Rabbi Rob Thomas, founder and CEO of Team Cymru, is a member of The Tor Project's Board of Directors, and a loud and proud advocate for Tor and our first fundraising campaign.
Rabbi Rob and his wife have issued a challenge to the Tor community worldwide: donate to Tor by 11:59pm PST on December 31st and they will match your gift, dollar for dollar, up to $18,000..
Rob and his wife Lauren normally make their contributions to the causes they support anonymously, for spiritual purposes. But their deep and long-term support for Tor's sustainability has moved them to make a public challenge. Your gift to Tor will now have twice the impact.
"The internet cannot heal itself in the face of tyrants," Thomas says. "Tor is the salve that heals that wound; Tor is what allows us to route around tyranny."
Our deep gratitude to you Rabbi Rob and Lauren, and to all who join the challenge to #SupportTor.
I am honored to be joining the Tor Project today as the new Executive Director. I've been a big fan of Tor for a long time—ever since I met founders Roger Dingledine and Nick Mathewson in 2004 and learned about the important work they were doing to provide anonymity for online communications. Today Tor is an essential part of the Internet freedom infrastructure. Activists around the world depend on Tor, as do whistleblowers, victims of domestic violence, and regular citizens who care about their privacy.
This incredible team of people has built an amazing organization. I hope to help grow the Tor Project by building a more sustainable infrastructure and a more robust funding base, as well as by achieving greater adoption of Tor products by mainstream Internet users. There's a lot to be done, but I think we'll have fun while working to make the Internet safer and more secure.
I look forward to meeting many of you in the coming weeks and months, and I welcome your ideas and suggestions.
Yours in freedom,
At long last, I am thrilled to announce that our executive director search is now successful! And what a success it is: we have our good friend Shari Steele, who led EFF for 15 years, coming on board to lead us.
We've known Shari for a long time. She led EFF's choice to fund Tor back in 2004-2005. She is also the one who helped create EFF's technology department, which has brought us HTTPS Everywhere and their various guides and tool assessments.
Tor's technical side is world-class, and I am excited that Shari will help Tor's organizational side become great too. She shares our core values, she brings leadership in managing and coordinating people, she has huge experience in growing a key non-profit in our space, and her work pioneering EFF's community-based funding model will be especially valuable as we continue our campaign to diversify our funding sources.
Tor is part of a larger family of civil liberties organizations, and this move makes it clear that Tor is a main figure in that family. Nick and I will focus short-term on shepherding a smooth transition out of our "interim" roles, and after that we are excited to get back to our old roles actually doing technical work. I'll let Shari pick up the conversation from here, in her upcoming blog post.
Please everybody join me in welcoming Shari!
Here comes another stable release!
Tor version 0.2.7.6 fixes a major bug in entry guard selection, as well as a minor bug in hidden service reliability. (For more information on the guard bug, see Roger's preliminary analysis.
You can download the source from the usual place on the website. Packages should be up within a few days.
Changes in version 0.2.7.6 - 2015-12-10
- Major bugfixes (guard selection):
- Actually look at the Guard flag when selecting a new directory guard. When we implemented the directory guard design, we accidentally started treating all relays as if they have the Guard flag during guard selection, leading to weaker anonymity and worse performance. Fixes bug 17772; bugfix on 0.2.4.8-alpha. Discovered by Mohsen Imani.
- Minor features (geoip):
- Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2 Country database.
- Minor bugfixes (compilation):
- When checking for net/pfvar.h, include netinet/in.h if possible. This fixes transparent proxy detection on OpenBSD. Fixes bug 17551; bugfix on 0.1.2.1-alpha. Patch from "rubiate".
- Fix a compilation warning with Clang 3.6: Do not check the presence of an address which can never be NULL. Fixes bug 17781.
- Minor bugfixes (correctness):
- When displaying an IPv6 exit policy, include the mask bits correctly even when the number is greater than 31. Fixes bug 16056; bugfix on 0.2.4.7-alpha. Patch from "gturner".
- The wrong list was used when looking up expired intro points in a rend service object, causing what we think could be reachability issues for hidden services, and triggering a BUG log. Fixes bug 16702; bugfix on 0.2.7.2-alpha.
- Fix undefined behavior in the tor_cert_checksig function. Fixes bug 17722; bugfix on 0.2.7.2-alpha.
Being able to build Tor Browser several times in a row and getting exactly the same result each time has been an important feature for a while now. It provides a direct link between the source code we provide and the binary that Tor users are downloading and using to surf the web. This offers a number of benefits to all parties involved:
- Users can verify that they really got the binary they were supposed to get
- Pressure on developers to provide a bullet-proof build and signing setup is reduced
- Incentives to pressure release engineers into inserting backdoors into the code are reduced
From December 1-3, 2015 we had the opportunity to discuss these and other topics around reproducible builds with members of different projects. Thanks to the Linux Foundation, the Open Technology Fund and Google, developers from Debian, FreeBSD, NetBSD, Google, the Guardian Project, Coreboot and Tor (to name just a few) were able to attend. The workshop started with exchanging experiences with already existing systems (like Gitian, which we use for Tor Browser). During the three days of the meeting, work went on to explore together future directions for advocacy, commonly used tools, infrastructure and documentation.
We were especially pleased to see the fruitful collaboration on the operating systems level. While it is good to have a reproducible Tor Browser, the security guarantees that it provides are even stronger if the operating systems and the toolchains used to build it can be created reproducibly as well. Moreover, all participants agreed that non-reproducibility is essentially a defect that needs to be fixed. This allows us to treat workarounds (like using libfaketime to avoid timestamp differences in binaries) as mere band-aids and instead focus on addressing the root causes of non-determinism directly upstream.
Thanks to Allen Gunn and the Aspiration team for the excellent facilitation and all participants for the productive and exciting time. See all of you at the next workshop!
We are pleased to announce another public beta release of Tor Messenger. This release addresses a number of stability and usability issues, and includes the default bridge configurations for pluggable transports.
The initial public release was a success in that it garnered a lot of useful feedback. We tried to respond to all your concerns in the comments of the blog post but also collected and aggregated a FAQ of the most common questions.
Before upgrading to the new release, you will need to backup your OTR keys or simply generate new ones. Please see the following steps to back them up.
In our eagerness to build on work done by Tor Browser, we made the decision to store your profile directory inside the application bundle. This complicates matters when you want to use the same accounts and keys across updates, especially while we don't have an automatic updater. Please see #13861.
Also, as was vociferously pointed out by some of our early adopters, this probably isn't a very intuitive user experience. Copying the extracted application to someone else's computer would unknowingly transfer your accounts and OTR keys. It's unclear if this is commonly done and we'd love feedback on this point to understand the urgency of the issue.
In future releases, we plan on revisiting this decision. The number one item on our roadmap is porting Tor Browser's updater patches (#14388) so that keeping Tor Messenger up-to-date is seamless and automatic. We also plan to add a UI to make importing OTR keys and accounts from Pidgin, and other clients, as easy as possible (#16526).
Please note that Tor Messenger is still in beta. The purpose of this release is to help test the application and provide feedback. At-risk users should not depend on it for their privacy and safety.
sha256sums.txt file containing hashes of the bundles is signed with the key
3A0B 3D84 3708 9613 6B84 5E82 6887 935A B297 B391).
Here is the complete changelog since v0.1.0b2:
Tor Messenger 0.1.0b4 -- November 22 2015
- All Platforms
- Bug 17492: Include default bridges configuration
- Use tor and the pluggable transports from tor-browser 5.0.4
- Bug 17552: Instantbird should handle XMPP message stanzas with subjects
- Bug 17539: Pass username when interpolating resent string
- Bug 15179: Add an OTR Preferences item to the Tools menu
- Use the FIREFOX_42_0_RELEASE tag on mozilla-release
- Use the THUNDERBIRD_42_0b2_RELEASE tag on comm-release
- Bug 16489: Prevent automatic logins at startup
- Update Tor Messenger logo in Tor Launcher
- Bug 16476: Themes preference is positioned incorrectly
- Bug 17456: Application hang when navigating the preferences menu
Tor Messenger 0.1.0b3 -- October 30 2015
- Bug 17453: Fix Tor Messenger crash when starting up in Windows
I am happy to tell you that Tor is running its first ever end-of-year fundraising drive. Our goal is to become more sustainable financially and less reliant on government funding. We need your help.
We've done some amazing things in recent years. The Tor network is much faster and more consistent than before. We're leading the world in pushing for adoption of reproducible builds, a system where other developers can build their own Tor Browser based on our code to be sure that it is what we say it is. Tor Browser's secure updates are working smoothly.
We've provided safe Internet access to citizens whose countries enacted harsh censorship, like Turkey and Bangladesh. Our press and community outreach have supported victories like the New Hampshire library's exit relay. New releases of tools like Tor Messenger have been a hit.
When the Snowden documents and Hacking Team emails were first released, we provided technical and policy analysis that has helped the world better understand the threats to systems like Tor — and further, to people's right to privacy. Our analysis helped mobilize Internet security and civil liberties communities to take action against these threats.
We have much more work ahead of us in the coming years. First and foremost, we care about our users and the usability of our tools. We want to accelerate user growth: The Tor network sees millions of users each day, but there are tens of millions more who are waiting for it to be just a little bit faster, more accessible, or easier to install. We want to get the word out that Tor is for everyone on the planet.
We also need to focus on outreach and education, and on helping our allies who focus on public policy to succeed. Tor is still the best system in the world against large adversaries like governments, but these days the attackers are vastly outspending the defenders across the board. So in addition to keeping Tor both strong and usable, we need to provide technical advice and support to groups like EFF and ACLU while they work to rein in the parts of our governments that have gone beyond the permissions and limits that our laws meant to give them.
From an organization and community angle, we need to improve our stability by continued work on transparency and communication, strengthening our leadership, choosing our priorities well, and becoming more agile and adapting to the most important issues as they arise.
Taller mountains await after these: We need to tackle the big open anonymity problems like correlation attacks, we need to help websites learn how to engage with users who care about privacy, and we need to demonstrate to governments around the world that we don't have to choose between security and privacy.
We appreciate the help we receive from past and current funders. But ultimately, Tor as an organization will be most effective when we have the flexibility to turn to whichever issues are most pressing at the time — and that requires unrestricted funding. It's not going to happen overnight — after all, it took EFF years to get their donation campaigns going smoothly — but they've gotten there, and you can help us take these critical first steps so we can get there, too. By participating in this first campaign, you will show other people that this whole plan can work.
Tor has millions of users around the globe, and many people making modest donations can create a sustainable Tor. In fact, please make a larger donation if you can! These larger contributions form a strong foundation for our campaign and inspire others to give to Tor.
You can help our campaign thrive in three simple ways:
- Make a donation at whatever level is possible and meaningful for you. Every contribution makes Tor stronger. Monthly donations are especially helpful because they let us make plans for the future.
- Tell the world that you support Tor! Shout about it, tweet about it, share our posts with your community. Let everyone know that you #SupportTor. These steps encourage others to join in and help to spread the word.
- Think about how and why Tor is meaningful in your life and consider writing or tweeting about it. Be sure to let us know so we can amplify your voice.
Beyond collecting money (which is great), I'm excited that the fundraising campaign will also double as an awareness campaign about Tor: We do amazing things, and amazing people love us, but in the past we've been too busy doing things to get around to telling everyone about them.
We have some great champions lined up over the coming days and weeks to raise awareness and to showcase the diversity of people who value Tor. Please help the strongest privacy tool in the world become more sustainable!