Hidden Services, Current Events, and Freedom Hosting

Around midnight on August 4th we were notified by a few people that a large number of hidden service addresses have disappeared from the Tor Network. There are a variety of rumors about a hosting company for hidden services: that it is suddenly offline, has been breached, or attackers have placed a javascript exploit on their web site.

A Hidden service is a server – often delivering web pages – that is reachable only through the Tor network. While most people know that the Tor network with its thousands of volunteer-run nodes provides anonymity for users who don´t want to be tracked and identified on the internet, the lesser-known hidden service feature of Tor provides anonymity also for the server operator.

Anyone can run hidden services, and many do. We use them internally at The Tor Project to offer our developers anonymous access to services such as SSH, IRC, HTTP, and our bug tracker. Other organizations run hidden services to protect dissidents, activists, and protect the anonymity of users trying to find help for suicide prevention, domestic violence, and abuse-recovery. Whistleblowers and journalists use hidden services to exchange information in a secure and anonymous way and publish critical information in a way that is not easily traced back to them. The New Yorker's Strongbox is one public example.

Hidden service addresses, aka the dot onion domain, are cryptographically and automatically generated by the tor software. They look like this http://idnxcnkne4qt76tg.onion/, which is our website as a hidden service.

There is no central repository nor registry of addresses. The dot onion address is both the name and routing address for the services hosted at the dot onion. The Tor network uses the .onion-address to direct requests to the hidden server and route back the data from the hidden server to the anonymous user. The design of the Tor network ensures that the user can not know where the server is located and the server can not find out the IP-address of the user, except by intentional malicious means like hidden tracking code embedded in the web pages delivered by the server. Additionally, the design of the Tor network, which is run by thousands of volunteers, ensures that it is impossible to censor or block certain .onion-addresses.

The person, or persons, who run Freedom Hosting are in no way affiliated or connected to The Tor Project, Inc., the organization coordinating the development of the Tor software and research. In the past, adversarial organizations have skipped trying to break Tor hidden services and instead attacked the software running at the server behind the dot onion address. Exploits for PHP, Apache, MySQL, and other software are far more common than exploits for Tor. The current news indicates that someone has exploited the software behind Freedom Hosting. From what is known so far, the breach was used to configure the server in a way that it injects some sort of javascript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect user's computers. The malware payload could be trying to exploit potential bugs in Firefox 17 ESR, on which our Tor Browser is based. We're investigating these bugs and will fix
them if we can.

As for now, one of multiple hidden service hosting companies appears to be down. There are lots of rumors and speculation as to what's happened. We're reading the same news and threads you are and don't have any insider information. We'll keep you updated as details become available.

EDIT: See our next blog post for more details about the attack.

Tor Weekly News — July, 31st 2013

Welcome to the 5th issue of Tor Weekly News, the weekly newsletter that covers what is happening in the busy Tor community.

Summer Developer Meeting Wrap-up

The 2013 summer Tor development meeting happened at the Technische Universität München. There were no formal talks during the meeting itself, but slides were still involved!

New minutes from sessions to add to those covered in the last edition have been posted to the wiki. This includes a second discussion on Pluggable Transports, the role of the Research Director, a summary of discussions with cryptographers Tanja Lange and djb about the cryptographic aspects of Tor, timesheets for Tor contractors and mailing-lists.

Christian Grothoff organized a talk with Roger Dingledine and Jacob Appelbaum at the university. Their initial topic was the censorship arms race, but given the up-to-date knowledge of the students and other attendees, the talk got turned into a marathon 4-hour long Q&A session! Thanks to Christian, the video is available from the GNUnet website.

The following day was dedicated to more concrete hands-on discussions and coding. The public hackfest was well-attended, with more than 70 people focusing on everything to do with Tor. Some attendees had even traveled several hundred kilometers to be there! Discussions popped up everywhere, code was written and some newcomers were introduced to the many elements that make up the Tor project. Thanks to everyone who showed up!

Comparing handshake protocols for Tor: Ace vs ntor

In WPES ’12, Esfandiar Mohammadi and Aniket Kate introduced Ace, an alternative for Tor’s current handshake protocol ntor.

Ace was already discussed on tor-dev at the end of 2012, “but back then, no implementation for the double scalar multiplication operation (a * b + c * d) on Curve25519 was available. But recently, Robert Ransom implemented in his celator library a highly efficient double scalar multiplication which is suitable for our handshake protocol Ace”, wrote Esfandiar.

From the comparative benchmarks that Shivanker Goel implemented and ran, using Ace could improve speed and CPU load compared to the current ntor implementation. Esfandiar Mohammadi’s email on tor-talk contains the methodology, remarks and concrete numbers.

The code for the benchmark is available online along with a Tor-style proposal or improving circuit-creation key exchange using Ace.

New Globe web application to explore the Tor network

Christian made his Globe web application available at a new location. Globe is quite similar to Atlas, and in fact uses the same data, but it also allows searching for bridges and is slightly more user-friendly.

Globe now uses dygraphs as a graphing engine which makes it even easier to select time intervals for its graphs. Feel free to try out Globe and give feedback on its bug tracker.

Tor at OHM2013 — Netherlands

Several members of the Tor community will be at OHM2013: Observe, Hack, Make: “A five day outdoor international camping festival for hackers, makers, and those with an inquisitive mind”, according to their website. The event starts tomorrow with a few Tor-related meetings and activities.

Tom Lowenthal will be holding a social event at the Noisy Square village for Tor contributors and relay operators on August, 1st at 14:00.

Later that day, Tom will also go through “the development work, advocacy help, coordination, system administration, outreach, community support, and other things that you can do to help the Tor Project grow and improve” in the Lovelace Tent at 22:00.

Fabio Pietrosanti invited anyone interested to attend the Tor2Web meeting to: “outlook what we’ve done, how the network growth up discussing which could be the next major milestones to be reached in terms of software, network development, community involvement and fundraising.”

Last but not least, Moritz Bartl from will be around with Tor stickers and posters, as well as collecting donations to create new exit nodes. Look around the Noisy Square!

Miscellaneous development news

GSoC students sent out a new round of status reports. Johannes Fürmann had made great progress on the framework for EvilGenius — a way to simulate censorship events: “The Genius is there, all we have to do now is make it more evil.”

Cristian-Matei Toader is moving forward on limiting the set of allowed system calls by the tor daemon.

ra_ sucessfully now has a “rttprober” script to measure the RTT of Tor circuits.

Kostas Jakeliunas has a clean code base for the Tor Metrics Archive project that can import archival data and be queried with an Onionoo-like interface.

Hareesan did a quick report on the steganography browser extension.

Chang Lan Status has returned to report some progress on the HTTP pluggable transport.

Karsten Loesing added a new “fields” parameter to Onionoo. It can be used to restrict the response size when only a specific set of attributes are needed. This feature is used by the bubble graphs showing diversity of the Tor network wrote by Lunar. The latter are now available on the metrics website, thanks to Karsten.

Kevin P Dyer released Format-Transforming Encryption Pluggable Transport version v0.1.2-alpha. Source code, documentation and builds are available on the FTE website.

Damian Johnson has released two new monitoring scripts based on the remote descriptor fetching support recently added to Stem: one to check for malformed content in the descriptors, the other to monitor sudden influxes of new relays (potential Sybil attacks).

This issue of Tor Weekly News has been assembled by Lunar, dope457, malaparte, harmony, and Karsten Loesing.

Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing-list if you want to get involved!

Tor Weekly News — July, 24th 2013

Welcome to the 4th issue of Tor Weekly News, the weekly newsletter that covers what is happening in the great Tor community.

The next newsletter is going to be posted to the resurrected tor-news mailing-list. Just subscribe!

Summer Development Meeting 2013

About 40 core Tor contributors gathered over July 22-23 at the Technische Universität München in Germany for this year's Summer Development Meeting. That's quite a number, and as could be expected, there are a huge number of topics up for discussion — the brainstorming session generated around 150. Gunner from Aspiration Tech is once again facilitating the meeting, helping everyone focus on the most pressing issues.

Rough notes from some of the break-out sessions are now up on the wiki. A list of the topics and a brief summary of the discussions are given below:

  • Love for volunteers: strategies for outreach and long-term support; identifying where they're most needed
  • Censorship and pluggable transports: documenting the now-large number of pluggable transports; discussing countries' differing censorship strategies
  • Fundraising: funding outlook seems to be positive, although diversity in funding sources is needed to reduce dependency on single institutions like the US Government
  • Website Translation: notes from a discussion which led to the definition of a new translation review process and a list of actionables
  • Service infrastructure: multiple fundamental services could use some more love: GetTor (TBB by email), website, Trac,, BridgeDB; shutting down unmaintained services
  • Operational security: random notes on OpSec for Tor people

On the sidelines of the dev meeting, Roger and Jake are doing a public talk on the topic of Tor and the Censorship Arms Race.

If you want to meet people who spend their day making Tor a reality, you can join them for a public hack day on Friday, July 26, 2013. Bring your ideas, questions, projects, and technical expertise with you!

Remote descriptor fetching in Stem

Damian Johnson announced having implemented remote descriptor fetching in Stem, a feature to migrate more metrics measurement tools to Python. “Its usage is pleasantly simple” wrote Damian. See for yourself in the excellent documentation!

Orbot 12.0.1 call for beta testing

After a long interval, Nathan Freitas announced the release of a new version of Orbot — a client for the Tor network on Android mobile devices. For Orbot 12.0.1, the developers have “switched versioning styles to a simpler major.minor.bugfix model”, wrote Nathan.

He continues with a call for testing: “Since we haven't done a release in a while, and we have some new build tools, I mostly want to make sure I have not done something terribly wrong in the build process. Please confirm back if you are able to successfully use this release.”

Updates in 12.0.1:

  • Updated to Tor
  • flashy screen bug fixed now shows traffic
  • Stats in notification area
  • better handling of preference settings
  • Changes added superuser permission for Cyanogen

You can download and start testing this release.

Miscellaneous development news

Lunar reported on the trip to Brussels for LSM 2013. To sum it up, “people are really supportive of what we do these days”.

anonym outlined the release schedule for Tails 0.20.

intrigeri announced that Tails has switched to a more conventional task manager. It might now be easier for you to see what needs to be done. Have a look at the current list of 496 open issues, there might be something waiting just for you.

Tor developers would love to find an easier way to debug tor when the daemon crashes. Nick Mathewson came up with an initial piece of code that could (when complete) dump stack traces on assertion, crash, or general trouble to the logs. There's more work to be done before it can be merged in Tor. Feel free to help — especially if you know how to do this on Windows or BSD.

Nick Mathewson along with Andrea created a wiki page for initial 0.2.5 series ticket triage. If you have your own agenda for 0.2.5, you should be talking to them now!

Kostas Jakeliunas reported on their GSoC project about producing a searchable metrics archive.

Arturo reported on his activities on Ooni probe in June.

Pierre Lalet announced that he started working on an implementation of the Tor protocol in Python. The intent is to have an independent implementation to test Tor. As the author puts it, "the purpose is NOT to implement a secure or robust implementation that could be an alternative to Tor." Have a look at the code: "Comments, fixes and questions welcome!"

This issue of Tor Weekly News has been assembled by Lunar, dope457, harmony, moskvax, malaparte, whabib, and David Fifield.

Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing-list if you want to get involved!

Tor Weekly News — July, 17th 2013

Welcome to the third issue of Tor Weekly News, the weekly newsletter meant to cover what is happening in the amazing Tor community.

Last call for testing Tor 0.2.4 branch

Roger Dingledine notified tor-talk that there are new versions of the Tor Browser Bundle, dubbed 2.4.15-beta-1, that are ready to be tested: “If all goes well, we‘ll be calling the Tor 0.2.4 branch stable very soon. So now is the perfect time to let us know that it broke for you.”

He also added “to be clear, it is the Tor part of the Tor Browser Bundle that needs testing. We know there are a growing pile of bugs in Vidalia, as well as a set of issues in Torbutton. Both of these should improve with the TBB 3.0 release. But that is a separate thread.”

Tor Hack Day, Munich, Germany

Meet the people who spend their day making Tor a reality. Join them for a public hack day on Friday, July 26, 2013 in Munich, Germany at the Technische Universität München.

The agenda and conversations will be determined by you and Tor‘s team of developers and researchers — so bring your ideas, questions, projects, and technical expertise with you!

13th Privacy Enhancing Technologies Symposium

Many academic researchers and students interested in anonymity are already working with Tor. They also are part of a broader community of academics that gather every year during the Privacy Enhancing Technologies Symposium. The 13th edition was held in Bloomington, Indiana, USA and was again well attended.

Several Tor developers were among the crowd of around 130 attendees (this makes it a new record or very close). On the first day, the first workshop on Privacy Enhancing Tools (PETools) was held, in which Roger Dingledine was invited to talk about “Lessons from Tor: How to Help Developers and Researchers Improve your Privacy Tool.”

During the next two days, researchers presented the selected papers. Two of them are directly relevant to the development of the Tor network:

Mashael Alsabah, Kevin Bauer, Tariq Elahi, and Ian Goldberg presented Conflux, “a dynamic traffic-splitting approach that assigns traffic to an overlay path based on its measured latency. […] Conflux considerably increases performance for clients using low-bandwidth bridges.” A thread on tor-talk discusses effects of Conflux on website fingerprinting.

John Geddes, Rob Jansen, and Nicholas Hopper studied balancing performance with anonymity in Tor. They have “investigated the effects of proposed [performance enhancing] modifications on attacks that rely on network measurements as a side channel.” The paper concluded with “an analysis of the total reduction in anonymity that clients face due to
each proposed mechanism.”

Other papers are relevant to the wider set of Tor problems:

David Fifield, Gabi Nakibly, and Dan Boneh have looked at web-based online scanning service […] that can be covertly used as proxies in a censorship circumvention system The system they describe is already “available as an experimental rendezvous for the flash proxy system and is part of Tor’s pluggable-transports web browser bundles starting with the 2.4.11-alpha-1 release.”

Amir Houmansadr and Nikita Borisov presented an analysis of how practical it is to reliably fingerprint millions of network flows by tagging only as few as tens of packets from each flow.

An extra day was dedicated to the HotPETs workshop, intended to “foster new ideas, spirited debates, and controversial perspectives on privacy (and lack thereof).” Among other interesting submissions, Wenxuan Zhou, Amir Houmansadr, Matthew Caesar, and Nikita Borisov presented SWEET, a way to encapsulate “a censored user’s traffic inside email messages that are carried over by typical email service providers.”

All papers presented during the conference are available for download from the program page.

The next edition of PETS will be help July 16-18, 2014, in Amsterdam.

Hardware for high bandwidth relay

Andreas Fink asked for hints on hardware that could support “big fat tor exit nodes connected with multiple 1gbps or 10gps links.”

Andy Isaacson answered that Noisetor uses “most of a 4-core X3350 2.6 GHz to push ~500 Mbps symmetric. That‘s without AES-NI.” Mike Perry and Moritz Bartl then both confirmed that modern Intel Xeon CPUs with AES-NI could do 300 Mbit/s per core.

Blocking GFW probes on the firewall

Marek Majkowski suggests how to resist Chinese effort to scan Tor relays and bridges using a firewall. Somewhere in the past month the Great Firewall of China started to actively probe the destination of any traffic that looked like a Tor bridge, plain or obfs2. If a handshake is successful, the connection is reset and the bridge address put on a blacklist.

As the probe sequence is static, Marek identified the incoming connection and gave rules for the netfilter Linux firewall to filter them out.

If you run a bridge under Linux, please give them a try!

Is it worth running a relay on a home broadband connection?

Nick asked on the tor-relays mailing-list: “I have a reasonable ADSL connection, and a little always-on server. The bandwidth is in the region of 2Mib/s down, something less up (maybe 256Kib/s). Is it useful for me to run a tor relay with this bandwidth?”

Lunar pointed out that a relay with this capacity was “likely to be selected as a middle node 1 time out of 10000 circuits, if not less…”

Roger Dingledine drew the cut: “at this point if you‘re at least 800kbit (100KBytes/s) each way, it‘s useful to be a relay.” He also detailed the current thresholds for the Stable and Guard flags.

Roger mentioned connections can still be of use though: ”a bridge is a fine thing to run on a connection with 250KBytes down and 32KBytes up.” And maybe even more in the future as “we might end up with a system like Conflux to let you glue together two slow bridges and get better throughput.”

Using Mumble with Tor

David H. wrote a tutorial on how to configure Mumble to use the Tor network on Ubuntu. This tutorial includes setting up a server using Amazon EC2. During the discussion, adrelanos came up with his own tutorial on anonymous VoIP which focuses on installing Mumble on Whonix behind an hidden service.

Feel free to follow the discussion on tor-talk.

Miscellaneous development news

OONI has published a detailed report on how Zambia is currently censoring the grass roots online newspaper Zambian Watchdog.

Nick Mathewson merged a way to mock C functions in tor unit tests. The “mocking methodology” has been described as “the simplest thing that could work — it‘s one of the ones that festoon the code with macro salad, and uglifies the declarations of functions that are going to get mocked. It has the advantage of being portable, robust, and comprehensible.”

Runa A. Sandvik announced that she has disabled translations for Vidalia on Transifex as “translators should not work on resources which are currently not being maintained by a developer.”

Three GSoC students have sent updates: Johannes Fürmann on the EvilGenius censorship simulation project, Robert on Tor path generation and Stream-RTT probing, and Hareesan on the steganography browser addon.

This issue of Tor Weekly News has been assembled by Lunar, luttigdev, dope457, whabib, Karsten Loesing, and Roger Dingledine.

Want to continue reading TWN? Please help us create this newsletter. We really need more volunteer writers who watch the Tor community and report important news. Please see the project page and write down your name if you want to get involved!

Lead Automation Engineer Job Posting


Tor is looking for a Lead QA/automation engineer!

We want to deploy nightly builds and continuous integration for as many of our key software components and platform combinations as possible. Your job would be build and deploy the initial functional versions of a wide range of testing frameworks and continuous integration systems.

This is a contract position. Candidates are expected to be capable of taking the lead in selecting, deploying, and maintaining multiple automation systems in several different programming languages.

Candidates should also be capable of reproducing bugs and writing new reproduction test cases for one or more of the testing frameworks. Eventually, we hope to add additional staff to assist in this project, but to start, you will be expected to prioritize your own work such that the most important tasks get attention first, without letting any specific core component starve for attention.

For more details, including information on how to apply, see the job posting:

Tor Weekly News — July, 10th 2013

Welcome to the second issue of Tor Weekly News, the weekly newsletter meant to cover what is happening in the great Tor community.

First release candidate for Tor 0.2.4.x series

On July 3rd, Roger Dingledine announced the release of Tor As “rc” suggests, it is the first release candidate for the 0.2.4.x series. This version fixes a few smaller bugs over the latest alpha, but “generally appears stable,” Roger noted.

Some highlights of changes from 0.2.3.x:

  • bridges now report the pluggable transports they support to the bridge authority (#3589),
  • IPv6 support (#5534, #5535, #6362, #6363),
  • automatically forward the TCP ports of pluggable transport proxies using tor-fw-helper if PortForwarding is enabled (#6522),
  • switch to a nonrecursive Makefile structure. Where available, now use automake’s “silent” make rules by default (#4567),
  • many, many more small improvements and fixes.

Please download it and test widely and wildly.

New vulnerability in Tor Browser Bundle 2.3.25-10?

An anonymous reporter reported a potential leak when using the Tor Browser Bundle on Windows. If Microsoft Security Essentials or another cloud based anti-virus solution is configured, downloads will automatically be sent to these external providers — bypassing Tor — once complete.

The reporter suggested setting the property to false to prevent anti-virus solutions from starting without user interaction.

The Tor Project is hiring a Lead Automation Engineer

Do you have experience programming in multiple languages, including Java, Python/Ruby, shell scripting, and JavaScript?

The Tor Project opened a new position as Lead Automation Engineer. The project seeks to deploy nightly builds and continuous integration for as many of its key software components and platform combinations as possible. Mike Perry wrote, “Candidates are expected to be capable of taking the lead in selecting, deploying, and maintaining multiple automation systems in several different programming languages.”

For more details, including information on how to apply, see the job posting. outage

As Andrew Lewman wrote on Thursday, July 4th, “over the past 24 hours has been unavailable due to excessive DNS queries to the exitlist service. It seems there are a number of individuals and companies with commercial products relying upon this volunteer service. We finally hit the point where we couldn’t keep up with the queries and simply disabled the service”.

At the time of writing, the service is again available, but the project might “take it down as needed without notice.”

‘’ is no longer the homepage for Tails since January of this year. The Tor Browser Bundle will also switch to a new homepage in version 3, currently in alpha stage.

Other software or services that depend on should either migrate away or run their own version using the source code for the web page. It is supported by a database of running exit nodes that can be queried through DNS.

If you wish to help, one need is to make it easier for third parties to get their own “check” service running. This means getting the service more modular and improving TorDNSEL or finishing TorBEL. Someone must also write documentation that is easy to follow.

An experimental transparent Tor proxy for Windows

basil announced a new experimental transparent Tor proxy for using Tor on Windows: “1) It (transparently) reroutes all HTTP traffic through the Tor anonymity network; and 2) It blocks all non-Tor traffic (including DNS) to and from your computer.”

The project is currently dubbed TorWall but the name is likely to change as it is problematic regarding the Tor trademark and Roger pointed out that there is already a discontinued project called Torwall. Roger also pointed out that transparent proxying might not be the best solutions “on the theory that if the given application isn’t specifically configured to use Tor, it’s probably going to screw up privacy-wise.”

basil answered by stating that the project was “really for those who know and understand the risks (possibly a very limited market?).” Feel free to give it a try if you do!

Theft of Tor relay private keys?

On Tuesday, July 2nd, Thomas H. expressed concern about a hypothetical attacker breaking into a large number of nodes and stealing their private keys, combined with gathering all the traffic possible. “Wouldn’t this increase the likelihood that data from complete circuits can be decrypted and traced back to the original sender?”

In response to this question, Mike Perry admits that he shares Thomas’ concerns: “If their intercepts are passive, merely stealing relays’ private identity key won’t accomplish much because Tor uses Forward Secrecy for both the relay TLS links and for circuit setup. However, if their intercepts are active (as in they can arbitrarily manipulate traffic in-flight), then stealing either Guard node keys or directory authority keys allows complete route capture and traffic discovery of targeted clients”.

To avoid this danger, Mike Perry has previously suggested “changes to Tor to make such key theft easier to detect, less damaging, and harder to make use of” (see #7126, #5968).

Mike also supports the idea of regular identity key rotation for relays. He would like to see support for default key rotation in the future.

Mike pointed out that currently changing an identity key too frequently has several disadvantages for the Tor network: “First, it takes the bandwidth measurement servers a couple days to ramp up your capacity of your new identity key, so you will spend a lot of time below your max throughput. Second, you would also likely never get the Guard flag. Third, there are also load balancing issues with Guard nodes where as soon as you get the Guard flag, it will take 1-2 months before clients switch to your new Guard, so you will also likely spend that time at less than your full capacity.”

If you are operating a relay, please check the wiki page with tips for enhancing the relay’s security.

A new interface to explore the Tor network

On June 25th, Christian (makepanic) announced a new web application to explore the Tor network. Based on the Ember.js framework, it uses data from Onionoo to display information about Tor relays and bridges.

As Karsten pointed out, this tool already has the same set of features as Atlas — the current recommended way to get details about relays — and even a few more: it can “list 10 fastest relays on start page” and “show bridge details”. As Onionoo was designed exactly to offer a backend for various visualization tools, Karsten thinks “it’s fine to have more than one website providing access to Onionoo data. Yay, diversity.”

Feel free to play with Tor Onionoo search or have a look at its source code.

Miscellaneous development news

Karsten Loesing has updated GeoIP databases for Tor and Onionoo to July MaxMind databases without their A1 Anonymous Proxy ranges. See #6266 for more details on why and how we need to fix the data released by MaxMind.

It looks like the ‘start-tor-browser’ shell script cannot be used to start the Tor Browser from the graphical file manager on Ubuntu 13.04. If you have any great ideas, please chime in.

If you can write C code, you could make the lives of many relay operators easier by making tor configuration accept “bit/s” on top of the current “byte/s” [43]. The former, being more commonly used by network operators to describe bandwidth, could reduce a common case of confusion. It looks like a patch would be pretty simple!

Work has started on a pluggable transport that would combine the traffic obfuscation properties of obfsproxy with the address diversity of Flashproxy.

intrigeri has announced two “low-hanging fruits” sessions for Tails. Feel free to join the #tails IRC channel on July 11th at 8:00 UTC or on July 13, 2013, at 7:00 UTC. “Everyone interested in contributing to Tails is warmly welcome to join! The idea is to spend a while together on many small tasks that take less than 2 hours each, and are waiting in our TODO list for too long.” He also gave a list of candidate tasks.

As Erinn Clark pointed out, the 3.x branch of Tor Browser is currently missing a map of relays similar to the one shown in Vidalia. The latter can be kept as a separate application, but this specific bit of functionality might simply be implementable using web technologies. Care to give it a try?

More monthly status reports for June 2013

Continuing from last week, more monthly reports are now available for June 2013: George Kadianakis, Aaron G., Runa A. Sandvik, Mike Perry, Karsten Loesing, Tails folks, and the Tor help desk.

This issue of Tor Weekly News has been assembled by Lunar, luttigdev, dope457, whabib, Karsten Loesing and Peter Palfrader.

Want to continue reading TWN? Please help us create this newsletter. We still need more volunteer writers to watch the Tor community and report important news. Please see the project page and write down your name if you want to get involved!

Tor packages available

There's a new Tor out and all of the packages have been updated. This is a release candidate and will become the new Tor stable soon, so please test these extensively!

Regular packages can be found here:

Tor Browser Bundles are here:

Tor Browser Bundle (2.4.15-beta-1)

  • Update Tor to
  • Update NoScript to

JOIN US - Tor Hack Day, Munich, Germany

Join us for a public hack day on Friday, July 26, 2013 in Munich, Germany. Thank you to our hosts at the Technische Universität München (

The agenda and conversations will be determined by you and Tor's team of developers and researchers - so bring your ideas, questions, projects and technical expertise with you!

This event is open to the public and free of charge - no RSVP necessary.

Friday, July 26, 2013
Start Time: 10:00 am
Location: LRZ building, Sminarraum (H.E. 008), Bolzmannstrabe 1, 85748 Garching,
Germany. NOTE: the room is to the right of the main entrance.

For questions please contact

Syndicate content Syndicate content