2019 End of Year Campaign Wrap Up - Thanks for Helping Tor Take Back the Internet

We believe Tor is strongest when it is used by and supported by as many people as possible. A diverse user base strengthens the anonymity of Tor users, and diverse funding sources ensure we are only beholden to our mission -- no single financial source.

We are pleased to announce that we raised more funds in 2019 from individuals than ever before -- $833,956! This is almost double what we raised in 2018. A little over $300,000 of this income was donated during our end-of-year campaign and was generously matched by Mozilla. Thank you to everyone who contributed. You are helping Tor take back the internet.

In 2019, 10,404 people made their first donation to Tor. It is exciting to see so many people understand and commit themselves financially to our mission. Even more exciting is that, during the campaign alone, we gained 330 new Defenders of Privacy -- donors who make a monthly commitment to Tor. Sustaining gifts provide the Tor Project with steady, reliable income that is essential to our ability to respond quickly to unexpected challenges and threats. We also had eight donors make new contributions of $1,000 or more, making them Champions of Privacy.

Our commitment to privacy extends to our donors. We execute our fundraising in a way that is very different than other nonprofits. We never share your information with third parties. We never receive potential new donor information from outside sources. We do not track the behavior of our donors when you open our emails. We allow donors to choose what information you share with us. You can be more anonymous by sending a money order to our physical address or utilizing cryptocurrency to protect your personal information. Privacy is limited by requirements of the most popular donation methods, PayPal or credit card, but we are committed to offering privacy-preserving methods of making donations.

This income raised from individuals is essential for us to make progress on our 2020 goal to scale our network, making Tor easily accessible to everyone, while providing privacy online and tools to circumvent censorship. As Isabela Bagueros, our executive director said, “How do we actualize a more private, decentralized, equitable internet? It will take a lot of work and a unified vision. It takes preparing the Tor network to handle more users by scaling the network and improving its performance metrics. It takes the Anti-Censorship team working on circumvention solutions that are difficult and expensive for censors to block, but easy for us to deploy and scale. It takes the Tor Browser, Community, and UX teams working together to make Tor more accessible to the people who need it the most.” We have that unified vision. With your help, we are ready to take on this work.

You make a difference. Your help contributed to our goal of taking back the internet with Tor! Thank you.

Sincerely,

The Tor Project Fundraising Team

Anonymous

January 16, 2020

Permalink

What about help for Tor users? You have so much money. What about full guides for making onion services? (How to set up and configure web server, how to configure onion service, how to make onion site, forum or game.) What about specific tools for people who can't understand computers at all? Or any online support via tor browser? Also is it possible to make onion service online not every time when computer online? For example computer online few hours but onion service online only one hour?

I'd like to see those things too, but regarding

> You have so much money.

Far from it; Tor Project is very underfunded and understaffed when compared to the enormous global responsibility of producing one of very few (so far) privacy/anonymity tools which should work for virtually anyone anywhere in the world, modulo gaining access to torproject.org to download the software (and possibly bridge addresses) in the first place.

So I'd put it like this: we'd like to see lots of things on TP's "to do" list, but accept that

o bug fixes

o research into scaling the Tor network

o global outreach and security trainings (Luanda needs TP's help! So do student groups in Puerto Rico!)

o carefully vetting prospective new Tor employees to keep out agents working undercover for some government or evilcorp (c.f. the apparent attempt by CIA to plant a "former" spook inside TP),

o moving TP to a user donation funding model

o (arguably) seeking short term "no strings" grants from foundations and (distasteful) corporations (where is Apple? why only Google and USG shills?)

o (arguably) basic research into anonymity and onions generally

should probably have a higher priority.

But with all that said, would making manuals really take so much time?

> What about full guides for making onion services?

Look here:
https://community.torproject.org/onion-services/
https://2019.www.torproject.org/docs/onion-services.html.en
https://2019.www.torproject.org/docs/tor-onion-service.html.en

Those guides need to be labeled better and linked to better so they're easier to find (talking to you, Tor Project!). As for web servers, forums or games, there are many choices of software designed for the regular internet that you could host on an onion service, and they are quite separate from Tor software. Be sure to inspect them for privacy and metadata leaks as most are not audited as strictly as Tor is.

I, myself, would like for the following pages to be expanded and for there to be a guide to anonymously contributing by Git over Tor.
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO
https://trac.torproject.org/projects/tor/wiki/doc/SupportPrograms

This is insufficient for contributing over Tor, and it's hard to access and interpret for those outside of Tor's development teams: https://gitweb.torproject.org/githax.git/tree/

> What about specific tools for people who can't understand computers at all?

https://2019.www.torproject.org/projects/projects.html.en
https://2019.www.torproject.org/getinvolved/volunteer.html.en#Projects

For those people, the best tools that Tor Project recommends are arguably HTTPS-Everywhere, Tor Browser, TorBirdy, OnionShare, Orbot, Tails, Metrics, Onionoo. I would also recommend Privacy Badger, another add-on by EFF for regular web browsers.

> Or any online support via tor browser?

Across the top header of torproject.org, there's "Support", "Documentation", and "Community". When you open Tor Browser or start a new identity, the purple page has a link under the search box, "Questions? Check our Tor Browser Manual".

> is it possible to make onion service online not every time when computer online? For example computer online few hours but onion service online only one hour?

In that context, think of an onion service like any other web service: the computer or server it runs on must be online. Your example of the computer being on for longer than the onion service is entirely possible, and you can command the service to stop like any other daemon for the regular internet such as for HTTP (like Apache, nginx) or FTP (like FileZilla Server), but an example of the reverse where the onion service is online longer than the computer is not possible, obviously, because the service runs on the computer. You could host onion services on a VPS or dedicated server purchased at data center or CDN if you find a way to trust it. There also are distributed networks other than Tor such as IPFS that have limited capabilities to host static websites facing the regular internet.

Anonymous

January 16, 2020

Permalink

> We are pleased to announce that we raised more funds in 2019 from individuals than ever before -- $833,956! This is almost double what we raised in 2018.

This is very welcome news, and I take it as an encouraging indication that if TP perseveres in the effort to transition from dependency on USG funding to a grassroots user-donation funding model (similar to ACLU, EFF, and other major organizations) is achievable. I think most of us now agree it is also necessary, so evidence that it is possible is very good news indeed!

I sense that all around the world, more and more people are becoming more and more concerned about the dangers posed to essentially everyone by both government dragnets/targeted-hacking and surveillance capitalism, are becoming more mistrustful of Big Tech consumer goods and services type companies and of their own government, and consequently are liable to become Tor users/donors in the near future.

The recent revelation (and prompt fix, thank you) of another critical in Tor Browser (at the "standard" security level--- "safer" or even "safest" should really be the default) has again underscored the fact that we can expect many more technical attacks on Tor users in the future, and discovering and countering these will likely be a top priority for the Tor teams in the years to come. But we must also regard the political/legal threat from AG Barr and his ilk as posing an existential threat to TP, so defeating this threat must also be a top priority:

arstechnica.com
The broken record of breaking encryption skips again in Florida shooter case
Trump's Twitter tantrum doesn't change the laws of mathematics. Neither does Cellebrite.
Sean Gallagher
15 Jan 2020

> On the eve of the House of Representatives' forwarding of articles of impeachment to the Senate, President Donald Trump took time to attack Apple. The president's outburst on Twitter appears to be about the FBI's inability to get access to the physical storage on two iPhones connected to last month's killings at Naval Air Station Pensacola in Florida. And it is the latest ratcheting up of rhetoric from the Trump administration on device encryption.

theregister.co.uk
Apple calls BS on FBI, AG: We're totally not dragging our feet in murder probe iPhone decryption. PS: No backdoors
This isn't the way to make the Cook(ie) crumble
Kieren McCarthy in San Francisco
14 Jan 2020

Susan Landau and other crypto experts are still trying to convince the Feds that extremism won't help anyone (except maybe, very briefly, Drump, as a temporary distraction from his trial in the Senate):

thehill.com
Breaking the encryption impasse
Denis McDonough and Susan Landau, opinion contributors
16 Jan 2020

As further evidence that TP needs to do more to correct anti-onion bias, here is yet another story which mentions onions in a derogatory context but fails to mention that onions are mostly used to protect people, not to harm them:

arstechnica.com
FBI arrests man suspected of orchestrating dozens of “swatting” calls
Group's online chats were often racist and anti-Semitic.
Timothy B. Lee
15 Jan 2020

> The US government has criminally charged a Virginia man for helping to organize dozens of "swatting" attacks and bomb threats made against a variety of targets in the United States and Canada. The man allegedly belonged to a group that coordinated via IRC and Tor hidden services to target prominent gamers, journalists, and government officials.

In other news on the legal front, privacy advocates around the world should be cheered by the fact that the top EU lawyer has issued a (non-binding) brief to the top EU court arguing that a suspicionless dragnet is illegal in the EU:

theregister.co.uk
Top Euro court advised: Cops, spies yelling 'national security' isn’t enough to force ISPs to hand over massive piles of people's private data
Opinion is preliminary, though a good start
Kieren McCarthy in San Francisco
16 Jan 2020

> Analysis In a massive win for privacy rights, the advocate general advising the European Court of Justice (ECJ) has said that national security concerns should not override citizens’ data privacy. Thus, ISPs should not be forced to hand over personal information without clear justification. That doesn't mean that the intelligence and security services should oblige communications companies to hand over information, especially when it comes to terrorism suspects, the opinion, handed down yesterday, proposes. But it would mean that those requests will need to be done “on an exceptional and temporary basis,” as opposed to sustained blanket harvesting of information – and only when justified by “overriding considerations relating to threats to public security or national security.” In other words, a US-style hovering up of personal data is not legal under European law.

I interpret this event to show that our side and win the legal victories we need--- currently, most urgently in the US and EU--- to have a chance of continuing to exist, which would mean that we will have a chance to continue to fight off technical threats, while continuing to read and discuss, to blog, to do journalism, to engage in politics, and generally to do what we can to ensure that civil society does not die in the 21st Century.

Anonymous

January 16, 2020

Permalink

I encountered an unexpected connection to youtube.com when I viewed this blog page. Is this expected behavior? If so, is it wise for the Tor blog to force connections to Youtube while Tor users are viewing this blog?

In general, it seems that viewing videos is one of the most hazardous things an unwary person can do using Tor Browser--- an assertion which was very recently supported by yet another critical vulnerability which only affected people using the "Standard" security level, which appears to be needed (as another commentator said above) to view videos with Tor Browser. I assume TP would not quarrel with this statement. If so, it would appear to follow that the Tor blog should not include links to Youtube. If videos are not really needed, they probably do not belong here.

I guess that the videos are an attempt to lure more newbies into trying Tor, but if so I think it would be wise to find safer way to do that.

Anonymous

January 18, 2020

Permalink

Disable electrosys in Firefox!

TBB launched, no page visited = 10 firefox tcp connections + 20 tor connections. What the hell is that?

> electrosys

Never heard of that.

Did you mean Electrum? Were you launching Tor Browser in Tails, a Debian system, a Windows system, or another?

> no page visited = 10 firefox tcp connections + 20 tor connections. What the hell is that?

Is it possible that you mis-interpreted expected and desirable behavior (your Tor client building Tor circuits for your use in next few minutes) as evidence suggesting malicious compromise?

Without more details I think it is impossible to know what you observed or what it might mean.

(Caveat: I am just another Tor user, not a Tor dev.)

Anonymous

January 19, 2020

Permalink

The Cloudflare Network is blocking me today with error message 1001, Cloudflare Ray ID: 557b22023c366d04. It does this periodically, and I can usually access the same site on its network. Thanks.

> The Cloudflare Network is blocking me today with error message 1001

FWIW, I see similar messages quite often (e.g. at news sites) and simply ignore them. The long numerical code appears to be a counter used to identify individual connections to some site, which Cloudflare's robots deem "suspicious" (a connection from a Tor exit node apparently often counts). The counter apparently increments until it rolls over and starts again.

Sometimes waiting a few days and trying to surf (using TB) to the same site works. It is possible that Cloudflare blocks are associated with activity at certain sites which is suspicious for more alarming reasons than simply connecting from a Tor exit node.

> I’m concerned about hidden fees

This issue is indeed a legitimate concern for North American internet users. The hidden fees are charged by the big ISPs (e.g. Comcast, Century-Link) because these companies cannot actually deliver service while charging their up-front "low low" user fees and also funneling torrents of cash to the shareholders and company executives, so they are all tacking on hidden fees in order to continue what they consider "business as usual", to the detriment of everyone else.

Conservatives might notice that hidden fees are a major distortion of the alleged free market; so are the monopolies typically enjoyed at least locally by the big ISPs. Liberals are likely to object to the way this situation exacerbates income inequality and mendacity, thus further destabilizing civil society. So this issue should concern everyone who uses the Internet (at least in North America), regardless of their political stance.

However, this has nothing to do with Tor Project or even with Tor. You should express your concern to your representatives in Congress and to municipal authorities who often have a suspiciously cozy relationship with the big ISP which enjoys a local monopoly in a given service area.

See arstechnica.com and techdirt.com for lots more information about this issue.