karsten's blog

Tor Browser in numbers

Tor Browser is the secure and anonymous way to browse the web and access onion services. Tor Metrics' new visualization of Tor Browser downloads and updates shows that Tor Browser is downloaded 100,000 times from the Tor website every day! These could be new Tor users or existing users who are downloading it again.

The Signature downloads subgraph shows that between 5,000 and 15,000 users per day tried to verify that Tor Browser was signed by our developers after downloading it. Verifying the signature is the surest way to know that that executable is the legitimate version from Tor and not a benign or malicious third-party one. It is important to increase the number of users that verify their downloads in the future through education and assistance, and knowing the numbers is the first step.

The Update pings subgraph shows ~2,000,000 checks for a new Tor Browser version being made every day. Each running instance of Tor Browser makes a minimum of two such requests per day, and another request at the start of each session. As of now, we don't have any data on how long a typical Tor Browser session lasts or how often users restart their browser. But the update number is still useful to observe trends. For instance, look at the sharp drop of update pings at the end of January. We don't yet know what happened there, though it coincides with the Tor Browser 6.5 release, and the pattern looks similar to what happened when the first version of the 6.0 series was released. We use these graphs to recognize such anomalies, investigate them, and track our explanations here.

Lastly, the Update requests subgraph shows spikes every few weeks with peaks between 750,000 and 1,000,000 requests. This happens when a new Tor Browser version is released, which tells us that automated updates are working!

We sourced the data used above from Tor Project web server logs. Don't worry—we don't record what we do not need (your IP addresses or time of day of requests) and remove potentially identifying information (such as request parameters and the user agent string) before processing. We also delete the original logs afterwards and only keep a sanitized version.

Come back to Tor Metrics often! All of our graphs and tables are updated daily, and we are working to add additional ones in the future. We also encourage you to dig through the data we use and tell us if you find something interesting.

We would like to thank the generous community donations for funding our work. Donations to Tor Project not only help fund new work, but lessen our dependencies on institutions for funding. Keep us independent by donating today!

Tor's Innovative Metrics Program Receives Award from Mozilla

Good news for data enthusiasts who trust numbers more than words: The Tor Project has just received an award from Mozilla's Open Source Support program to improve Tor metrics over the next 12 months.

While some analytics programs collect data in ways that violate the privacy of users, Tor's metrics program seeks to keep users safe as we collect and analyze data. We use the data to develop ways to allow more people to access the free Internet via Tor, and we make all data available to the world, so that Tor users, developers, journalists, and funders can see and understand the ways that people use Tor worldwide.

Mozilla's mission is to ensure the Internet is a global public resource, open and accessible to all. Mozilla Open Source Support (MOSS) is an awards program specifically focused on supporting the Open Source and Free Software movement. Their Mission Partners track is open to any open source/free software project undertaking an activity which significantly furthers Mozilla's mission.

Over the coming year, our main goals for this project will be:

1. To make CollecTor (our primary data collection service) more resilient to single-point failures, by enabling multiple CollecTor instances to gather data independently and exchange it in an automated fashion. Doing this will reduce the number of gaps in our data, and make it less likely that an error at one server will make the data invalid.

2. To create an easy-to-use observation kit containing DescripTor (our library for parsing and analyzing Tor servers' descriptions of themselves) together with user-friendly tutorials for evaluating Tor network data. This will make it easier for programmers to write tools that examine historical and current data about the servers that make up the Tor network.

3. To set up more instances of the network status service Onionoo to improve its availability, and work on the most pressing usability issues of the Atlas network status service;

4. To further reduce the amount of sensitive usage data (such as bandwidth totals and connections-per-country) stored on Tor relays and reported to the Tor directory authorities. While we believe that this data is safe the way we handle it today, we believe that improved cryptographic and statistical techniques would allow us to store and share even less data.

5. To improve the accuracy of performance measurements by developing better methods and tools to analyze and simulate average user behavior;

6. To make the Tor Metrics website more usable, so that users, developers, and researchers can more easily find, compare, and interpret information about Tor's usage and performance.

We're excited about this news for a great many reasons.

First, it is one more important step in diversifying Tor's funding.

Second, while the project focuses on improving six important aspects of Tor metrics, it also aims at more general improvements to make Tor metrics software more stable, scalable, maintainable, and usable. These improvements are typically harder to "sell" in funding proposals because their results are less visible to funders. It's reassuring that Mozilla understands that these improvements are important, too.

Third, this award is the first one awarded to Tor's young metrics team, only established 12 months ago in June, 2015. It's an appreciation of the initial work done by the metrics team and a very good basis for the upcoming 12 months.

Writing the award proposal was a successful cooperation of a number of Tor people: it would simply not have happened without Isabela, who made contact with Mozilla people; it would not have been readable without Cass's remarkable ability to translate from tech to English; it would not have contained as many good reasons for getting accepted without iwakeh's invaluable input; and it would not have been accepted without Shari's efforts in asking a leading security expert to write an endorsement of our award request. Finally, this blog post would certainly not have been as readable without Kate's and Nick's editorial capabilities. And now let's go write some code.

Tor Cloud Service Ending; Many Ways Remain to Help Users Access an Uncensored Internet

As of May 8, 2015, the Tor Cloud project has been discontinued.

The Tor Cloud project gave people a user-friendly way of deploying bridges on the Amazon EC2 cloud computing platform to help users access an uncensored Internet. By setting up a bridge, they would donate bandwidth to the Tor network and help improve the safety and speed at which users can access the Internet.

The main reason for discontinuing Tor Cloud is the fact that software requires maintenance, and Tor Cloud is no exception. There is at least one major bug in the Tor Cloud image that makes it completely dysfunctional (meaning that users could not use this particular service to access the Internet), and there are over a dozen other bugs, at least one of them of highest priority. Probably as a result of these bugs, the number of Tor Cloud bridges has steadily declined since early 2014.

We have tried to find a new maintainer for Tor Cloud for months, but without success. There have been offers to send us patches, but we couldn't find a Tor person to review and approve them. We encourage everyone who stepped up to start their own cloud bridges project under another name ("Onion Cloud"?), possibly forking the existing Tor Cloud code that will remain available. Tor Cloud is still a good idea, it just needs somebody to implement it.

Or maybe this is a good opportunity for the community to further look into other approaches for providing an easy-to-deploy bridge or relay, like Ansible Tor or cirrus.

If people still want to help users access an uncensored Internet, there remain plenty of ways to help. For example, it's still possible to spin up an instance on Amazon EC2 or any other cloud computing platform and install a Tor bridge manually. Or people can donate to organizations that run Tor relays and bridges like Torservers.net or their partner organizations.

Note that discontinuing the Tor Cloud project has no effect on existing Tor Cloud instances. Whenever one of those instances was started, a template of the operating system and settings was copied, and removing the template has no effect on the copies.

Sorry for any inconvenience caused by this.

Spread the word about Tor

To all Tor advocates,

For all of you who want to spread the word about Tor at a symposium or conference and need printed materials, we finally have something for you:

Download these brochures here:

Language Available formats
Brazilian Portuguese PDF ODG TXT
Portuguese PDF ODG TXT

EDIT: Adding new translations as they come in (thanks, folks!). If you're considering translating these brochures, please contact us first at tor-assistants@lists.torproject.org to make sure nobody else is already working on the same translation.

There are three different versions of the brochure, all with the same front and different backs:

  1. Law Enforcement & The Tor Project: Geared as a quick reference for law enforcement audiences (not just investigators, but also support services).
  2. The Benefits of Anonymity Online: This is meant for journalists, domestic violence organizations, and others focused on protecting their identity online.
  3. Freedom & Privacy Online: The target audience here is the general public - helping educate people about the reasons that protecting their privacy is important.

Feel free to use these brochures to spread the word about Tor. And just in case you're new to Tor and wondering whether you're permitted to use these brochures: yes, absolutely! We really want people to talk about Tor. Even if you don't have good answers for all the questions people might come up with, these brochures might serve you as a guidance.

Need a stack of these for an event? Contact us, tell us about the event and how many brochures and which of the three versions you need, and we'll mail them to you. Note that we might ask you to write a trip report and give us some feedback on the brochures in exchange.

Also, we will be offering updated versions of these brochures on an ongoing basis.

Thanks for spreading the word about Tor!

Tor Weekly News — March 4th, 2015

Welcome to the ninth issue in 2015 of Tor Weekly News, the weekly newsletter that covers what’s happening in the Tor community.

Tor Browser 4.0.4 and 4.5-alpha-4 are out

The Tor Browser team announced new releases in the stable and alpha branches of the privacy-preserving browser. Version 4.0.4 contains updates to the bundled versions of Firefox, OpenSSL, HTTPS-Everywhere and NoScript (disabling the new NoScript option to make temporary permissions permanent); it also prevents meek from issuing a second update notification.

Meanwhile, following on from the recent Tor UX sprint, version 4.5-alpha-4 incorporates many interface improvements designed to make life easier for Tor users. The connection configuration wizard has been reordered to avoid confusion between network proxies and bridge relays, while a reorganized Torbutton menu now offers a “New circuit for this site” option that removes the need for the user to close all open pages in order to change circuits for one destination. If users do decide to use the “New identity” option, they will now be warned that this involves losing currently-open tabs and windows.

Please see the announcements for full details of the changes, as well as instructions for download and verification.

Reddit donates $82,765.95 to The Tor Project, Inc.

One year ago, the online community Reddit announced that it would be donating 10% of its advertising revenue in 2014 to ten non-profits, to be selected by the Reddit community. Voting took place over the last week, and The Tor Project, Inc. placed tenth in the final ranking, in good company with other charities like the Electronic Frontier Foundation, Wikimedia Foundation, and the Free Software Foundation, each of which being eligible for a $82,765.95 donation.

Community donations like this are a big step on the way to solving the problem of overreliance on single funding streams — often from national governments — that affects open-source security projects, as recently discussed by Jillian York of the Electronic Frontier Foundation (who came first in Reddit’s donation drive). Many thanks to Reddit (the company) and Reddit (the community) for their magnificent gesture of support for privacy and anonymity online — and if you’d like to join them, please take a look at the Tor Project website for ways to contribute!

2015 Winter Tor meeting

A group of around 70 dedicated Tor contributors is meeting this week in Valencia, Spain to discuss plans, milestones, deadlines, and other important matters.

This meeting is kindly hosted together with the OpenITP circumvention tech festival with public outreach and community events joined or co-hosted by Tor members.

Notes are available from the sessions happening on Monday and Tuesday for those who couldn’t make it this time.

Monthly status reports for February 2015

The wave of regular monthly reports from Tor project members for the month of February has begun. Juha Nurmi released his report first, followed by reports from Nick Mathewson, Philipp Winter, Georg Koppen, Sherief Alaa, Pearl Crescent, and Damian Johnson.

Mike Perry reported on behalf of the Tor Browser team.

Miscellaneous news

George Kadianakis reports preliminary results from "a project to study and quantify hidden services traffic." George emphasizes that they "are collecting data from just a few volunteer relays" and that "extrapolating from such a small sample is difficult." Taken with a grain of salt, they "estimate that about 30,000 hidden services announce themselves to the Tor network every day, using about 5 terabytes of data daily." They "also found that hidden service traffic is about 3.4% of total Tor traffic." George, together with Karsten Loesing, wrote a short technical report with more details on their results and methods.

Nick Mathewson announces an important step in stabilizing the Tor 0.2.6.x release series: all work on that series will proceed on the “maint-0.2.6” branch, while work on the next release series 0.2.7.x will happen on the “master” branch. This step allows developers to focus on one branch for fixing bugs and another branch for developing new features.

This issue of Tor Weekly News has been assembled by Harmony, Karsten Loesing, and qbi.

Want to continue reading TWN? Please help us create this newsletter. We still need more volunteers to watch the Tor community and report important news. Please see the project page, write down your name and subscribe to the team mailing list if you want to get involved!

Looking for front-end web developers for network status websites Atlas and Globe

Hello front-end web developers!

We are looking for somebody to fork and extend one of the two main Tor network status websites Atlas or Globe.

Here's some background: both the Atlas and the Globe website use the Onionoo service as their data back-end and make that data accessible to mere humans. The Onionoo service is maintained by Karsten. Atlas was written by Arturo as proof-of-concept for the Onionoo service and later maintained (but not extended) by Philipp. Globe was forked from Atlas by Christian who improved and maintained it for half a year, but who unfortunately disappeared a couple of weeks ago. That leaves us with no actively maintained network status website, which is bad.

Want to help out?

Here's how: Globe has been criticized for having too much whitespace, which makes it less useful on smaller screens. But we hear that the web technology behind Globe is superior to the one behind Atlas (we're no front-end web experts, so we can't say for sure). A fine next step could be to fork Globe and tidy up its design to work better on smaller screens. And there are plenty of steps after that if you look through the tickets in the Globe and Atlas component of our bug tracker. Be sure to present your fork on the tor-dev@ mailing list early to get feedback. You can just run it on your own server for now.

The long-term goal would be to have one or more people working on a new network status website to replace Atlas and Globe. We'd like to wait with that step until such a new website is maintained for a couple of weeks or even months though. And even then, we may keep Atlas and Globe running for a couple more months. But eventually, we'd like to shut them down in favor of an actively maintained website.

Let us know if you're interested, and we're happy to provide more details and discuss ideas with you.

10 years of collecting Tor directory data

Today is the 10th anniversary of collecting Tor directory data!

As the 2004 Tor design paper says, "As of mid-May 2004, the Tor network consists of 32 nodes (24 in the US, 8 in Europe), and more are joining each week as the code matures."

In fact, we still have the original relay lists from back then. The first archived Tor directory dates back to May 15, 2004. It starts with the following lines which are almost human-readable:

published 2004-05-15 07:30:57
running-routers moria1 moria2 tor26 incognito jap dizum
  cassandra metacolo poblano ned TheoryOrg Tonga
  peertech hopey tequila triphop moria4 anize rot52

As of today, May 15, 2014, there are about 4,600 relays in the Tor network and another 3,300 bridges. In these 10 years, we have collected a total of 212 GiB of bz2-compressed tarballs containing Tor directory data. That's more than 600 GiB of uncompressed data. And of course, the full archive is publicly available for download.

Here's a small selection of what people do with this fine archive:

If people want to use the Tor directory archive for their research or for building new applications, or want to help out with the projects listed above, don't hesitate to contact us!

Happy 10th birthday, Tor directory archive!

Visual overview of the Tor network

If you were to give a non-technical person a brief overview of the Tor network, how would you begin? And if you had a picture or diagram to assist you, how would that look like?

We're looking for better visualizations of the Tor network as introductory material. Most people already know EFF's visualizations from Tor's Overview page. Recently, an Italian hack meeting came up with a fun picture of how to imagine a Tor circuit. A discussion among Tor developers brought up an ugly, but potentially useful analogy with road traffic.

Want to help make these visualizations better or suggest your own? Prettier drawings that we can actually show to the world are as useful as content-wise improvements what to add or leave out from these visualizations. Simply leave your ideas or links in the comments. Thanks!

Syndicate content Syndicate content