Runa's blog

Help create a Q&A site for Tor!

A couple of months ago, we created a proposal for a Tor Q&A page on Stack Exchange. The proposal moved into the commitment-phase shortly after, but we need more help to move the page into a live beta. If you would like to see a Q&A site for Tor, please visit our proposal page and click the "Commit!"-button:


Facebook and Tor

A number of users have noticed that Facebook is blocking connections from the Tor network. Facebook is not blocking Tor deliberately. However, a high volume of malicious activity across Tor exit nodes triggered Facebook's site integrity systems which are designed to protect people who use the service. Tor and Facebook are working together to find a resolution.

For further questions please contact us at

Update from Facebook on June 18, 2013, 2:30 PM EST: Facebook's site integrity systems detected automated malicious activity coming from a significant number of Tor exit nodes. In order to protect people while we investigated the problem, access via these nodes was temporarily suspended. This issue has now been resolved and Tor access routes to Facebook restored.

Help make a Tor Q&A page happen

We have been discussing setting up a Q&A page for a while now and have finally proposed a Stack Exchange page for Tor.

The detailed version about how we go from a proposal to a live page can be found in this FAQ, but here is a quick summary:

A user proposes a new page, other users follow said page, and users create and vote on hypothetical questions. Each user can only ask 5 questions and vote on other questions. Once the page reaches enough followers and questions with a high score, the page moves into the "Commit" phase. A small number of users will need to commit to help building the site. Once that's done, the page goes live and is considered to be in "Beta".

The proposal is currently in a "Definition" phase. To move to the next phase, we need (1) a high number of followers of the page, and (2) a collection of good, relevant questions.

If you want to help our Stack Exchange page happen, sign up on Stack Exchange, follow our proposal page, ask 5 questions, and vote on other questions.


New Tor Cloud images with obfs3

The Tor Cloud images have been updated to include the latest version of Ubuntu 12.04.2 LTS (Precise Pangolin). An instance created from any of the images will automatically be a normal bridge, an obfs2 bridge, and an obfs3 bridge.

When setting up an instance, please remember to edit the security group with the following rules: SSH (22), HTTPS (443), 40872, and 52176.

Forensic Analysis of Tor on Linux

As part of a deliverable for two of our sponsors (Sponsor J, Sponsor L), I have been working on a forensic analysis of the Tor Browser Bundle. In this three part series, I will summarize the most interesting or significant traces left behind after using the bundle. This post will cover Debian Linux (#8166), part two will cover Windows 7, and part three will cover OS X 10.8.


I set up a virtual machine with a fresh install of Debian 6.0 Squeeze, logged in once and shut it down cleanly. I then connected the virtual drive to another virtual machine and used dd to create an image of the drive. I also used hashdeep to compute hashes for every file on the drive, and rsync to copy all the files over to an external drive.

After having secured a copy of the clean virtual machine, I rebooted the system, connected an external drive, and copied the Tor Browser Bundle (version 2.3.25-6, 64-bit) from the external drive to my Debian home directory. I extracted the package archive and started the Tor Browser Bundle by running ./start-tor-browser inside the Tor Browser directory.

Once the Tor Browser was up and running, I browsed to a few pages, read a few paragraphs here and there, clicked on a few links, and then shut it down by closing the Tor Browser and clicking on the Exit-button in Vidalia. The Tor Browser did not crash and I did not see any error messages. I deleted the Tor Browser directory and the tarball using rm -rf.

I repeated the steps with dd, hashdeep, and rsync to create a copy of the tainted virtual machine.


Using hashdeep, I compared the hashes from the tainted virtual machine against the hashes from the clean virtual machine: 68 files had a hash that did not match any of the hashes in the clean set. The most interesting files are:

~/.local/share/gvfs-metadata/home: contains the filename of the Tor Browser Bundle tarball: tor-browser-gnu-linux-x86_64-2.3.25-5-dev-en-US.tar.gz. GVFS is the virtual filesystem for the GNOME desktop, so this result will probably vary depending on the window manager used. I have created #8695 for this issue.

~/.xsession-errors: contains the following string: “Window manager warning: Buggy client sent a _NET_ACTIVE_WINDOW message with a timestamp of 0 for 0x3800089 (Tor Browse)”. It is worth noting that a file named .xsession-errors.old could also exist. I have created #8696 for this issue.

~/.bash_history: contains a record of commands typed into the terminal. I started the Tor Browser Bundle from the command line, so this file contains lines such as ./start-tor-browser. I have created #8697 for this issue.

/var/log/daemon.log, /var/log/syslog, /var/log/kern.log, /var/log/messages: contains information about attached devices. I had an external drive attached to the virtual machine, so these files contain lines such as “Mounted /dev/sdb1 (Read-Write, label “THA”, NTFS 3.1)” and “Initializing USB Mass Storage driver…”.

Tor help desk expands with four more languages

When we first launched the Tor help desk back in November 2011, we provided support in English and Farsi. We recently expanded the help desk with four more languages: Arabic, French, Mandarin, and Spanish. The help desk is a best effort service with no guarantees, but we generally respond within 48 hours.

For support in English, email For other languages, try: for Arabic for Spanish for Farsi for French for Mandarin

Introduction to Digital Security With the CIJ

On Monday the 25th of March, the Centre for Investigative Journalism in London organized a free event where journalists could learn more about digital security. I was invited to speak about Tor, other speakers covered OTR, TrueCrypt, GPG, and mobile security.

The attendees were divided into five groups, and each speaker had 20-25 minutes with each group. I gave out USB sticks with the Tor Browser Bundle, the Pluggable Transports Bundle, the short user manual, and the 2012 annual report.

I talked a bit about the history of Tor and the Tor Project, discussed a few different threats, mentioned hidden services, listed a few examples of real world use, and helped everyone get the Tor Browser Bundle up and running. I did not have access to a projector or whiteboard, so I did my best to illustrate how Tor works by drawing boxes, arrows, blobs, and stick figures on a piece of paper.

A number of people asked if we had some sort of document or manual explaining all the topics covered at this event. I mentioned Security in a box and the FLOSS Manuals, but also pointed out that there is currently no single document available, that I am aware of, which explains all of these topics.

I have previously discussed creating such a document with the Rory Peck Trust, which is a London based organization that specializes in safety, security and professional development for freelance journalists. I mentioned this again when I met with them the day after the CIJ event, and I’m looking forward to seeing the end result in a few months.

Thanks to the Centre for Investigative Journalism for hosting the event and inviting me.

Training Journalists in Istanbul

After meeting with SOCA in London, I traveled to Istanbul to teach local and foreign journalists how to use Tor and Tails to keep themselves, their colleagues, and their sources safe online. I also met with the team behind Zero Day, a documentary about all things Internet security, to talk about Tor and the work that I do.

I met with foreign journalists on the first day and local journalists the day after. Around 30 people attended in total, and each training session lasted just over two hours. My presentation covered threats, how you can protect your communication, local data, and external data, as well as how to use the Tor Browser Bundle and Tails. I gave out USB sticks with the Tor Browser Bundle, the short user manual, and the CPJ Journalist Security Guide. PC users were also given USB sticks with Tails.


The feedback has been really positive from everyone who attended, and I have been told that those who were unable to attend have been given the material I handed out. There are some things that can be improved, however:

  • Tor does not prevent somebody watching your Internet traffic from learning that you’re using Tor. In some cases, the fact that you are using Tor and encrypting emails/chat/drives can be a red flag. I am not sure how to best address this in a presentation, other than just say that yes, it can be a red flag.
  • We talked about a few different risks, such as having your phone tapped, your email hacked, and your home or hotel room broken into. Having solid examples and stories helps a lot.
  • I introduced a lot of new technology in a short amount of time. Those who are not familiar with technology such as full disk encryption, GPG, and OTR, would benefit from a longer and more hands-on session.
  • The presentation included screenshots of encrypted email, encrypted chat, and the Tor Browser Bundle. Having a few videos that illustrate how it works, what the user sees, and what the new workflow is will make it easier to understand.
  • The presentation mentioned Bitlocker, FileVault, and TrueCrypt for full disk encryption, but did not go into details. I told everyone how to enable FileVault in OS X, and I should add these step-by-step instructions to the presentation.
  • Tor was originally designed, implemented, and deployed as a project of the U.S. Naval Research Laboratory. We also receive funding via U.S. government organizations. I covered this briefly in my presentation, but could have spent a bit more time talking about the Tor Project, Inc and why we are qualified to talk about Internet security and online anonymity.


I asked a few people to try out Tails and let me know if something was confusing, did not work, or could be improved:

  • Tails has very limited support for Apple hardware. 23 out of 30 attendees were Mac users. I tried booting Tails on my MacBook Air, but OS X was unable to find the USB stick.
  • I am used to the Tor Browser and was surprised to see that was not the default home page.
  • Firefox will start automatically once you are connected to the Internet. Most users did not wait for the Tails website to load before entering another URL in the address bar. Users did not question if they were actually using Tor.
  • One user waited for the Tails website to load, saw the green download button and then asked if he needed to upgrade to a newer version. I wonder if there is a way to let users know which version they are currently using.
  • A few users seemed confused when Pidgin automatically connected to IRC. I wonder if it would be better to have that disabled by default, and instead take users through the process of setting up their own accounts.
  • One user tried the email client, skipped the part where you set up the mail servers, and tried to write an email. I wonder if there is a way to improve this, as most users expect the mail client to work just like the one they are used to in their normal operating system.
  • Tails uses a US keyboard layout by default. This can be confusing for anyone with a different keyboard layout. A few users mentioned that the tap-touchpad-to-click functionality did not work.
  • One user pointed out that there is no logout or shutdown option available when using Tails in Windows XP mode.
  • The shutdown process can look a bit scary for anyone who is not used to Linux, especially the part where it wipes the memory. A friendly splash-screen of some sort would be good.

Thanks to my wonderful hosts for providing me with a place to stay, great food, suggestions on what to see in Istanbul, and for organizing and hosting the training sessions.

Syndicate content Syndicate content