Tor Project infrastructure updates

You should upgrade to Tor or

In early January we discovered that two of the seven servers that run directory
authorities were compromised (moria1 and gabelmoo), along with, a new server we'd recently set up to serve
metrics data and graphs. The three servers have since been reinstalled
with service migrated to other servers.

We made fresh identity keys for the two directory authorities, which is
why you need to upgrade.

Moria also hosted our git repository and svn repository. We took the
services offline as soon as we learned of the breach. It appears the
attackers didn't realize what they broke into -- just that they had
found some servers with lots of bandwidth. The attackers set up some ssh
keys and proceeded to use the three servers for launching other attacks.
We've done some preliminary comparisons, and it looks like git and svn
were not touched in any way. read more »

Start of a Tor Legal Support Directory

Over the past few months, a number of exit relay operators have contacted us asking for help with some legal issues encountered while running their relay. While we can't provide legal advice in all jurisdictions, we can frequently find you a next hop in the legal chain to get you the advice or representation you need. Sometimes this advice is free/pro-bono, other times it is not. It's up to the legal organization to decide if they can take your case or refer you to someone else.

Rather than keep a secret list of people willing to help, we're building a public list for operators to contact directly, in their own country. A big thanks to Fred and Gwen at the EFF for helping to start this list and for making introductions. And, of course, a big thanks to the organizations for agreeing to be listed and for offering support to Tor relay operators.

If you'd like to add your name to this list, please let me know.

The current list of legal support organizations by country is:

Turre Legal
Fax +358985657006
contact person: Herkko Hietanen

The Netherlands:
Bits of Freedom

Electronic Frontier Australia
Phone: +61 2 9011 1088
Fax: +61 2 8002 400

Germany, Switzerland, Austria:
Chaos Computer Club

Zwiebelfreunde e.V.

United States:
Electronic Frontier Foundation


Poland, Internet Censorship, and Tor

Over the past month I've been working with a few people from Poland. We are discussing how we can improve the impression of Tor in country. It seems a few people want to make all anonymity and privacy tools illegal; and tor is a well-known scapegoat. Thanks to the efforts of Paweł Wilk for writing a few sane articles about online privacy and Tor in particular.

Sywlia Presley of Global Voices writes up a great overview of the situation at read more »

Tor and Censorship: lessons learned

Roger recently gave a talk at 26C3 about our experiences with various censorship technologies.

In the aftermath of the Iranian elections in June, and then the late September blockings in China, we've learned a lot about how circumvention tools work in reality for activists in tough situations. I'll give an overview of the Tor architecture, and summarize the variety of people who use it and what security it provides. Then we'll focus on the use of tools like Tor in countries like Iran and China: why anonymity is important for circumvention, why transparency in design and operation is critical for trust, the role of popular media in helping – and harming – the effectiveness of the tools, and tradeoffs between usability and security. After describing Tor's strategy for secure circumvention (what we thought would work), I'll talk about how the arms race actually seems to be going in practice.

The slides of the presentation can be found at the bottom of this post.

We've mirrored the full 700MB video of the presentation at

Tor Browser Bundle 1.3.0 Released

On December 31, 2009, I released the latest in the Tor Browser Bundle series, 1.3.0. The version bump from 1.2.10 to 1.3.0 is due to the change to Firefox 3.5.6 (from Firefox 3.0.15).

You can get the latest TBB in 12 languages at

Torbutton 1.2.4 fixes a number of privacy and anonymity issues with the Firefox 3.5.x code base.

The official changelog is:

- upgrade Firefox to 3.5.6
- update Pidgin to 2.6.4
- update Torbutton to 1.2.4

Feel free to file bugs at

The original announcement is at

New Stable released, Tor

Tor fixes an incompatibility with the most recent OpenSSL
library. If you use Tor on Linux / Unix and you're getting SSL
renegotiation errors, upgrading should help. We also recommend an
upgrade if you're an exit relay.

Changes in version - 2009-12-21
Major bugfixes:

  • Work around a security feature in OpenSSL 0.9.8l that prevents our
    handshake from working unless we explicitly tell OpenSSL that we
    are using SSL renegotiation safely. We are, of course, but OpenSSL
    0.9.8l won't work unless we say we are.
  • Avoid crashing if the client is trying to upload many bytes and the
    circuit gets torn down at the same time, or if the flip side
    happens on the exit relay. Bugfix on; fixes bug 1150.

Minor bugfixes: read more »

  • Do not refuse to learn about authority certs and v2 networkstatus

On the risks of serving whenever you surf

Bridge nodes are one of Tor's key architectural components for allowing wide access to the network. These act like normal Tor nodes, except there is no centralized list available to download, so it's harder to block access to all of them. Users who cannot access the Tor network in the normal way can find the IP addresses of a few bridges, and connect to the rest of the Tor network via these nodes. The bridge node IP addresses are distributed in a way such that anyone should be able to find a few, but it should be difficult for someone to find (and block access to) them all. Currently they are available by email or the web, but more strategies are being considered, such as instant messaging or MMORPGs. read more »

November 2009 Progress Report

New releases, new hires, new funding

Bruce Leidl joins to work on developing Tor in Java. Bruce will write a fully functional Tor in Java in order to provide a solid foundation for other java-based projects; such as Tor on mobile platforms like Maemo and Android.

On November 2nd we released Vidalia 0.2.6.

On November 20th, we released Tor Browser Bundle 1.2.10.

On November 19th, we released Tor

Design, develop, and implement enhancements that make
Tor a better tool for users in censored countries.

Roger met with his class at KAIST working on bridge deployment strategies. A few teams developed some creative strategies. Roger is continuing to work with the leading teams to further refine their ideas before publishing. read more »

Syndicate content Syndicate content