the audience were already DV advocates and aware of the way technology is used to harm or manipulate others. The user stories have come from a number of places, between phone calls, email support, and actually being out in the world talking to survivors or advocates who want to help.

I co-presented with Sarah from Abine and Valenda from Greater Boston Legal Services. All three of our presentations can be found on Tor's people server.

Afterwards, a number of people came up to me to ask about getting Tails or Tor Browser, or to simply introduce themselves. I met a cyber-stalking survivor I've only helped via email and phone over the past year or so. I look forward to doing more of these types of events locally.

Scripps J School at Ohio University Trip Report

Ohio University EW Scripps Journalism School Trip Report for 07 to 09 November 2012

Danny O'Brien of Committee to Protect Journalists and I were invited to talk to journalism students at the E.W. Scripps School of Journalism in Ohio University. The topics were around computer security risks and protections from the perspective of journalists. CPJ maintains a great guide for reporters to survive dangerous situations appropriately called the Journalist Security Guide. This covers both offline and online situations. My role was to highlight the experience of Tor, what we've seen, and how we've protected both citizen and professional journalists the world over. I also covered using Tails as one tool in your toolbox to let you do the work of a journalist from anywhere.

Andy Alexander was our host for the three days. We started off with a great dinner to share information about what both Danny and I have learned over the past few years in working with journalists. Andy has a long career of experience in foreign correspondence and reporting. His experiences covering a few decades highlight the need for journalists to learn how to protect themselves when reporting anywhere in the world.

The next day was a first-year class about journalism in general. Danny and I presented to around 200 students. The computer couldn't read my USB drive, so I couldn't use my presentation, rather I used the website to quickly cover Tor, how it works, and why journalists should care. I then discussed a range of attacks against an individual from fairly basic malware infections through more advanced traffic analysis and content swapping. My PirateBox did work, so anyone could get the presentations and copies of Tor locally if they so desired.

We had a great lunch with Professor Kalyango and then head off to WOUB for a 30 minute podcast/radio interview.

Afterwards, we went off to the main panel event to talk to fourth year and graduate students about online security and the risks for journalists. Once again, the USB drive couldn't be read, but the PirateBox worked fine. The lecture lasted around 90 minutes with a Q&A session. Unlike the freshman class, a number of people had questions or wanted to verify what Danny and I stated.

We were then taken out to dinner by the top students at the J School. It was a great Middle Eastern kabob place to have an hour of discussions with the students.

And thanks to Lindsay for getting up at 06:30 to drive me to the airport and for the great discussion along the way. I look forward to reading her dispatches from East Africa in the near future.

Also published via email at

Syndicate content Syndicate content