mikeperry's blog

This is What a Tor Supporter Looks Like: Edward Snowden

Edward Snowden


In mid-October, the Tor Project had an opportunity to interview Edward Snowden. Below are key excerpts from the conversation.


Tor: What would you say to a non-technical person about why they should support and care about Tor?

ES: Tor is a critical technology, not just in terms of privacy protection, but in defense of our publication right -- our ability to route around censorship and ensure that when people speak their voices can be heard.

The design of the Tor system is structured in such a way that even if the US Government wanted to subvert it, it couldn't because it's a decentralized authority. It's a volunteer based network. Nobody's getting paid to run Tor relays -- they're volunteers worldwide. And because of this, it provides a built-in structural defense against abuses and most types of adversaries.

Tor provides a level of safety, a level of guarantee, to the confidentiality, and in some cases anonymity of human communications. I think this is an incredible thing because it makes us more human. We are at the greatest peace with ourselves when nobody's watching.

Tor: Can you talk about how the world would be different if Tor did not exist?

ES: Without Tor, the streets of the Internet become like the streets of a very heavily surveilled city. There are surveillance cameras everywhere, and if the adversary simply takes enough time, they can follow the tapes back and see everything you've done.

With Tor, we have private spaces and private lives, where we can choose who we want to associate with and how, without the fear of what that is going to look like if it is abused.

What the Tor network allows is what's called a mixed routing experience where, due to a voluntary cooperation of peers around the Internet -- around the world, across borders, across jurisdictions -- you get individuals who are able to share traffic in ways that don't require them to be able to read the content of it. So you don't have to trust every participant of the Tor network to know who you are and what you're looking for.

Tor: Did you know that Tor is run by a non-profit organization?

ES: Yes, Tor has been extremely open. Almost everybody who is involved in development has an online presence; they're involved in online engagement. You can drop into the IRC and talk to these people directly and ask them questions, or criticize them (laughs). It's a very open and inclusive community, and I think that's incredibly valuable.

They also have a very rich and well-supported mailing list, which is very helpful for people who want to move beyond being a passive user of Tor and actually start being an active participant in expanding the network, in running a relay node from your home, or even starting to experiment with running an exit, which I think is one of the most interesting parts of the Tor experience.


Please join Ed in supporting Tor Today!

Tor Browser 5.0.1 is released

A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.

This release fixes a crash bug that caused Tor Browser to crash on certain sites (in particular, Google Maps and Tumblr). The crash bug was a NULL pointer dereference while handling blob URIs. The crash was not exploitable.

Here is the complete changelog since 5.0:

  • All Platforms
    • Bug 16771: Fix crash on some websites due to blob URIs

Tor Browser 5.5a1 is released

The Tor Browser Team is proud to announce the first alpha release in the 5.5 series. The release is available for download in the 5.5a1 distribution directory and on the alpha download page.

This release features important security updates to Firefox. In particular, while the recent PDF.js exploit did not affect 4.5 users, it does affect users of 5.0a3 and 5.0a4. Although the High security level of the Security Slider also prevented the exploit from working against even those users, all alpha users are still strongly encouraged to upgrade as soon as possible.

In addition to fixing these security issues, the remaining major issues with Firefox 38 from 5.0a4 were also fixed. This release also features improvements to fingerprinting defenses. In particular, we continue to refine our font fingerprinting defense that was added in 5.0a4. With this defense, Tor Browser now ships with a standard set of fonts, and prefers to use the provided fonts instead of native ones in most cases. Interested users are encouraged to help us refine this defense by commenting on the associated ticket in our bugtracker.

This release also will reset the permanent NoScript whitelist, due to an issue where previous NoScript updates had added certain domains to the whitelist during upgrade. The whitelist is reset to the default for all users as a result, and future updates to the whitelist by NoScript have been disabled.

Here is the complete changelog since 5.0a4:

  • All Platforms
    • Update Firefox to 38.2.0esr
    • Update NoScript to 2.6.9.34
    • Update Torbutton to 1.9.3.3
      • Bug 16731: TBB 5.0 a3/a4 fails to download a file on right click
      • Bug 16730: Reset NoScript whitelist on upgrade
      • Bug 16722: Prevent "Tiles" feature from being enabled after upgrade
      • Bug 16488: Remove "Sign in to Sync" from the browser menu (fixup)
      • Bug 14429: Make sure the automatic resizing is enabled
      • Translation updates
    • Update Tor Launcher to 0.2.7.7
      • Translation updates
    • Bug 16730: Prevent NoScript from updating the default whitelist
    • Bug 16715: Use ThreadsafeIsCallerChrome() instead of IsCallerChrome()
    • Bug 16572: Verify cache isolation for XMLHttpRequests in Web Workers
    • Bug 16311: Fix navigation timing in ESR 38
    • Bug 15646: Prevent keyboard layout fingerprinting in KeyboardEvent (fixup)
    • Bug 16672: Change font whitelists and configs for rendering issues (partial)

Tor Browser 5.0 is released

The Tor Browser Team is proud to announce the first stable release in the 5.0 series. This release is available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox. Note that the recent PDF.js exploit did not affect 4.5 users, but they should upgrade to this release immediately because numerous other potential security issues were fixed by Mozilla in this release. (Incidentally: Users who are using the 5.0-alpha series are vulnerable to the PDF.js exploit, but not if they were using the 'High' security level. Regardless, we are also upgrading 5.0-alpha users to 5.5a1 today to fix the issue as well).

This release also brings us up to date with Firefox 38-ESR, which should mean improved support for HTML5 video on Youtube, as well as a host of other improvements. Controversial and hard-to-audit binary components related to EME DRM were disabled, however.

The release also features new privacy enhancements. In particular, more identifier sources that appeared in Firefox 38 (or were otherwise disabled previously) are now isolated to the first party (URL bar) domain. This release also contains defenses from the 5.0-alpha series for keystroke (typing) fingerprinting and some instances of performance/timing fingerprinting.

Regrettably, our new defenses for font and keyboard layout fingerprinting did not stabilize in time for this release. Users who are interested in helping us improve them should try out 5.5a1.

This release also will reset the permanent NoScript whitelist, due to an issue where previous NoScript updates had added certain domains to the whitelist during upgrade. The whitelist is reset to the default for all users as a result, and future updates to the whitelist by NoScript have been disabled.

Starting with this release, Tor Browser will now also download and apply upgrades in the background, to ensure that users upgrade quicker and with less interaction. This behavior is governed by the about:config pref app.update.auto, but we do not recommend disabling it unless you really know what you're doing.

Here is the complete changelog since 4.5.3:

  • All Platforms
    • Update Firefox to 38.2.0esr
    • Update OpenSSL to 1.0.1p
    • Update HTTPS-Everywhere to 5.0.7
    • Update NoScript to 2.6.9.34
    • Update meek to 0.20
    • Update Tor to 0.2.6.10 with patches:
      • Bug 16674: Allow FQDNs ending with a single '.' in our SOCKS host name checks.
      • Bug 16430: Allow DNS names with _ characters in them (fixes nytimes.com)
      • Bug 15482: Don't allow circuits to change while a site is in use
    • Update Torbutton to 1.9.3.2
      • Bug 16731: TBB 5.0 a3/a4 fails to download a file on right click
      • Bug 16730: Reset NoScript whitelist on upgrade
      • Bug 16722: Prevent "Tiles" feature from being enabled after upgrade
      • Bug 16488: Remove "Sign in to Sync" from the browser menu (fixup)
      • Bug 16268: Show Tor Browser logo on About page
      • Bug 16639: Check for Updates menu item can cause update download failure
      • Bug 15781: Remove the sessionstore filter
      • Bug 15656: Sync privacy.resistFingerprinting with Torbutton pref
      • Bug 16427: Use internal update URL to block updates (instead of 127.0.0.1)
      • Bug 16200: Update Cache API usage and prefs for FF38
      • Bug 16357: Use Mozilla API to wipe permissions db
      • Bug 14429: Make sure the automatic resizing is disabled
      • Translation updates
    • Update Tor Launcher to 0.2.7.7
      • Bug 16428: Use internal update URL to block updates (instead of 127.0.0.1)
      • Bug 15145: Visually distinguish "proxy" and "bridge" screens.
      • Translation updates
    • Bug 16730: Prevent NoScript from updating the default whitelist
    • Bug 16715: Use ThreadsafeIsCallerChrome() instead of IsCallerChrome()
    • Bug 16572: Verify cache isolation for XMLHttpRequests in Web Workers
    • Bug 16884: Prefer IPv6 when supported by the current Tor exit
    • Bug 16488: Remove "Sign in to Sync" from the browser menu
    • Bug 16662: Enable network.http.spdy.* prefs in meek-http-helper
    • Bug 15703: Isolate mediasource URIs and media streams to first party
    • Bug 16429+16416: Isolate blob URIs to first party
    • Bug 16632: Turn on the background updater and restart prompting
    • Bug 16528: Prevent indexedDB Modernizr site breakage on Twitter and elsewhere
    • Bug 16523: Fix in-browser JavaScript debugger
    • Bug 16236: Windows updater: avoid writing to the registry
    • Bug 16625: Fully disable network connection prediction
    • Bug 16495: Fix SVG crash when security level is set to "High"
    • Bug 13247: Fix meek profile error after bowser restarts
    • Bug 16005: Relax WebGL minimal mode
    • Bug 16300: Isolate Broadcast Channels to first party
    • Bug 16439: Remove Roku screencasting code
    • Bug 16285: Disabling EME bits
    • Bug 16206: Enforce certificate pinning
    • Bug 15910: Disable Gecko Media Plugins for now
    • Bug 13670: Isolate OCSP requests by first party domain
    • Bug 16448: Isolate favicon requests by first party
    • Bug 7561: Disable FTP request caching
    • Bug 6503: Fix single-word URL bar searching
    • Bug 15526: ES6 page crashes Tor Browser
    • Bug 16254: Disable GeoIP-based search results.
    • Bug 16222: Disable WebIDE to prevent remote debugging and addon downloads.
    • Bug 13024: Disable DOM Resource Timing API
    • Bug 16340: Disable User Timing API
    • Bug 14952: Disable HTTP/2
    • Bug 1517: Reduce precision of time for Javascript
    • Bug 13670: Ensure OCSP & favicons respect URL bar domain isolation
    • Bug 16311: Fix navigation timing in ESR 38
  • Windows
    • Bug 16014: Staged update fails if meek is enabled
    • Bug 16269: repeated add-on compatibility check after update (meek enabled)
  • Mac OS
    • Use OSX 10.7 SDK
    • Bug 16253: Tor Browser menu on OS X is broken with ESR 38
    • Bug 15773: Enable ICU on OS X
  • Build System
    • Bug 16351: Upgrade our toolchain to use GCC 5.1
    • Bug 15772 and child tickets: Update build system for Firefox 38
    • Bugs 15921+15922: Fix build errors during Mozilla Tryserver builds
    • Bug 15864: rename sha256sums.txt to sha256sums-unsigned-build.txt

Tor Browser 5.0a2 is released

The second alpha release in the 5.0 series of the Tor Browser is now available from our extended downloads page as well as the distribution directory.

This release provides a fix for the Logjam attack (https://weakdh.org/) and updates a number of Tor Browser components: Tor to version 0.2.7.1-alpha, Torbutton to version 1.9.2.7, NoScript to version 2.6.9.26, meek to version 0.19 and HTTPS-Everywhere to version 5.0.5. Moreover, it fixes a possible crash on Linux and avoids breaking the Add-ons page if Torbutton is disabled, and it also fixes an update issue when using meek on Windows systems.

Here is the complete changelog

  • All Platforms
    • Update Tor to 0.2.7.1-alpha
    • Update OpenSSL to 1.0.1n
    • Update HTTPS-Everywhere to 5.0.5
    • Update NoScript to 2.6.9.26
    • Update meek to 0.19
    • Update Torbutton to 1.9.2.7
      • Bug 15984: Disabling Torbutton breaks the Add-ons Manager
      • Bug 14429: Make sure the automatic resizing is enabled
      • Translation updates
    • Bug 16130: Defend against logjam attack
    • Bug 15984: Disabling Torbutton breaks the Add-ons Manager
  • Windows
    • Bug 16014: Staged update fails if meek is enabled
    • Bug 16269: repeated add-on compatibility check after update (meek enabled)
  • Linux
    • Bug 16026: Fix crash in GStreamer
    • Bug 16083: Update comment in start-tor-browser

Tor Browser 4.5.2 is released

A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.

Tor Browser 4.5.2 provides a fix for the Logjam attack (https://weakdh.org/) and updates a number of Tor Browser components: Tor to version 0.2.6.9, Torbutton to version 1.9.2.6, NoScript to version 2.6.9.26 and HTTPS-Everywhere to version 5.0.5. Moreover, it fixes a possible crash on Linux and avoids breaking the Add-ons page if Torbutton is disabled.

Here is the complete changelog since 4.5.1:

  • All Platforms
    • Update Tor to 0.2.6.9
    • Update OpenSSL to 1.0.1n
    • Update HTTPS-Everywhere to 5.0.5
    • Update NoScript to 2.6.9.26
    • Update Torbutton to 1.9.2.6
      • Bug 15984: Disabling Torbutton breaks the Add-ons Manager
      • Bug 14429: Make sure the automatic resizing is disabled
      • Translation updates
    • Bug 16130: Defend against logjam attack
    • Bug 15984: Disabling Torbutton breaks the Add-ons Manager
  • Linux
    • Bug 16026: Fix crash in GStreamer
    • Bug 16083: Update comment in start-tor-browser

Tor Browser 5.0a1 is released

The first alpha release in the new 5.0 series of the Tor Browser is now available from our extended downloads page as well as the distribution directory.

Tor Browser 5.0a1 is based on Firefox ESR 31.7.0, which features important security updates to Firefox.

In addition to including all of the fixes that were present in the 4.5.1 release, this alpha release also features some additional privacy defenses.

In particular, this release re-enables the automatic window resizing fingerprinting defense that first appeared in 4.5a4. This defense can be disabled by setting the about:config pref extensions.torbutton.resize_windows to false, but please first report any issues you encounter on the feature's trac ticket.

This release also introduces a new defense against various forms of performance fingerprinting and time-based side channel attacks. A handful of new attacks have been published recently that take advantage of Javascript's high-performance timers to determine hardware performance, perform keystroke fingerprinting, extract history information, and even steal sensitive data from memory. Because this defense reduces the resolution of time available to Javascript to 100 milliseconds for all time sources, and to 250 milliseconds for keypress event timestamps, we are especially interested in hearing any reports about issues with HTML5 video, animation, or game sites. Hopefully you will have as much fun testing this defense as we will!

Here is the complete list of changes since Tor Browser 4.5:

  • All Platforms
    • Update Firefox to 31.7.0esr
    • Update meek to 0.18
    • Update Tor Launcher to 0.2.7.5
      • Translation updates only
    • Update Torbutton to 1.9.2.5
      • Bug 15837: Show descriptions if unchecking custom mode
      • Bug 15927: Force update of the NoScript UI when changing security level
      • Bug 15915: Hide circuit display if it is disabled.
      • Bug 14429: Improved automatic window resizing
      • Translation updates
    • Bug 15945: Disable NoScript's ClearClick protection for now
    • Bug 15933: Isolate by base (top-level) domain name instead of FQDN
    • Bug 15857: Fix file descriptor leak in updater that caused update failures
    • Bug 15899: Fix errors with downloading and displaying PDFs
    • Bug 15773: Enable ICU on OS X
    • Bug 1517: Reduce precision of time for Javascript
    • Bug 13670: Ensure OCSP requests respect URL bar domain isolation
    • Bug 13875: Improve the spoofing of window.devicePixelRatio
  • Windows
    • Bug 15872: Fix meek pluggable transport startup issue with Windows 7
  • Build System
    • Bug 15947: Support Ubuntu 14.04 LXC hosts via LXC_EXECUTE=lxc-execute env var
    • Bugs 15921+15922: Fix build errors during Mozilla Tryserver builds

Tor Browser 4.5.1 is released

A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.

Tor Browser 4.5.1 is based on Firefox ESR 31.7.0, which features important security updates to Firefox.

The 4.5.1 release also addresses several regressions and usability issues discovered during the 4.5 release. The most notable change is that we have slightly relaxed the first party isolation privacy property, due to issues encountered on several file hosting sites as well as other sites that host content on multiple subdomains. Tor Circuit use and tracking identifiers are now all isolated to the base (top-level) domain only, as opposed to the full domain name. This change is also consistent with the browser URL bar - isolation is now performed based on the bold portion of the website address in the URL bar.

We also have temporarily disabled the NoScript ClearClick clickjacking protection, as it was experiencing false positives due to changes in Tor Browser that cause errors in NoScript's evaluation of the content window. These issues were most commonly experienced with ReCaptcha captcha input, but occurred elsewhere as well.

With this release, 4.0 users will now be updated automatically to the 4.5 series.

Note to MacOS users: The update process for Mac OS 10.6 and 10.7 users will unfortunately not be automatic. You will be instructed to perform a manual download instead. Moreover, as of this release, 32 bit Macs are now officially unsupported. For more information, see the original end-of-life blog post.

Here is the list of changes since 4.5:

  • All Platforms
    • Update Firefox to 31.7.0esr
    • Update meek to 0.18
    • Update Tor Launcher to 0.2.7.5
      • Translation updates only
    • Update Torbutton to 1.9.2.3
      • Bug 15837: Show descriptions if unchecking custom mode
      • Bug 15927: Force update of the NoScript UI when changing security level
      • Bug 15915: Hide circuit display if it is disabled.
      • Translation updates
    • Bug 15945: Disable NoScript's ClearClick protection for now
    • Bug 15933: Isolate by base (top-level) domain name instead of FQDN
    • Bug 15857: Fix file descriptor leak in updater that caused update failures
    • Bug 15899: Fix errors with downloading and displaying PDFs
  • Windows
    • Bug 15872: Fix meek pluggable transport startup issue with Windows 7
  • Build System
    • Bug 15947: Support Ubuntu 14.04 LXC hosts via LXC_EXECUTE=lxc-execute env var
    • Bugs 15921+15922: Fix build errors during Mozilla Tryserver builds
Syndicate content Syndicate content