Expect More From Tor in 2019

The Tor Project achieved a lot in the last year. We spent 2018 fighting for the fundamental human rights to privacy and freedom online and made our software more accessible than ever before.

In the last year, a significant shift took place in the public understanding of how big tech handles our sensitive, personal information, and how these companies build tools that further censorship in repressive places. For instance, Google’s leaked plans to launch a censored search engine in China were met with global protest. The world is watching.

At the Tor Project, this is an important moment in time. More people are looking for solutions to effectively protect their privacy. 93% of the people we met doing 1:1 usability studies said they knew they needed some protection online. More people need robust censorship circumvention tools as internet freedom declines around the world. More people understand the risks that come from surveillance as the business model of the internet. And we have been working hard to make Tor more accessible than ever before with the goal that anyone online can enjoy the protections our software provides.

In 2018, we:

  • Gave Tor Browser a UX overhaul with the launch of Tor Browser 8.0, making it easier and friendlier to use than ever.
  • Made it easier for people in countries that censor the internet and censor Tor to circumvent censorship with the ability to fetch bridges from inside Tor Browser.
  • Localized Tor Browser into 9 previously unsupported languages, bringing the number of available languages to 25.
  • Launched the alpha version of Tor Browser for Android.
  • Improved our Core Tor code for mobile devices, optimizing its performances and making it easier for third party mobile apps to embed Tor.
  • Traveled to meet our users face-to-face and get feedback without using popular and invasive data-collection practices.
  • Improved the security of v3 onion services with the vanguards add-on.
  • Published 10 research reports through OONI on censorship and network disruptions happening around the world.
  • Pulled in a record number of donations as we reduced our reliance on government funding. We received donations from 115 countries around the world.
  • Said goodbye to Shari Steele, who helped usher the Tor Project into a new stage of organizational maturity, and welcomed our new Executive Director, Isabela Bagueros.

These developments, plus the reality of threats everyone faces online, make 2019 the year to try Tor.

In 2019, our work is cut out for us. Online censorship has continued to increase around the world, particularly during political events like elections and protests, and surveillance capitalism is flourishing. We know our work plays an important part in ensuring that people fighting back against injustice are able to stay safe online, and we are ready for the challenges ahead.

To meet those challenges, this year we will:

  • Launch the stable version of Tor Browser for Android, the first official version of Tor Browser for mobile devices.
  • Improve the battery and memory consumption of Tor software.
  • Offer even more localized Tor resources and support.
  • Launch an overhaul of our website which matches our styleguide and features multiple portals for improved navigation.
  • Continue to diversify our funding sources.
  • Work with our newly formed anti-censorship team to address the rising demand for more reliable means of circumventing censorship where Tor is blocked.
  • Reach out to more communities in the Global South, training them on Tor and capacitating more people locally to become trainers themselves.

And there’s more to come.

If you want to help out, there are many ways to get involved with Tor. Run a relay to make the network faster and more decentralized, collect evidence of internet censorship by running OONI Probe, get your local library involved with the Library Freedom Project, or learn about each of our teams and start collaborating. You can also stand up for the universal human rights to privacy and freedom and help keep Tor robust and secure by making a donation.

To keep up with our progress this year, and to receive updates and opportunities to get involved, subscribe to Tor News.

 

Anonymous

January 30, 2019

Permalink

> For instance, Google’s leaked plans to launch a censored search engine in China were met with global protest. The world is watching.

Even better: Google's own employees revolted, forcing Google to step back from this evil plan. (Continued attention is needed to ensure that Google cannot quietly resume work on censorbrowser without a backlash.)

Further, when Amazon was caught selling horrific facial-recognition systems to US cops, Amazon employees revolted. Even more amazing, the -stockholders- revolted (woof!), forcing Amazon to step back from their evil "surveillance-as-a-service" scheme.

For many years, Tor users have urged software engineers to refuse to work for NSA or surveillance-as-a-service companies such as Gamma, Hacking Team, NSO Group (to name the three most notorious examples), and recent developments suggest that the very people the Surveillance State (and surveillance capitalism generally) need in order to "function" are beginning to refuse to perform such evil work. That's wonderful because it suggests that the US Military-Surveillance-Industrial Complex is beginning to collapse under its own weight. That would be very good news for all people everywhere, including and especially Americans.

The listed achievements from 2018 are all very positive and should convince people that resistance is possible, that the Privacy Wars might even be eventually won by The People, not the governments.

The listed goals are all wonderful, and I am very relieved to see this:

> Continue to diversify our funding sources.

But I am troubled by the absence of another critically important goal which is needed to ensure Tor's survival as a tool useful to endangered people all over the world:

>> Work to prevent the US Congress from mandating backdoors (a term which requires careful and sufficiently broad definition) in every software which uses strong encryption, especially Tor.

Here, "backdoor" should be defined broadly to mean anything which weak the security of anything which is needed to use Tor. The definition should take account of the fact that cryptography accomplishes three requirements needed to keep Tor users safe(r):

o data-in-motion privacy (we need to prevent NSA from easily reading bitstreams in Tor circuits)

o data-in-motion integrity (we need to prevent NSA from easily modifying data passing through Tor circuits)

o authentication (for example, we need to prevent NSA from easily impersonating the onion server a user is trying to reach using a Tor circuit, say the onion for www.torproject.org)

This means that "backdoors" could include

o key escrow (as proposed by then Sen. Biden, NSA's shill, during the first Crypto Wars),

o ghosts (as proposed currently by GCHQ, the UK's counterpart of NSA),

o quietly crippling pseudorandom number generators used for cryptographic processing by Tor clients/servers (or verification of Tor Browser tarballs or Tails ISO images)--- the Snowden leaks showed that NSA already came close to fooling NIST into enshrining as a global standard a PRNG which NSA had secretly crippled,

Further, mandates which render Tor "covertly insecure by design" need not take the form of a mandatory backdoor of some kind, but could come in the form of a mandate making it illegal for Tor Project (or Tails Project or Debian Project or...) to provide a mechanism (such as GPG detached signatures of ISO images) which enables users to verify that the tarball or ISO image has not been modified in transit by NSA--- the Snowden leaks show that NSA has extensive programs to modify software downloads on the fly; these tricks are absurdly easy for them if there is not cryptographic authentication that the software is not modified in transit from the download server to the user's computer.

Indeed, Tor does not exist in a vacuum, and mandates which cripple other essential functions of the Internet could also render Tor use unsafe or effectively illegal.

I beg Isabela to add the goal of working to prevent such a disaster, by reaching out to

o organizations like EFF, ACLU, EPIC, Privacy International, HRW, Amnesty,

o good tech reporters at media orgs like The Intercept, Slate, Pro Publica,

o US politicians

to try to

o counter smears by FBI shills in the mainstream media by ensuring that comments from TP are included in articles about "Going Dark",

o ensure that TP is represented at hearings in the US Congress on "Going Dark".

The urgency of this goal is underscored by the fact that news reports from media sites such as thehill.com say that members of the U.S. Congress are mentioning banning strong cryptography in the US (and thus, in essence, everywhere) as a something likely to pass in 2019 as a "bipartisan" measure. I stress that powerful politicians from both parties are strongly in favor of this, including Feinstein, Pelosi, Harris, all the Republicans, former FBI Director Comey, current FBI DIrector Wray, and quite possibly Former FBI Director Mueller (a person whom mainstream Democrats seem to think will singlehandedly save the swamp, an outcome which I consider unlikely). Thus, I urge TP to contact members such as Ted Lieu (on the D side) and Ron Paul (on the R/Libertarian side) and work with them to find other members among the Progressive Caucus, libertarians, and old school conservatives who might join our cause. Also, some of the leaders who helped win the First Crypto Wars for The People are still in the Senate, such as Maria Cantwell and Patty Murray of Washington State. They have so far been too pusillanimous to take a position against the calls coming from every side to outlaw strong citizen encryption, and TP should work with groups like EFF and ACLU to try to persuade them to take a stand.

I would add Sen. Ron Wyden to your list of Congress people to consider contacting, and I would add the Freedom of the Press Foundation (they and ProPublica have an onion service!) to your list of organizations.

But, to Tor Project:
Research each Congress person beforehand, and before contacting anyone, be mindful that sometime before July 2016, readable access to the email inboxes of over 42 Democrats in Congress and of members of the House Democratic Caucus was given -- against House rules -- to 5 sysadmins, one of whom, Imran Awan, was a staffer of Rep. Debbie Wasserman Schultz (D-Fla.). The access was discovered and reported by House Inspector General Theresa M. Grafenstinein in July 2016 but was kept quiet and stalled by the leading members of both the Democratic and Republican parties, even from their members in Congress, through the 2016 presidential election until January 2017 when her report was released and the sysadmins' privileges were revoked. Grafenstine was unanimously appointed in 2010 by the leaders of the two dominant parties in the House (when the Democratic party held Congress and the presidency), and the office of Inspector General is nonpartisan. Schultz accused investigators of being anti-Muslim and kept Awan on her payroll until July 2017 after the FBI charged him with bank fraud in a different investigation. If leading members of the establishment inside any party have eavesdropped on communications to their members or to one another out of a fear of dissent or a scheme for coercion, their positions of power in their parties would definitely seduce them to want to try and do it again. Keep that firmly in mind when you communicate with Congress.

Full Measure with Sharyl Attkisson - April 29, 2018 - Cybersecurity
https://www.youtube.com/watch?v=I6eVc2xX0Ig

Oh gosh, Ron Wyden, FOTPF, how did I forget to mention them? Yes, plus one, contact them!

The advice to research the background (e.g. voting record, public statements) before reaching out to politicians is good advice. Well funded entities generally hired professional lobbyists who know what their clients need to know about such things, but TP will probably have to spend a few minutes with Wikipedia in lieu of such luxuries.

Citing Sharyl Attkisson underscores the fact that both far-left-wing and far-right-wing journalists can easily become particular targets of professional spies, including mercenaries hired by corporations or foreign adversary nations. Here is a story published today, just one of many examples once could cite:

thehill.com
Ex-US intel agents helped UAE hack phones of critics: report
Emily Birnbaum
30 Jan 2019

> A team that included more than a dozen former U.S. intelligence operatives hacked into the phones of rivals of the United Arab Emirates (UAE) as part of a clandestine operation brought to light in a new Reuters report. Project Raven, an effort that included U.S. operatives working with the UAE government, spied on and hacked the phone activity of activists, foreign governments and militants whom the UAE saw as a threat, according to the Reuters investigation.

That said, I would urge anyone who follows Attkisson's "investigative journalism" to be careful about accepting uncritically the many explosive charges she has made over the years. Some, such as her claim (if I understand correctly) that the "fake news" phenomenon is itself a fake meme created by US "leftists", is clearly wrong as readers of this blog will no doubt appreciate from past discussions of IRA, Gamergate, etc. Others, such as her claim to have been hacked by USIC cyberspies while working for CBS, are on the face of things not implausible, but when one looks at the details she provides, IMO her claims appear to be based upon elementary misconceptions. Indeed, I suspect that Attkisson may have mistaken corporate spying by CBS News on their own reporters--- I don't know if CBS does that but certainly Bloomberg News was caught doing exactly that--- for USIC cyberespionage.

To be sure, at times even a bad or biased reporter might uncover something that more skilled investigative reporters should look into. The trouble is, this is unlikely to happen even if Attkisson uncovered some genuine abuse, given her reputation for extremist bias and woefully inadequate understanding of the issues she writes about. Good journalism always involves a great deal of nuanced reporting published after consulting with recognized subject matter experts--- IMO Attkisson's writings appear to be very far from that ideal.

Some examples of obligatory "nuances": the phenomenon of cyberespionage-as-a-service companies hired by ugly corporations, sociopathic Hollywood magnates, or foreign "adversary nations" in order to target business rivals, legal adversaries, journalists, environmentalists, and political dissidents is genuine (see citizenlab.ca), but that does not mean that Attkisson has correctly understood her CBS cyberexperience. The phenomenon of RU manipulation of US social media, and to some extent RU meddling in US elections, is real, but so is the longstanding phenomenon of CIA interference in the elections of other nations, including both nominal allies (Greece, Italy, Turkey, and many many more) and adversaries (Russia). The phenomenon of global corporate and political corruption is real, as is the widespread practice of money laundering by wealthy persons, including the looting of national treasuries, but unbiased reporters who are not merely shills for the CN (China Daily), RU (Sputnik News), or US (ABC/CBS/NBC News and arguably WaPo, WSJ and many more) financial/political elites will not restrict their reporting to corruption only by RU officials, or only by US officials, or only officials of CN, IN, TK, etc.

One wonders: to all this, what would Snowden say?

When reaching out to members of Congress, it would be wise to take any opportunity to tutor them in using tools like Onion Share to protect themselves and their staff from cyberespionage generally, and also to be ready to cite various common misconceptions such as mistaking common and not necessarily superevil cyberprobes for something deeply nefarious, or misunderstanding the nature of state-sponsored disinformation, trolling, and other cybersuasion techniques.

You are talking about the proposal by GCHQ (acting as a USIC shill) to legally mandate "ghosts", right? As studied in this post:

eff.org
Detecting Ghosts By Reverse Engineering: Who Ya Gonna Call?
Nate Cardozo and Seth Schoen
23 Jan 2019

Note: the highly respected EFF researcher Nate Cardozo has just been hired away by... wait for it... Facebook. In a move widely seen as a desperate attempt to dissuade Congress from privacy regulations, by seeming to "take privacy seriously".

This (the 21st) evidently desires to become the most bewildering century in human history! Also possibly the last century in human history...

Members of the US federal congress see two opportunities for bipartisan action in 2020. The first, proposals to ban unbackdoored cryptography, would be very bad for the Tor community and for the cybersecurity of American citizens, organizations, banks, businesses, and government agencies. The second, proposals to enact strong consumer privacy laws, could be good--- provided the bills are not doctored to include so many loopholes that they become ineffective, or even worse, enshrine as "legal and valid" the kinds of abuses by entities like NSO Group, Cambridge Analytica, SEI CERT/CC, etc, which have filled the headlines in recent years.

I hope Tor Project leadership is reading the many pro-privacy editorials being published all over, with due caution because some are anti-privacy essays disguised as pro-privacy editorials written by Deep State swamp shills. It can be hard to tell the difference at a glance. In the following story a worrisome author affiliation will ring some alarm bells, but let's not jump to conclusions:

thehill.com
Congress, make privacy the rule — not the exception
Lorrie Cranor and Norman Sadeh, opinion contributor
1 Feb 2019

> Privacy scandals are running amok, millions of cybersecurity jobs remain unfilled, and almost every American adult's personal information is in the hands of criminal hackers. This isn't hyperbole nor is it the work of dark science fiction— it’s reality. However, with an abundance of fresh eyes and minds, the 116th Congress has the potential to make significant headway to ensure our data is protected by prioritizing three key actions in 2019...

Nuances: the authors are affiliated with a unit of Carnegie-Mellon University, which appears to be quite different from the unit of Software Engineering Institute (SEI)--- a think tank sited on the grounds of Carnegie-Mellon University--- which is said to have helped FBI target the Tor network:

https://en.wikipedia.org/wiki/CERT/CC

Still, this apparent distinction should be carefully verified.

I urge TP to cautiously reach out to the authors of such editorials (after a bit of research) to help you identify members of Congress who might be willing to lend a sympathetic ear to human rights issues and to TP's role in protecting citizens of the USA and other countries from bad actors in CN, RU, IR, USA, etc. In particular, I believe TP should demonstrate what Tor and allied tools such as Onion Share can do for congressional staffers themselves. Given FBI's war on Republicans this might be an easier sell on that side of the isle, but I believe it is the Progressives who are most at risk from The Swamp.

Anonymous

January 30, 2019

Permalink

I look forward to TB for Android and hope this will be a magic app which leads to an explosion of Tor use everywhere in the world (hopefully matched by an explosion in the number of citizen operators of friendly Tor nodes)!

Any comments on the latest security flaw in Google's best beloved smart phone competitor?

Two more goals I'd love to see, which I think could also be game changers:

o resume work on Tor Messenger, perhaps rewriting it from scratch,

o provide torified encrypted text message software which works (ideally) for desktops, laptops, and phones (tall order, I know, but let's think big).

From a Tor Blog post back in April 2018:

https://blog.torproject.org/sunsetting-tor-messenger
Sunsetting Tor Messenger
sukhbir
2 Apr 2018

> In 2015, we introduced Tor Messenger, a cross-platform chat program that aimed to be secure by default by sending all of its traffic over Tor and enforcing encrypted one-to-one conversations by bundling and using OTR (Off-the-Record) messaging. The aim was to provide a chat client that supported a wide variety of transport networks like Jabber (XMPP), IRC, Google Talk, Facebook, Twitter; had an easy-to-use graphical interface; and configured most of the security and privacy settings automatically with minimal user intervention.

[... but problems were encountered and possibly an NSL with gag order was delivered, so...]

> Given these circumstances, we decided it's best to discontinue rather than ship an incomplete product.

aw shucks, snailslimeitall, amiright?

I hope the history of the 21st century does not include this lament:

First they came for Tor Messenger, but I didn't know they had, so I didn't speak up. Then they came for Tor, and it was too late to speak up.

Anonymous

January 30, 2019

Permalink

> Reach out to more communities in the Global South,

Not a moment too soon, given very worrisome developments in Latin America.

Re the "global south", this article by historian Vijay Prashad (an expert on the long-lasting deleterious effects of a colonial heritage) should help Tor Community members who are not already familiar with the long and revolting history of CIA "interventions" in South America to understand why TP must expect to be asked to prove its thoroughly reformed character (pointing at former funding from USG "soft power" entities with deep ties to CIA):

salon.com
The U.S. 12-step method to conduct regime change
What is happening to Venezuela is nothing unique in U.S. history
Vijay Prashad
2 Feb 2019

Anonymous

January 30, 2019

Permalink

Big mouth with small result I guess.

When can we use https on .onion webpages?

Your browser show "Error code:SEC_ERROR_UNKNOWN_ISSUER" but the address bar shows green onion + padlock icon.

Can't you ignore Error code: SEC_ERROR_UNKNOWN_ISSUER already?

Hi, Georg,

I sympathize with the lack of time/personpower, but please answer the following question about a very odd and very relevant PKI certificate, which Tor Project has been ducking for more than a year:

When at least two distinct Tor Browser users visit blog.torproject.org, we see a green lock icon, but when we export the certificate and then look at it using the standard Linux command

openssl x509 -text -in filname

we see

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03::e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
Validity
Not Before: Feb 1 18:22:06 2019 GMT
Not After : May 2 18:22:06 2019 GMT
Subject: CN = -fe2.pantheonsite.io
....

X509v3 Subject Alternative Name:
DNS:.pantheonsite.io, DNS:adirondackestates.com, DNS:afscmeatwork.org, DNS:alacrityfoundation.co.uk, DNS:app-dev.discoverlosangeles.com, DNS:blog.torproject.org, DNS:blogs.creditcards.com, DNS:bricklayers.org, DNS:canolagrowers.com, DNS:canopycoffees.com, DNS:cbizgibraltar.com, DNS:cfn.live.square360.pub, DNS:cfn.test.square360.pub, DNS:cobblestonebreadco.com, DNS:cornertocornerproductions.com, DNS:cosmosxtracts.com, DNS:dev-www.eric.pe, DNS:dev.gentlegiant.com, DNS:dev.m4dlink.org, DNS:drupal414.com, DNS:ets.wehopact.org, DNS:fe4.edge.pantheon.io, DNS:forensicon.com, DNS:fraserbesantlighting.co.uk, DNS:gridalternatives.org, DNS:honoryourcode.com, DNS:jaarverslag.devoorzorg-bondmoyson.be, DNS:kiid.smith.williamson.co.uk, DNS:login.afscmeworks.org, DNS:m.pressregister.com, DNS:magneti.com, DNS:mathagent.com, DNS:nexiasmith.williamson.co.uk, DNS:ohiograntmakers.org, DNS:onesteamboatplace.com, DNS:pernod-ricard-india.com, DNS:philanthropyohio.org, DNS:pressregister.com, DNS:professionalsciencemasters.org, DNS:sciencemasters.com, DNS:search.physicianslocal.com, DNS:selfscan.security.utexas.edu, DNS:solofoods.com, DNS:submityourcocktail.com, DNS:superstarsliteracy.org, DNS:templebnaichaim.org, DNS:templeemanuel.org, DNS:truthrevolt.org, DNS:weare.designit.com, DNS:wellingtonyachts.com, DNS:whistlerathletescentre.com, DNS:worlddiabetesfoundation.org, DNS:www-test.drupal414.com, DNS:www.adirondackestates.com, DNS:www.alacrityfoundation.co.uk, DNS:www.asif2018.com, DNS:www.canolagrowers.com, DNS:www.cbizgibraltar.com, DNS:www.ccpunited.org, DNS:www.cobblestonebreadco.com, DNS:www.cornertocornerproductions.com, DNS:www.dev.m4dlink.org, DNS:www.drupal414.com, DNS:www.forensicon.com, DNS:www.fraserbesantlighting.co.uk, DNS:www.gridalternatives.org, DNS:www.honorsday.utexas.edu, DNS:www.honoryourcode.com, DNS:www.hpcfgiving.com, DNS:www.kiid.smith.williamson.co.uk, DNS:www.linkalab.it, DNS:www.magneti.com, DNS:www.mathagent.com, DNS:www.myrepublic.qotient.com, DNS:www.nexiasmith.williamson.co.uk, DNS:www.nomorestolenelections.org, DNS:www.ohiograntmakers.org, DNS:www.onesteamboatplace.com, DNS:www.oxfam.org.nz, DNS:www.oxfamsmorningtea.org.nz, DNS:www.pernod-ricard-india.com, DNS:www.philanthropyohio.org, DNS:www.pressregister.com, DNS:www.professionalsciencemasters.org, DNS:www.ralphselectricappliances.com, DNS:www.safeguardtheguard.org, DNS:www.sciencemasters.com, DNS:www.shutthechamber.org, DNS:www.solidaritywith.us, DNS:www.solofoods.com, DNS:www.stfrancescabrini-brooklyn.org, DNS:www.submityourcocktail.com, DNS:www.superstarsliteracy.org, DNS:www.toshiba.qotient.com, DNS:www.truthrevolt.org, DNS:www.universalizingresistance.org, DNS:www.wellingtonyachts.com, DNS:www.whistlerathletescentre.com, DNS:www.wisconsinwave.org, DNS:www.worlddiabetesfoundation.org
...

So this certificate appears to be issued not to Tor Project at all, but to a particular server affiliated with the domain pantheonsite.io, whatever that is. Further, this server appears to host a large number of websites unaffiliated with Tor Project, some of which are quite alarming because of their connection to actions by surveillance-as-a-service companies. In particular afscmeatwork.org appears to be a blog affiliated with AFSCME, a union of US government worker which is a likely target of state-sponsored hacking by "adversary nations" as well as surveillance-as-service companies hired by entities such as the Koch and Adelson families in connection with their anti-union and USG-downsizing campaigns. (Some wealthy republicans think government worker unions favor Democrats and thus have targeted them for elimination by destroying their membership's abilities to pay union dues.)

Also troubling is forensicon.com, which appears to be perform "computer forensics", a term which these days often covers "active defense", i.e. hacking, and "remote forensics", i.e. illicit cyberintrusions. Further, some of the above domains appear to correspond to political campaigns (generally by left-leaning candidates who happen to identify as American Muslims, and who might therefore be targets of FBI snooping, just like Tor blog.

IMO members of the Tor community deserve a genuine official response from Tor Project to the questions which are raised by the strange certificate for this very blog. What gives?

Hi, Georg,

The PKI certificates for www.torproject.org and blog.torproject.org appear to be quite different, and this could easily lead to confusion. Certainly it has confused at least two long time Tor users.

Both certs are issued by Let's Encrypt, which makes sense since former Executive Director Shari Steele formerly worked at EFF, which is the NGO behind Let's Encrypt, a "free as in free beer" certificate authority. (But you get the value you paid for and maybe Tor Project security is worth more to us than zero cents.) The first cert is issued to Tor Project Inc (whew!) but the second cert is issued to "fe2.pantheonsite.io", which is apt to distress blog readers who notice that the certificate is not actually alleging to guarantee that one is connecting to a Tor Project site at all, but only alleging to guarantee that one is connecting to a site associated with a mystery domain.

Can you confirm that blog.torproject.org is hosted on a Google cloud server (...fe2.pantheonsite.io) operated by Pantheon Systems, a San Francisco based Drupal and WordPress powered webhosting company?

It seems that Pantheon Systems was founded in 2010 using money provided by at least two venture capital firms

o First Round Capital, which launched Uber (massive breaches), Square (databroker), etc

o Scale Venture Partners, which is the venture capital arm of Bank of America (apparently considered hiring a now defunct cyberwar-as-a-service company, HB Gary Federal, to attack Glenn Greenwald, Jacob Appelbaum, and others),

So the venture capital money comes from people who are certainly no friends of ours, and the server is hosted by Google, which has given grants to Tor Project, which sounds awfully nice of them, until one remembers that Google is widely acknowledged to be one of the worst offenders against privacy in the entire world, e.g. they are trying to sell to CN "Dragonfly", better known as "CensorBrowser".

I'm sympathetic to lack of funding and time to find a better webhost, but assuming that the blog really is hosted on a Pantheon Systems site held in the Google cloud, I think this issue should be bumped up a few notches. At the very least, TP should post an official explanation of the meaning of what wary Tor users see when they look under the hood of the PKI certs.

Is the reason for this long unexplained discrepancy that TP has worked out a compromise with FBI, by which FBI punts NIT malware to visitors to blog.torproject.org but does not yet insist upon trojaning sofware at www.torproject.org? If so, some brave person needs to defy the gag order by holding a press conference and disclosing the NSL. Maybe me--- just give me a copy of that NSL!

No need for any conspiracy theories. The blog is hosted by Pantheon since we migrated away from the old setup 2 years ago, which was only available due to a lot of duct tape, constant kicking, and praying. (Hence the certificate) There are drawbacks with that solution (like no easy .onion support), but that's where we are. We expect that nothing will change regarding the hosting in the coming 6-12months at least.

> The blog is hosted by Pantheon since we migrated away from the old setup 2 years ago

Thank you for taking the time to confirm that simple fact. (Users have been asking for an explanation for more than a year and it has been pretty worrisome to be stonewalled for so long.)

What worries me is that Pantheon (not TP) might be confronted with an FBI demand (accompanied with a gag order) requiring them to help FBI compromise content served to blog readers, or even worse, to help FBI compromise TP's network when authorized users post to the blog, and no one at TP (much less the users) would ever know. Does Pantheon at least assure TP that it would fight to unseal any secret subpoena targeting the Tor blog?

> We expect that nothing will change regarding the hosting in the coming 6-12months at least

If I understand what you are saying correctly, TP cannot generate a proper certificate (issued to "Tor Project" instead of "fe2.pantheonsite.io") without finding a new webhost for the blog. (You didn't mention this, but I can understand why for better cybersecurity TP might well want the blog to be on a different server from the rest of the TP public facing network.) But can't wealthy patrons (Google?) donate a server for TP do use just for the blog? Couldn't EFF then issue a (good) certificate similar to the (good) www.torproject.org certificate?

> No need for any conspiracy theories.

I think that phrase is inappropriate. Here is why:

As you know, Riseup Labs, the research arm of Riseup Networks, helps Tails Project (a sister of Tor Project), runs some Tor nodes, and does other things for the Tor community. You may recall that in the summer of 2016, many Riseup users began to ask why the Riseup warrant canary had not been updated on schedule. The responses received were not reassuring. By Nov 2016 the mysterious omission was even being covered in the press:

zdnet.com
Riseup email service sparks concern after warrant canary 'expires'
Warrant canaries are useful but flawed when not implemented properly.
Zack Whittaker
26 Nov 2016

> Questions remain about the status of encrypted email and messaging service Riseup.net after several users this week noticed that the service's warrant canary had apparently expired. Discussions on both Hacker News and Reddit have led some to believe that the service, which is popular with activists and journalists, has been served with a secret surveillance order, because its warrant canary -- issued quarterly -- had not been updated before the three-month deadline.

Months later, Riseup was finally permitted to confirm what users had feared:

computing.co.uk
Riseup confirms receipt of FBI warrant and gagging order
Users wondering about the non-renewal of Riseup's warrant canary have their suspicions confirmed
Riseup confirms receipt of FBI warrant and gagging order
John Leonard
17 Feb 2017

> RISEUP, the Seattle-based collective that provides secure online communication tools designed for social activists, has confirmed that it received warrants from the FBI to inspect two users' emails. Riseup users had warned on social media that the group's "warrant canary" - a statement confirming that an organisation has not been issued with a court order to compromise users' details - had not been updated for the Winter 2016 quarter, a sign that the group may have been served with a gagging order preventing it from notifying its users of a warrant. In November, Riseup issued a cryptic tweet, which users interpreted as a reference to the non-renewal of the warrant canary, saying: "Listen to the hummingbird, whose wings you cannot see, listen to the hummingbird, don't listen to me. #LeonardCohen". The organisation has now confirmed that it received both a warrant from the FBI to inspect the emails of two users, alongside a gagging order preventing Riseup from going public.

Riseup's press statement about this has been deleted from riseup.net (possibly because Riseup eventually agreed with users that the whole episode was badly handled), but it read in part:

riseup.net
Riseup moves to encrypted email in response to legal requests.
16 Feb 2017

> After exhausting our legal options, Riseup recently chose to comply with two sealed warrants from the FBI, rather than facing contempt of court (which would have resulted in jail time for Riseup birds and/or termination of the Riseup organization)... There was a “gag order” that prevented us from disclosing even the existence of these warrants until now. This was also the reason why we could not update our “Canary” 2.

Tor users can only hope that Tor Project has some way to reduce the likelihood that Tor Project will ever have to make such a miserable statement. (But Riseup did do the right thing by fighting the gag order in Court until it was eventually permitted to reveal the surveillance.)

According to Riseup, FBI claimed that the compromised email accounts had been used in a manner which violates Riseup's code of ethics, but AFAIK FBI never charged anyone, raising the possibility that FBI was wrong or perhaps did not care whether the assertions under which some court granted the secret warrants were truthful. And what's to stop FBI from issuing an administrative subpoena accomapnied by a gag order which targets *all* Riseup users, or *all* Tor users?

It seems to me that this story shows pretty clearly that the possibility that Tor Project or a close ally such as Riseup might receive an NSL or other subpoena accompanied by a gag order should be characterized as "a verifiable fact" rather than as "a conspiracy theory".

A worrisome apparent (?) parallel with the 2016 episode is that Riseup users knew something was wrong for many months, but Riseup evaded or stonewalled all questions. The response of Tor Project to questions whether TP has also received NSLs or subpoenas accompanied by a gag order has always been evasive, and it is almost impossible for users not to be concerned that the reason is the same as it was in the case of Riseup in the autumn of 2016.

Fixing the blog issue would help clear up some of these concerns. In any case, comparing the certificates for www.torproject.org (good) and blog.torproject.org (bad) highlights the greater concern, that FBI might in future demand that TP cease offering means for users to verify the detached signatures of Tor products, especially Tor Browser, perhaps by forbidding TP from updating its GPG keys, or forbidding TP from providing signatures at all. As noted above, this could be taken as some to mean that FBI has not mandated that TP put a "backdoor" in Tor software, but this would be irrelevant if FBI is inserting malware on the fly as users download the latest tarball without any means to guarantee that the content received is the same as the content as stored at www.torproject.org.

Thanks for listening!

Anonymous

January 31, 2019

Permalink

Sandboxing Tor Browser should be a priority too. "Sandboxed tor browser" was a good project.

Anonymous

January 31, 2019

Permalink

Thank you. Appreciate you work and I support the movement of Fighting for the rights to privately utilise the internet freely.
Malaysia.

Anonymous

February 02, 2019

Permalink

What is cloudflare and why is it all over tor?I used to easily get past it but it now seems to be everywhere?It was simple to get around it before the new update to 8.0.5.Now i'm blocked from my usual access to the dw?Can anyone help with a way around this annoying "service"?

Anonymous

February 02, 2019

Permalink

This would be a good year to stop making the exits public. There is already widespread blocking of Tor by commercial and even U.S. government websites (e.g. fda.gov) which citizens should be able to access anonymously.

The design of Tor doesn't allow this. While the Tor Project doesn't have to publish a list, it can't stop anyone else from publishing such a list. Relay and clients have to know the IP of every relay to be able to connect to them.

Anonymous

February 02, 2019

Permalink

Thanks for everything you folks do to develop this browser, it could soon be the new standard of the internet.

Anonymous

February 04, 2019

Permalink

Torbrowser should provide a better defence against mouse movement fingerprinting that is widely used by many popular web sites (e.g. YouTube). IMO , it's not enough to say "turn off javascript" ...

Plus one!

Also needed: effective defenses against stylometry.

I'd like to see a version of gedit which computes the entropy of each word or phrase in the draft (using frequencies from the Google trillion word corpus) and suggests higher entropy equivalents which the user can choose to substitute or not, similarly to using the spellchecker.

Anonymous

February 04, 2019

Permalink

As we confront "Going Dark" hysteria which threatens the very existence of Tor, and the unhappy prospect of yet another US military intervention in a Latin American country experiencing political turmoil, it is intriguing to speculate that if George Washington were still alive, he might well be arguing in NYT opinion pieces that America's decline is due to bad Karma resulting from a century of bad behavior, mostly at the hands of agencies like CIA.

thehill.com
How Americans first defined greatness
Jane Hampton Cook, opinion contributor
4 Feb 2019

> Washington also tied America’s greatness to virtue. “Can it be, that Providence has not connected the permanent felicity of a Nation with its virtue? The experiment, at least, is recommended by every sentiment which ennobles human nature,” the first [American] president [wrote] in his Farewell Address.

Many years earlier, during the ultimately successful siege of Boston by the insurrectionists (Washington's first military campaign against the British Empire), the recently appointed Commander in Chief received a packet of poems from an unlikely source, an immigrant who had been forcibly transported to the US from Senegal as a child. In a stellar example of how much more amazing (dare one say inspiring?) is true history than the bowdlerized versions offered in American schoolbooks, her owners (hateful word!), a Boston family, recognized her extraordinary literary talent and saw that she obtained a fine classical education, including the study of classical Greek. Indeed, Wheatley was in many respects better educated than Washington himself.

In one of her poems, she writes

> “Thy Power, O Liberty, makes strong the weak, and (wond’rous instinct) Ethiopians speak”

What words could better express why ordinary citizens everywhere need Tor? Because by enabling The People to speak, Tor makes strong the weak.