Unveiling the new Tor Community portal

Community is at the core of Tor's success, popularity, and survival. We would not have a network with the security properties it has if it weren’t for the thousands of volunteer relay operators. We would not have Tor Browser if it weren’t for our open source community. People would not know about Tor if it weren’t for our community of trainers and translators who help us make sure educational information about Tor and our tools are accessible to everyone. We also count on a community of researchers, designers, developers, bug reporters, documentation writers, and many more to keep Tor strong.

It's about time that the Tor Project has a dedicated place to help you!

Today, we are officially launching our Community portal. This is part of our continuous effort to better organize all of our different content into portals. The Community portal contains six sections: Training, Outreach, Onion Services, Localization, User Research, and Relay Operations. These resources are organized around existing streams of work, and each one includes ways for new collaborators to get involved. In some sections, you'll find new content. In some sections you'll find resources that already existed but were buried on our website, difficult to find, or outdated. These resources are now refreshed and easy to find.

If you contribute code and are wondering why you don't see a section dedicated to your work, that’s because we are in the process of building and releasing a Developer portal dedicated to all our free software projects. The Developer portal will house information about how to contribute to each of these projects.

Training

training

Over the past two years, our Community and UX teams have implemented a feedback program designed to provide Tor training for human rights defenders, journalists, and activists in the Global South. Based on this experience, we have created a dedicated training section of the Community portal. Inside of this section, you will find slides, risk assessment templates, and materials to help you organize your own Tor training with your group or organization. There are many ways to explain and teach about Tor and we'd like to hear about how you do it.

Outreach

Outreach

In the Outreach section, you'll find our events calendar, materials like flyers and pamphlets to spread the word about Tor, and instructions on how to run your own Tor meetup in your city. Outreach and meetups are extremely powerful ways to share knowledge and build local Tor communities.

Onion Services

Onion Services

Onion services operators form a highly technical and skilled community that has grown to include media outlets and businesses that use this technology to provide a more secure service for their users. We have organized the onion services a section to include guides, tools, and explanations about onion services and their privacy and security benefits. You can help decentralize the internet by onionizing your website!

Relay Operators

Relay Operators

The Tor network infrastructure is run by thousands of volunteers around the world. The relay operators section is dedicated to explaining the different types of nodes on the network, how to install a relay on different platforms, where to find technical support, and how to be part of the relay operators community. Running a relay is an example of how you can easily help the Tor network and its users.

User Research

User Research

Unlike much of the tech industry, the Tor Project does not collect behavioral data on our users to conduct user research. Instead, we have created a workflow that allows us to interact directly with users, with their consent, in order to conduct such research. Our Community portal has a dedicated space where volunteers can learn how to help our UX team run user research on Tor tools with their communities. In this section you will find our Research Guidelines, our reports on previous research and methodologies, and Tor Personas, a tool that helps us to human-center our design and development processes. This section also has information about our team’s mailing list where you can join and be part of this community of design researchers!

Localization

Localization

We are a global community, and it's crucial that our tools and portals are available in every language. Volunteers from all around the world help us with this translation work. In the Localization section, you can learn how to plug in to this work and which projects need help. Most of our localization efforts are hosted in the Localization Lab Hub on Transifex, a third-party translation platform.

The Community portal itself is not yet localized. If you would like to contribute to that please check this section out!

zoobab

May 19, 2020

Permalink

I am glad to see that despite the fiscal issues TP is still reaching out and pursuing essential long term projects, including community building around the globe!

As it happens, I came to the blog today planning to submit (off-topic in any recent post allowing comments) the plaintive question: does TP still do cybersecurity training in time of lockdown? So it was a pleasant surprise to find a new post on the topic of community outreach.

Unfortunately the current version of the Community appears not to take account of mandatory lockdowns in many countries where Tor training is needed.

From https://community.torproject.org/training/best-practices/

> Find a location that is accessible, affordable, has an internet connection and other materials like a white board, projector, and screen. Make sure that the location is safe for your attendees to visit.

I am not complaining, just asking for help from TP (and other users) in suggesting work-arounds for lockdowns. (In my location the lockdown is being enforced by extensive aerial surveillance and a loose network of neighborhood snitches, but so far AFAIK not with aggressive arrests. But police have broad discretion to interpret broadly written directives as they see fit on the fly, as it were, which historically gives rise to selective enforcement targeting progressives, anti-war activists, indigenous peoples, and other disenfranchised sub-populations.)

On the one hand, we want to avoid attracting undue attention to our groups at a time when many of us are under added suspicion on the basis of expressing concerns about cybersecurity issues involving cellular networks, concerns which LEAs do not always bother to distinguish from the political ideas of the people who are talking about forming armed anti-VAX/anti-5G/anti-lockdown militias (a suggestion which rather obviously has frightened the elites on all sides of the political spectrum, with the notable exception of POTUS, who is better known in this context as "Q+").

On the other hand, trying to use insecure video conferencing software to run cybersecurity training seems absurd. As far as I can see, the only way to get the ball rolling is to meet in person, which is forbidden in many places.

So what to do?

The latest round of "domestic terrorism" hysteria coupled with ever more invasive technological developments (such as Graykey) and with ever more pervasive dragnet surveillance powers being handed to the Security State, make it more important than ever that every NGO and peaceful political pressure group know how to use and do use Tor Browser, Onion Share, Signal, and other tools. It is essential that these groups be aware that intelligence agencies and LEAs (in the US at least) do not recognize the concept of a peaceful political pressure group. In their eyes, there are only "active terrorists" and "nominally peaceful groups" which--- this is the key point--- they regard as continuing threats because (i) they might [sic] be a cover for a secret core of violent provocateurs (ii) some of their members might [sic] turn violent at any time, (iii) they might [sic] receive some funding from "hostile governments". This is kind of like saying that everyone should be terrified of cell towers because they might [sic] be giant reptoids intent on forcible mating with human females.

(Unfortunately LEAs do not care for the suggestion that in the recent history of the world they have all too often become the most dangerous conspiracy theorists of all.)

Last, an off-topic but heartfelt shout-out to privacy researchers and thanks to everyone who works to keep Tor Project alive and functional. Particular congratulations on the Test of Time award!

At the moment we are investigating and collecting experiences of remote trainings organized by our partners. In some countries it was possible to do the online training by video conference, but in others we are still analyzing the available resources and what we can do with it.

If you're looking for tips, one month ago we shared here how Tor Project works remotely w/ privacy: https://blog.torproject.org/remote-work-personal-safety

zoobab

May 19, 2020

Permalink

Regarding:

https://community.torproject.org/onion-services/

Can TP leaders please assign someone the task of following up with debian.org to ensure the health of the onion mirrors for the Debian repositories? Can you reach out to cran.r-project.org and other open source repositories to help them set up their own onions? Note that with the rapid increase in state-sponsored attacks on COVID-19 researchers, many of whom install and use software from CRAN, better cybersecurity is more important than ever. Yet scientific software (and medical software) still lags far behind the rest of the software world, where the cybersecurity situation is merely horridly unspeakably awful.

zoobab

May 19, 2020

Permalink

From https://community.torproject.org/outreach/meetup/

> Connect with a local space that will allow you to meet for an hour or two. A public library, a social center, a hackerspace or a room in a university are some spaces that you can usually host your event.

Tor Project is officially geolocated in the US State of Washington, where (according the website of the Governor of this state), public libraries, social centers, universities, and many public parks are all closed until further notice (likely at least until August 2020, very possibly much longer), with violators subject to fines (per selective enforcement).

I am baffled. Ideas or suggestions for solving this problem welcome.

At the very least, TP should edit the Community Portals to at least say that you are aware that mandatory lockdowns are likely to prevent most of the things you are advocating in these pages.

At the moment we are not advocating for on-site activities. As we described in the blog post: the training and outreach sections are the result of a user training and usability program and many years of experience with communities in the Global South. And actually, contacting your library, social center, your hackerspace is a great idea, as they'll probably be doing events online and could add an activity to their schedule.

We will add remote and online training resources to the Community portal as the Community and UX teams organise these activities together with our network of partners in the Global South. For now, stay at home.

Thanks for replying!

> the training and outreach sections are the result of a user training and usability program and many years of experience with communities in the Global South.

That precise point actually makes the lack of reference to lockdowns in the current version of the Community Portal even more frustrating, since many important nations in South America which desperately need more Tor, such as Chile, are in even more stringent lockdown than the state of Washington.

My own public library is unreachable even by phone. Our frenemies in The Pentagon are warning that the COVID-19 pandemic could well persist through the summer of 2021, with no vaccine or effective treatment, forcing continued or renewed lockdown in the USA. But with confirmation that surveillance-as-a-service companies are hawking their sophisticated malware to local police agencies in the US, which documents obtained under FOIA view labor organizers, migrant worker rights organizers, education proponents, social justice advocates, civil rights workers, perpetual-war protesters, privacy advocates, cybersecurity researchers, journalists, etc., as "potential threats", the need for every socially/politically active person/group to up their cybersecurity game is greater than ever.

An excerpt from a book everyone should buy, but can't (because bookstores are closed, and obviously this is not the kind of book a target should try to buy on-line), explains the state of mind which is more essential than ever, but more difficult than ever in time of pandemic:

theatlantic.com
Since I Met Edward Snowden, I’ve Never Stopped Watching My Back
After receiving a trove of documents from the whistleblower, I found myself under surveillance and investigation by the U.S. government.
Barton Gellman
June 2020

Glad you will add the comments you describe. Keep up all your hard work and give my thanks to everyone else at TP!

zoobab

May 19, 2020

Permalink

I'm not sure if it's outside the vision for the community portal, but I'd like some updating and improvement of the instructions for torifying various applications. Updated instructions could attract new users by showing how their favorite apps might be compatible with Tor. Torification instructions could inspire third-party developers to design their applications with Tor and metadata in mind and to normalize privacy by default.

Thank you for this Community and the upcoming Developer portals.

zoobab

May 20, 2020

Permalink

Are there any plans to add a tutorial section for people to share/request tutorials, that would help a lot. Thank you.

Security best practices, in-depth safe configurations of everything tor related,

emphasis on accessibility in regards to disabilities (many can't browse without certain browser add-ons or features, yet they're not recommended),

firewalls, sandbox, torrc, tor, tor-browser, torify, tails, onionshare, onions, chat, applications, etc.

Not the OP, but I have one:
https://blog.torproject.org/run-and-use-tor-bridges-irc-meetup
Please post a tutorial (after testing from various locations) on how Debian users should use the software repository onion mirrors. Please include the precise lines which should appear in the /etc/apt/sources.list, and explain what the role of the three known onions are. Please explain why Debian users have found it increasigly difficult to use these onions. Are they being subjected to huge DDOS attacks?

TIA

zoobab

May 23, 2020

Permalink

As a relay operator I don't like it at all. Is that where all the donations are being spent? Seems bad, and profligate.
It's obviously trying to appeal to a very narrow group of people, and it doesn't appear to correspond all that well with reality.

zoobab

May 24, 2020

Permalink

It's a bit shit. What's the point? You speak profusely about "the community" but, my friend, what do you know about that? Did you risk arrest or worse for running an exit node? Did you meet any real users in the top 5 countries Tor is used, not the caricatures you dream about? Do you even know what the top 5 Tor user countries are? Did you know most users are nothing like those caricatures and they never heard of any "training", what is really just a political graft arrangement to siphon away money and theoretically aimed at groups with little to no use for Tor? Stop the misrepresentation.

As we linked in the blog post, in the last years we developed an user feedback program that you can read here, which reached an audience of 800 people, 22 cities and 7 countries. We've met users from different countries and different threat models. We traveled to countries where governments outlaw or punish being LGBTQ+ and block trans and gays rights websites with accusations of immorality. We know that the tools developed by Tor protect many activists in very hostile situations around the world. So, the User persona is based on research and direct contact with our users.
And you're right about people using Tor and never heard about our trainings, and that's exactly why we released the Community portal and the training section. In near future we want more materials and resources so people will learn with us how to use our tools in a proper way.

Plus one. Speaking as a user who has criticized various perceived inadequacies in policies pursued by TP, which is underfunded and overworked to be sure.

> Did you risk arrest or worse for running an exit node?

That question appears very odd, assuming the OP was addressing TP!

zoobab

May 25, 2020

Permalink

You say "outreach" but you do not provide even the most basic information!

For example in

https://community.torproject.org/onion-services/

you give the ProPublica onion. Well that's nice but much more important for most will be the correct onion for security.debian.org and deb.debian.org! You gave two onion addresses in a post years ago but they are now invalid and despite repreated requests you never said what are the new ones! Why not? Did TP have a falling out with DP?

zoobab

May 26, 2020

Permalink

Could you reduce the size of the gigantic images which slow loading this blog to a crawl? (Or if that is intended, please say so.)

zoobab

May 31, 2020

Permalink

Between nosy ISPs and advertisers, and with technology such as SNI and geolocation including DNS, we need Tor and probably VPNs. Will the Tor browser bundle start using DNS over onion? How can we set it up?

Not sure what you mean by DNS over onion. Tor Browser has always done remote DNS lookups over Tor. Perhaps you're referring to DNS over HTTPs support on exit nodes? The Tor Project doesn't recommend that, because it centralizes DNS too much, and offers very little actual privacy gains. Or, do you mean something like having the browser do its own DNS/DoH lookups using a .onion server, instead of using remote DNS lookup on the exit node? What advantages would this provide?

zoobab

June 02, 2020

Permalink

Hi.
I've translated tor website, but it's not published yet.
When my translations will be published?
Is it required to be reviewed 100%?

zoobab

June 08, 2020

Permalink

Having a community site where users could post anonymously and help each other would greatly help. Current mechanisms (with the exception of being able to leave comments for blog entries with its obvious limitations - because you cannot create blogs etc) are either compromising privacy (e-mailing) or grossly and outdated (IRC).
Having an open source elgg-based (elgg.org) community site would be great really.
Cheers