deterministic builds

Tor at the Reproducible Builds Workshop in Athens 2015

Being able to build Tor Browser several times in a row and getting exactly the same result each time has been an

32 comments

Tor Browser Bundle 3.0beta1 Released

The first beta release in the 3.0 series of the Tor Browser Bundle is now available from the Tor Package Archive:

30 comments

Deterministic Builds Part Two: Technical Details

This is the second post in a two-part series on the build security improvements in the Tor Browser Bundle 3.0 release cycle

11 comments

Tor Browser Bundle 3.0alpha4 Released

The third alpha release in the 3.0 series of the Tor Browser Bundle is now available from the Tor Package Archive:

56 comments

Deterministic Builds Part One: Cyberwar and Global Compromise

I've spent the past few months developing a new build system for the 3.0 series of the Tor Browser Bundle that produces

34 comments

Tor Browser Bundle 3.0alpha3 Released

The third alpha release in the 3.0 series of the Tor Browser Bundle is now available from the Tor Package Archive:

66 comments

Tor Browser Bundle 3.0alpha2 Released

The second alpha release in the 3.0 series of the Tor Browser Bundle is now available from the

28 comments

Upcoming Events

January 25, 2019

Tor Meetup (Athens)

February 02, 2019 - February 03, 2019

FOSDEM (Brussels)

February 06, 2019 - February 08, 2019

IT Defense (Stuttgart)

March 23, 2019 - March 24, 2019

LibrePlanet (Boston)

March 24, 2019 - March 27, 2019

KNOW 2019 (Vegas)

See All Upcoming Events

Recent Updates

Strength in Numbers: The Final Count Is In

One of the Tor Project’s ongoing goals has been to diversify our funding sources.

New Releases: Tor 0.3.5.7, 0.3.4.10, and 0.3.3.11

Tor 0.3.5.7 is the first stable release in its series; it includes compilation and portability fixes, and a fix for a severe problem affecting directory caches. Tor 0.3.4.10 and 0.3.3.11 are also released today; please see the official announcements for those releases if you are tracking older stable versions.

The Tor 0.3.5 series includes several new features and performance improvements, including client authorization for v3 onion services, cleanups to bootstrap reporting, support for improved bandwidth- measurement tools, experimental support for NSS in place of OpenSSL, and much more. It also begins a full reorganization of Tor's code layout, for improved modularity and maintainability in the future. Finally, there is the usual set of performance improvements and bugfixes that we try to do in every release series.

There are a couple of changes in the 0.3.5 that may affect compatibility. First, the default version for newly created onion services is now v3. Use the HiddenServiceVersion option if you want to override this. Second, some log messages related to bootstrapping have changed; if you use stem, you may need to update to the latest version so it will recognize them.

We have designated 0.3.5 as a "long-term support" (LTS) series: we will continue to patch major bugs in typical configurations of 0.3.5 until at least 1 Feb 2022. (We do not plan to provide long-term support for embedding, Rust support, NSS support, running a directory authority, or unsupported platforms. For these, you will need to stick with the latest stable release.)

Below are the changes since 0.3.5.6-rc. For a complete list of changes since 0.3.4.9, see the ReleaseNotes file.

Changes in version 0.3.5.7 - 2019-01-07

Major bugfixes (relay, directory):
- Always reactivate linked connections in the main loop so long as any linked connection has been active. Previously, connections serving directory information wouldn't get reactivated after the first chunk of data was sent (usually 32KB), which would prevent clients from bootstrapping. Fixes bug 28912; bugfix on 0.3.4.1-alpha. Patch by "cypherpunks3".
Minor features (compilation):
- When possible, place our warning flags in a separate file, to avoid flooding verbose build logs. Closes ticket 28924.

Strength in Numbers: Library Freedom Is Intellectual Freedom

Photo by Janko Ferlič on

Strength in Numbers: Usable Tools Don’t Need To Be Invasive

This post is one in a series of blogs to complement our 2018 crowdfunding campaign, Strength in Numbers. Anonymity loves company and we are all safer and stronger when we work together.