Tor is released: almost stable!

There's a new development release of Tor!

Tor fixes a few small bugs remaining in Tor, including a few that had prevented tests from passing on some platforms.

The source code for this release is now available from the download page on our website. Packages should be available soon. I expect that this Tor release will probably go into the hardened TorBrowser package series coming out in the next couple of days. (I hear that will be in the regular TorBrowser alphas, since those froze a little before I finished this Tor release.)

We're rapidly running out of serious bugs to fix in 0.2.9.x, so this is probably the last release candidate before stable ... unless you find bugs while testing! Please try these releases, and let us know if anything breaks. Testing either or would be helpful.

Changes in version - 2016-12-12

  • Minor features (geoip):
    • Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2 Country database.
  • Minor bugfix (build):
    • The current Git revision when building from a local repository is now detected correctly when using git worktrees. Fixes bug 20492; bugfix on

  read more »

Tor at the Heart: Onion Messaging

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today!

The Internet was made for humans to communicate with each other! Even though Internet calls over video and audio are totally possible nowadays, people still enjoy sending texts to each other due to their asynchronous, permanent and casual nature. To understand how important these instant messaging systems are, just check the user growth of systems like WeChat, WhatsApp, etc.

Unfortunately, all these major mainstream messaging systems belong to huge companies whose money comes from advertising and selling the data and metadata of their users.

The good news here is that in the past couple of years, there has been great progress in protecting users' data by employing end-to-end encryption using the Signal protocol. The bad news is that there has still been absolutely no progress in protecting the metadata and location information of users by these mainstream platforms.

Case in point, since most instant messaging systems are not anonymous, they get to learn the full location history of their users through the users' IP address history. Also, all major chat systems require a social media account or a phone number, which is simply impossible for some people, and it also makes it hard to create anonymous or burner accounts for everyone. It also makes you searchable and targettable by people who happen to know your phone number.

In this blog post, we showcase a few open-source text messaging tools that provide location privacy and additional security to their users by using Tor as a default. All of them are free and open source, so feel free to experiment!


Ricochet is an anonymous instant messaging tool that hides metadata by using Tor. It's got a slick UI and works on Windows, Linux and Mac OS X.

In the Ricochet protocol, each user is a Tor onion service. By utilizing onion services, the protocol achieves strong anonymity for its users. And because of its decentralized nature, it's impossible for attackers to censor it by taking down a single server.

Ricochet is designed with UX in mind, so it's easily usable even by people who don't understand how Tor works.


If you happen to only use mobile platforms (like most of the world these days), Chatsecure is an app that you should check out! It works for both Android and iOS, and it allows you to connect to XMPP servers to communicate over encrypted OTR chat. This means that you can also use it to connect to other XMPP-enabled messaging systems like Facebook chat and Google Talk.

It's developed by the Guardian Project, and it's a part of their software suite for private communications that includes Orbot and Orfox. Stay tuned on our blog for more information about this software family later this December!

And now for further excitement, let's get into the more experimental sections of the secure messaging space!


Pond is an anonymous instant messaging tool with various sophisticated security properties that is capable of hiding even the metadata of its users.

The protocol is designed in such a way that even a nasty attacker who is constantly monitoring your Internet connection will have a very hard time figuring out when you actually send and receive Pond messages, even if she conducts statistical analysis of your traffic patterns. Smoke and mirrors you might say, but if you like protocols, we invite you to check out the Pond protocol specs.

Unfortunately, Pond is a side-project, and due to lack of free time, the project is not currently actively being developed, even though there is still a community of users. It only works on Linux, and it has a GUI interface.


Briar is an experimental P2P messaging system that is currently in private beta. It targets mobile users and is closely integrated with Tor onion services.

The Briar protocol is fully decentralized, and all communication is end-to-end encrypted. It aims to be highly resilient against network failures, and so it can also function over Bluetooth or WiFi. Furthermore, it attempts to hide the social graph of its users by keeping the user contact list on the client side.

Future directions

As you can see, there have been multiple efforts for private and metadata-hiding communication over the past years. Some of these projects are supposed to be used on top of already existing chat frameworks, whereas others aim to create their own ecosystems.

Of course, the research realm of secure messaging is far from complete; it's just getting started. From improving the UX to adding new security properties, this field needs further thinking all around.

For example, secure multiparty messaging is a very important upcoming field that studies how the protocols above that are designed for 1-to-1 communication can scale to hundreds of clients talking at the same time while maintaining their security properties.

Furthermore, as global surveillance is growing, we better understand the importance of hiding metadata from network attackers. Only now are we starting to grasp the importance of security properties like obfuscating communication patterns, hiding the users' social graph and letting users choose when to reveal their online presence.

Tor is extremely interested in the instant messaging space, and we are always on the lookout for innovative developments and interesting messaging projects. We have deep gratitude to all of the people who have helped to push the field of secure messaging forward, and we hope to enable them in the future to provide anonymous communication tools!

Donate and we will make it happen! :)

Tor at the Heart: Bridges and Pluggable Transports

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today

Technology against censorship: bridges and pluggable transports

You can use Tor to view websites that are censored or blocked. But what do you do when Tor itself is blocked? When it happens, you can use bridges and pluggable transports to get around the censors. Here is how to do it in Tor Browser:

Animated graphic showing 6 steps to configuring pluggable transports.

How does it work?

Censors block Tor in two ways: they can block connections to the IP addresses of known Tor relays, and they can analyze network traffic to find use of the Tor protocol. Bridges are secret Tor relays—they don't appear in any public list, so the censor doesn't know which addresses to block. Pluggable transports disguise the Tor protocol by making it look like something else—for example like HTTP or completely random.

There are several pluggable transports, and it can be hard to know which one to use. If it is your first time, try obfs4: it is a randomizing transport that works for most people. If obfs4 doesn't work, try fte. If that doesn't work, it may mean that the default bridges are blocked, and you should get a custom bridge from If the custom bridge doesn't work, try meek-azure or meek-amazon.

  • obfs4 is a randomizing transport: it adds an extra layer of specialized encryption between you and your bridge that makes Tor traffic look like random bytes. It also resists active-probing attacks, where the censor discovers bridges by trying to connect to them. obfs3 and scramblesuit are similar in nature to obfs4.
  • fte makes Tor traffic resemble plain HTTP. The name stands for "Format-Transforming Encryption."
  • meek makes Tor traffic look like a connection to an HTTPS website. Unlike the other transports, it doesn't connect directly to a bridge. meek first connects to a real HTTPS web server (in the Amazon cloud or the Microsoft Azure cloud) and from there connects to the actual bridge. Censors cannot easily block meek connections because the HTTPS servers also provide many other useful services.

There are a number of built-in, default bridges, which you can use just by choosing a pluggable transport name. For better secrecy, you should get custom bridges from meek doesn't need custom bridges; however it is slower and more expensive to operate than the other pluggable transports, so you should use obfs4 or fte if they work for you.

Tor is not the only project to use pluggable transports. We work often with researchers and developers to study Internet censorship, improve pluggable transports, and develop new ones. Psiphon and Lantern are two other projects that use pluggable transports. (Unlike Tor, they focus only on access and not on anonymity.)

If you are not censored yourself, you can help censored people by running a bridge with a pluggable transport. Running a bridge is the same as running a relay, just with a little extra configuration. See this guide: Become a PT bridge operator! Once your bridge is running, it will automatically become available to users at

The world of censorship is changing all the time. It's a good idea to learn how to use bridges and pluggable transports before you actually need them. Just last week, ISPs in Belarus began blocking public Tor relays—but bridges and pluggable transports are so far working to defeat the blocks. We are tracking other censorship events, such as those in Saudi Arabia, Kazakhstan, and elsewhere. If you know details of these or any other Tor blocks, please tell us. The best way to do that is to leave a comment on our bug tracker. (You can create an account first.)

Tor at the Heart: Tails

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today


Tails is a complete operating system designed to be used from a DVD, USB stick, or SD card independently of the computer's original operating system. It is free software and based on Debian GNU/Linux. Tails comes with several built-in applications pre-configured with security in mind: a web browser, an instant messaging client, an email client, an office suite, an image and sound editor, etc.

Tails aims at preserving privacy and anonymity online and allows users to:

  • Use the Internet anonymously to circumvent censorship; all connections to the Internet are forced to go through the Tor network. If an application tries to connect to the Internet directly, the connection is automatically blocked for security.
  • Leave no trace on the computer by default.
  • Use state-of-the-art cryptographic tools to encrypt files, emails and instant messaging.

Tails is configured with special care to not use the computer's hard-disks, even if there is some swap space on them. The only storage space used by Tails is in RAM, which is automatically erased when the computer shuts down. So you won't leave any trace on the computer either of the Tails system itself or what you used it for. This allows you to work with sensitive documents on any computer and protects you from data recovery after shutdown. Of course, you can still explicitly save specific documents to another USB stick or external hard-disk and take them away for future use.

Tails also comes with a selection of tools to protect your data using strong encryption:

  • Encrypt your USB sticks or external hard-disks using LUKS.
  • Automatically use HTTPS to encrypt all your communications to many major websites using HTTPS Everywhere.
  • Encrypt and sign your emails and documents using OpenPGP.
  • Protect your instant messaging conversations using OTR.
  • Securely delete your files and clean your diskspace using Nautilus Wipe.

Tails provides a secure platform that improves endpoint security by making it comparatively easier to use the right tools in the right way, protecting even less tech-savvy users from the most likely and highest impact risks.

Tor at the Heart: The OONI project

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today

In this post we provide an overview of OONI, a project under The Tor Project.

The Open Observatory of Network Interference (OONI) is a free software project under The Tor Project that aims to increase transparency about internet censorship around the world. To this end, OONI has developed multiple free software tests (called ooniprobe) that are designed to examine the following:

  • Blocking of websites;
  • Blocking of Instant Messaging software such as WhatsApp and Facebook Messenger;
  • Blocking of Tor, proxies, VPNs, and sensitive domains;
  • Detection of systems responsible for censorship, surveillance and traffic manipulation.

Anyone can run these tests to examine whether censorship is being implemented in their network. All data collected through ooniprobe is published and can serve as a resource for those who are interested in knowing how, when, and by whom internet censorship is being implemented. You can find OONI’s data in JSON format or via OONI Explorer: a global map for exploring and interacting with all the network measurement data that OONI has collected from 2012 to date.

Hundreds of volunteers have run ooniprobe across more than 100 countries around the world, shedding light on multiple instances of internet censorship. WhatsApp, for example, was found to be blocked in Brazil earlier this year, while Facebook and Twitter were censored during Uganda’s 2016 general elections. OONI data also shows that news websites were blocked in Iran and India, amongst many other countries, and that sites supporting LGBTI dating also appeared to be tampered with in Zambia.

OONI aims to equip the public around the world with data that can serve as evidence of internet censorship events. Such data not only shows whether a site or service was blocked, but more importantly, how it was blocked, when, where, and by whom. This type of information can be particularly useful to the following:

  • Lawyers: Examine the legality of the type of internet censorship implemented in your country, and use OONI’s data as evidence.
  • Journalists: Improve the credibility of your stories by referencing network measurement data as evidence of censorship events.
  • Researchers: Use OONI’s data to explore new questions. Researchers from the University of Cambridge and UC Berkeley, for example, were able to examine the differential treatment of anonymous users through the use of OONI data.
  • Activists, advocates, campaigners: Inform your work based on evidence of censorship events.
  • Circumvention tool projects: Inform the development of your tools and strategies based on OONI’s findings on censorship events around the world.

To empower participation in censorship research, OONI has established partnerships with local non-profit organizations around the world. Some of these organizations include:

These partnerships involve the daily collection of network measurements from local vantage points, determining which sites and services to test per country, and analyzing measurements within social, political, and legal context. Some partners, such as Sinar Project, even organize regional workshops to teach other groups and organizations how to measure internet censorship through the use of ooniprobe.

The Tor Project has supported the OONI project from day 1. Donate to The Tor Project today and help us continue to uncover internet censorship around the world.

Written by Maria Xynou, OONI’s Research and Partnerships Coordinator

Tor is released, with small portability fixes

There's a new stable release of Tor!

Tor backports fixes for additional portability issues that could prevent Tor from building correctly on OSX Sierra, or with OpenSSL 1.1. Affected users should upgrade; others can safely stay with

You can download the source from the usual place on the website. Packages should be available over the next several days, including a TorBrowser release around December 14. Remember to check the signatures!

Below are the changes since

Changes in version - 2016-12-08

  • Minor bugfixes (portability):
    • Avoid compilation errors when building on OSX Sierra. Sierra began to support the getentropy() and clock_gettime() APIs, but created a few problems in doing so. Tor 0.2.9 has a more thorough set of workarounds; in 0.2.8, we are just using the /dev/urandom and mach monotonic time interfaces. Fixes bug 20865. Bugfix on
  • Minor bugfixes (portability, backport from
    • Fix compilation with OpenSSL 1.1 and less commonly-used CPU architectures. Closes ticket 20588.

Tor at the Heart: Library Freedom Project

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today

Library Freedom Project

Library Freedom Project is an initiative that aims to make real the promise of intellectual freedom in libraries by teaching librarians and their local communities about surveillance threats, privacy rights and responsibilities, and privacy-enhancing technologies to help safeguard digital freedoms.

Why libraries?

LFP focuses on libraries for several reasons: libraries are trusted community spaces and education centers, offering free computer classes and technology access -- quite often as the only such resource in their communities. Libraries serve people from all walks of life, including immigrants, poor and working people, and others who are under greater surveillance threats. Finally, libraries have a deep historical and ideological commitment to protecting privacy; for example, librarians in the United States were some of the earliest opponents of overbroad government surveillance programs like the USA PATRIOT Act. Library Freedom Project helps librarians turn that ideological commitment into procedural and technical reality by learning to teach privacy classes, operate infrastructure for privacy-enhancing technologies, and understand what to do when faced with information requests for patron data.

LFP + Tor

Tor is an essential part of Library Freedom Project. Through privacy trainings, LFP has taught thousands of librarians about using and teaching Tor in their libraries. Dozens of these libraries have even installed Tor Browser on public computers or have started operating Tor relays to help protect privacy at home and across the world. The relationship between LFP and the Tor Project is mutually beneficial; the Tor Project builds a tool that librarians saw the need for years ago, and librarians have helped perform much needed outreach and training on behalf of Tor. Thanks to the work of LFP, Tor is well-recognized by librarians and fairly mainstream in library culture. It is not uncommon for a library conference to offer talks about using Tor in libraries, and LFP's Tor Relays in Libraries project gave international attention to the role of libraries in the fight for privacy.

Support privacy training in your local community

By supporting Tor, you're helping bring privacy to local communities through the trusted space of the library. Donate to the Tor Project today, and then tell your librarian about Library Freedom Project.

Tor at the Heart: SecureDrop

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today!


SecureDrop is an open-source whistleblower submission system that media organizations can install to accept documents from anonymous sources. It was originally coded by the late Aaron Swartz, with assistance from Wired editor Kevin Poulsen and James Dolan. The project was previously called DeadDrop. Freedom of the Press Foundation took over management of the project in October 2013. 

SecureDrop works by using two physical servers: a public-facing server that stores messages and documents, and a second server that performs security monitoring of the first. The code on the public-facing server is a Python web application that accepts messages and documents from the web and GPG-encrypts them for secure storage. This site is only made available as a Tor Hidden Service, which requires sources to use Tor, thus hiding their identity from both the SecureDrop server and many types of network attackers. Essentially, it’s a more secure alternative to the "contact us" form found on a typical news site. Every source who visits the site is given a unique "codename." The codename lets the source establish a relationship with the news organization without revealing his/her real identity or resorting to e-mail. They can enter the code name on a future visit to read any messages sent back from the journalist, or to submit additional documents and messages under the same persistent, but pseudonymous, identifier. The source is known by a different and unrelated code name on the journalist’s side. All of the source’s submissions, and replies to the source from journalists, are grouped together into a collection. Every time there’s a new submission by a source, their collection is bumped to the top of the submission queue. 

The SecureDrop application does not record your IP address, information about your browser, computer, or operating system. Furthermore, the SecureDrop pages do not embed third-party content or deliver persistent cookies to your browser. The server will only store the date and time of the newest message sent from each source. Once you send a new message, the time and date of your previous message is automatically deleted. Journalists are also encouraged to regularly delete all information from the SecureDrop server and store anything they would like saved in offline storage to minimize risk.

Over three dozen media organizations are currently using SecureDrop, including:

Syndicate content Syndicate content