Strength in Numbers: Community Is Key

by isabela | November 21, 2018

This post is one in a series of blogs to complement our 2018 crowdfunding campaign, Strength in Numbers. Anonymity loves company, and the internet freedom movement is stronger when we fight together. Please donate today, and your gift will be matched by Mozilla.

Hello World!

This is my first blog post as the Tor Project’s Executive Director. I can’t express how excited I am for this next journey. I have been a Tor user and advocate since its early days, in the Vidalia times. Tor has come a long way, always evolving to provide a holistic solution for anonymity, security and privacy online.

Our year-end campaign is called Strength in Numbers, because many of the things that make Tor strong depend on size and diversity. You see, the beauty of Tor is that to achieve its goals of security, anonymity, and privacy, it must have a strong and vibrant community. We must have a decentralized network of volunteer-run servers to have a Tor network. And the higher the number of countries where these relays exist, the safer all communications running through them are. Therefore, Tor’s community must truly be a global one.

We also want Tor to be widely used by a variety of people in a variety of countries on a variety of platforms. I would like to share the short term vision I have been developing with the help of others in the Tor community for us to be able to achieve that. These are things that we want to drive our work for the next ~3 years:

  • A Mature Tor Project (organization/community)
    • Stable income flows from a diverse funding base
    • Diverse and robust organization that meets our needs
    • Strong organizational culture, focused on employee and volunteer happiness and stability
    • Global brand recognition - Tor means strong privacy
  • Full Access (product)

As you can see, one of our first goals is to diversify our funding base. It’s very important for any nonprofit organization to have diverse sources of income. But unrestricted donations, like the ones we get during end of year fundraising campaigns, not only help us diversify our funds, but also allow us to be agile in our work. We can easily allocate resources to whatever important events that requires our response, and reorder our priorities whenever needed. This is extremely important for any software development organization, especially one that provides essential safety to people in volatile locations like Tor.

Not everyone who uses Tor is in a situation where they can provide financial support. It’s so important that those of us who are able to give do, so those in harm’s way can communicate safely.

Won’t you help us with our important work? Please donate today.

donate button

tor-pic
Jon, Shari, Isa, Erin, and Ruby

And use Tor! As this year’s campaign t-shirt says, Anonymity Loves Company. The more people use Tor, the safer those who need it the most will be.

I look forward for the amazing work we will be doing in 2019 to achieve our goals. Thank you for being part of this community and for joining us on this journey. You help us keep Tor strong.

 

Comments

Please note that the comment area below has been archived.

November 21, 2018

Permalink

I see Isa in the top picture, but in the picture captioned "Jon, Shari, Isa, Erin, and Ruby" I don't. I hesitate to explain why I consider this somewhat disconcerting.

November 22, 2018

In reply to steph

Permalink

Some days it seems as though there is always something weird happening in this blog.

Here's the problem. In the picture I see four people, some of whom I thought I recognized. But the caption "Jon, Shari, Isa, Erin, and Ruby" mentions five people, does it not?

Is the joke that Isa is depicted abstractly, represented as the seal between the two pairs of visible people?

Oh wait, other penny just dropped: there are indeed four humans and one canine. OK, heh, yah got me. Ruby, first from right, who is I take it is biologically a canid, was hard to see and my vision is poor.

November 21, 2018

Permalink

These are all wonderful goals, and I love how well you kept the list short! The Tor user community faces so many dangers (technical, political, disinformational..) that it is easy to become overwhelmed. But if we always bear in mind the fact that our many many enemies have problems of their own, and if we acknowledge how far Tor Project has come in just the past few years towards achieving the goals you enumerate, we should always be able to find the hope, courage, and undying determination we need to struggle day by day to make Tor bigger, better, and globally accessible! On good days we might even have fun making the world a better place.

Everyone needs Tor. Now we just have to convince everyone of that fact, and figure out how to enable everyone to actually use Tor everyday for everything, even in such difficult environments as China or Russia (or, maybe soon, the USA).

November 21, 2018

Permalink

Won't you provide a standalone Tor for Linux as you do with TBB for Linux? Installing from source kills the user experience. Apt-get (and other package managers) would have to install Tor non-anonymously.

For instance, Tor for Windows has a GUI to install it and I can just unpack a Tor Browser and use it on Linux. A standalone Tor for Linux would have been a great UX improvement. I believe, that should improve the strength in numbers!

> Apt-get (and other package managers) would have to install Tor non-anonymously.

Actually, I believe that is not true, and I want every Tor user to know this. (TP could help get the word out by regularly posting a blog popularizing the facts I am about to cite. I know you can download debs this way but haven't tried downloading src.)

Please search for onion mirrors for debian.org, or look back in posts to this blog until you find the posts (at least two) which give the onion addresses and explain what you need (download apt-transport-tor from the Debian mirrors the usual way) to upgrade a Debian system via Tor.

> For instance, Tor for Windows has a GUI to install it and I can just unpack a Tor Browser and use it on Linux. A standalone Tor for Linux would have been a great UX improvement.

Huh? At the download page for torproject.org you find tarballs and detached signatures for Windows, MacOS, and Linux. If you run Tor Browser on a Linux system you should unpack the tarball for Linux somewhere (after verifying the signature of course).

If by "standalone Tor for Linux" you mean a tor client/server utility, you can find that in the Debian repositories and probably for other Linux distributions also.

> Apt-get (and other package managers) would have to install Tor non-anonymously.

Using apt does not provide less anonymity when installing tor than directly connecting to thetorproject.org since you can use apt-transport-https. And once you have tor installed you can use apt-transport-tor.

There are instructions for using apt over tor here (and in general) http://expyuzz4wqqyqhjn.onion/docs/debian.html.en#apt-over-tor.

November 22, 2018

Permalink

Congrats on your new job.

One very important point which you post does not address: for many years, TP (in the person of Roger D) has repeatedly insisted "no backsdoors, ever!". This assurance would mean much more if accompanied by a more detailed explanation of the definition of "backdoor". Tor users are worried in particular that USG will try to coerce TP into adding some kind of "backdoor", leveraging the fact that TP is currently organized legally as a US-based tax-exempt non-profit.

Among the kind of highly plausible backdoors USG might try to coerce TP into secretly adding:

o changing the parameters of some Tor-critical cryptographic protocol in a subtle way which quietly makes it much easier for NSA supercomputers to break at will,

o changing the parameters of a critical psuedorandom number generator used by Tor Browser for the same purpose (the Snowden leaks show that NSA has already attempted this at least once, which involved years of blatant full-bore lying to NIST employees),

o more direct legal assaults such as outlawing gpg and openssl entirely and forcing TP to use some kind of "key escrow" in some new NSA designed "crypto standard"; note that Mr. Joe Biden, a possible 2020 Presidential candidate, was directly involved in promoting the notorious Clipper Chip, and Biden makes no secret that if elected he intends to try again.

And as for the current US President, his open admiration for V. Putin and the authoritarian policies of that regime speak for themselves. So both "mainstream" US parties have openly declared their hostile intentions toward the Tor community.

Are you in a position to categorically state that TP will never cave into pressure from USG to change Tor software or Tor environment (volunteer nodes, Directory Authorities) in any way which will make it easier for USG agencies or contractors (or RU, CN, IR, BR, PK, IL, FR, UK, AU etc agencies or their contractors) or corporations (Amazon, Comcast, surveillance-as-a-service companies such as Hacking Team and NSO Group) to break into Tor network protected bitstreams or to obtain other sensitive information about Tor users and Tor infrastructure?

"Among the kind of highly plausible backdoors...". How about some affirmation (audit?) regarding this one:

- Keeping the notoriously curious, 3-rd party (and not committed to anonimity) supplied, NoScript as a part of every TB package?

Plus one. Cybersecurity news is full of stories, not all of them "scare stories", about schemes by governments or criminals to punt a cyberespionage ware as a "security product".

Why no answer? Does TP still say "no backdoors ever" or not? (Where backdoor means anything that weakens Tor, such as weakened PRNG, not just an escrowed "master key" or secret side door squirrelled away inside TOr code.)

See:

wired.com
Deputy AG Rod Rosenstein Is Still Calling for an Encryption Backdoor
Lily Hay Newman
29 Nov 2018

> Tension has existed for decades between law enforcement and privacy advocates over data encryption. The United States government has consistently lobbied for the creation of so-called backdoors in encryption schemes that would give law enforcement a way in to otherwise unreadable data. Meanwhile, cryptographers have universally decried the notion as unworkable. But at a cybercrime symposium at the Georgetown University Law School on Thursday, deputy attorney general Rod Rosenstein renewed the call.... But privacy advocates and cryptographers say that the creation of a cryptographic "master key" would represent a dangerous point of failure in crucial user protections. The paper "Keys Under Doormats" laid out the technological infeasibility of backdoor schemes in 2015. If a backdoor mechanism were independently discovered by bad actors, or stolen from the government, entire data protection schemes would be instantly undermined. That risk is all too real; it was just last year that WikiLeaks exposed a trove of CIA hacking secrets in its so-called Vault7 dump. And a leaked NSA spy tool called EternalBlue has caused devastating damage since it became public in 2017.

November 22, 2018

Permalink

That's funny a dog on pic ,which is his role on torproject.org? I'm kidding guys, love tor. To be honest I have seen him randomly while was watching the pic.Was well camouflaged, that's tor after all. ☺☺☺

November 24, 2018

Permalink

Crescer uma cebolla, alimentar o mundo.

Tudo passa tanto.

Desafortunadamente, quando todo mundo sabe, pessoas.

Alexa vendeu minha vida à Amazona.

Vosso vau rescinde em Xinjiang.

Minhas letras estão regressadas, mas não meus beijos.

Com frequência a morte chega pela manhã, como a canção de pássaros.

Esconderijo vossos substantivos.

Nunca escutar a conselho.