Tor in the Media: 2020

This year, we’re continuing a new tradition of reviewing media and news stories that mentioned Tor and the Tor Project. Our goal is to highlight what is changing (or not) in the conversation about privacy and censorship, as well as identifying the ways the media discusses Tor in the context of these challenges.

When everything changed

Last year started off on a “normal” note--we were preparing to dive into our roadmap for 2020, and news outlets were publishing articles explaining Tor, demonstrating how to use Tor Browser to protect your privacy online, and highlighting how privacy is a human right Tor fights to make available for everyone online. And then COVID-19 changed everything.

When the pandemic hit the Tor Project, we had to make some hard decisions that became headline news: Tor Project lays off a third of its staff 4/18/2020, and COVID-19 forces Tor Project to lay off a third of its staff 4/19/2020.

Use Tor, fight the surveillance pandemic

The COVID-19 pandemic changed everything, and to be online became an even more essential part of our daily lives. Many people began to understand that privacy online is now more important than ever. Journalists began looking for advice to give their readers about protecting their privacy, and we became ‘rule #11’ on how to ensure cyber security while working from home:

11. Secure browsing

If you want an extra layer of security and privacy, it is a good idea to install the Tor browser. It comes with many security features, which makes Web-based attacks difficult to execute on your computer.

Throughout the year, other outlets continued writing stories that highlight Tor as a tool to protect your privacy online. TechRadar and Vice both cited Tor in articles about how “incognito mode” is not enough to protect users’ privacy.

The uprising for Black Lives during the summer raised the concern about state surveillance of activists, a topic discussed at our third PrivChat, with Snowden as the panel moderator. Motherboard wrote a great guide to avoiding state surveillance in which Tor is cited, and Freedom of the Press also wrote a comprehensive guide to ‘pick your browser’ that compared the privacy features in Tor Browser, Firefox, Brave, and Chrome. Tor Browser and other apps that use Tor were part of the Mashable list of ‘apps you should have downloaded in 2020.’ ExpressVPN wrote an article describing the benefits of integrating Tor to apps, and recommended just building the services with onion services so Tor (and privacy) is part of an app’s design by default.

Last year showed us that now, more than ever, we have to keep working on Tor to make it easier to use and more accessible for more people. The results of this work made the news as well:

Onion Services improvements

The Tor Browser 9.5 release introduced new onion service features that improved the user experience. Changes include Onion-Location, a feature that makes it much easier for users to find and return to an .onion version of a website, a popular feature that made it easier to find secure onion services; improved onion services error messages; and the ability for administrators to password-protect .onion pages. This work was covered by PCMagazine, ZDNet, ghacks and BleepingComputer.

This year we also announced the depreciation timeline for onion services v2. We aim to completely disable onion services v2 by October 15, 2021. Some projects have already migrated to v3, including Bitcoin Core, as was covered by decrypto.co.

And finally, we rolled out a prototype for human readable names for onion services in partnership with the SecureDrop team, who wrote about this process on their blog.

Tor Browser releases

The Tor Browser 10.0 release is the first stable release of the 10.0 series based on Firefox 78esr--it included important security updates from Firefox and was covered by BleepingComputer and TechRadar. Following this release, we reached an important milestone, which was to bring Tor Browser for Android to the new Android Firefox release Fenix--an effort that involved many months of design and development. Many news outlets covered our work, such as ghacks, Times of India, Android Police, and Softpedia News.

Combating DDoS on onion services

Our proposals (that are in the works, not yet shipped) on how to solve DDoS attacks against onion services received attention from several outlets, including BleepingComputer, TechRadar and Tech Leash, wrote about these proposals. CoinDesk published an article focused on our tokens proposal that we presented at our State of the Onion in November last year.

Network Performance

The Daily Swig wrote about our very important work to improve the Tor network’s performance, making it faster for users, that we started in 2020.. Our goal is to improve one of the number one usability issues with Tor: that it’s too slow. Keep following the blog for more news on these improvements.

Other wins

Even though 2020 started with so many uncertainties and unknowns, we also had some important successes, and we are happy to share a few stories that make us proud.

Belarus censorship circumvention

This year, internet users in Belarus faced censorship, and Tor helped to provide them with circumvention. Decrypt wrote how Tor saw a surge in use during the protests in Belarus, and Benzinga did a great in-depth article about how Tor combats internet censorship.

Mexico unblocks Tor

After many months of persistent work, volunteers and researches from the Tor community in Mexico not only managed to discover how the largest telecommunications operator in Mexico was blocking Tor, but also managed to contact them, get them to change their policies and stop blocking Tor, and convince them to run Tor relays and contribute to the network. This is a huge win for internet privacy and anti-censorship advocacy. GlobalVoices published an article in English and Spanish detailing the whole story.

Launch of Tor’s Membership Program

CoinDesk wrote about the Tor Project’s new Membership Program, a program we launched in 2020 and of which we are very proud. The Membership Program is designed to build a supportive relationship between our nonprofit and private sector organizations that use our technology or want to support our mission.

We can't vet every app that claims to use Tor, much less determine if it is reliable or not. I will say that I have never heard of this app. Some questions to ask: are they open source? Can you look at the work they are doing and verify they are doing what they claim?

Jason

February 09, 2021

Permalink

Great stories, and nice to see Tor getting some good press.

Has TP considered responding via "email to the editor" to the more common misleading stories which spread FBI inspired FUD without mentioning the many benefits for ordinary people of using Tor Browser? What about a boilerplate "if you would like to get a comment from Tor Project on your story, please email us at". This way you would not waste time on "news" sources which have no interest in providing context for their readers.

> the many benefits for ordinary people

A quick visit to the community page and Tor Stories should cover a lot on that front. The old website also has a page about Tor users. For particular questions, the documentation is linked at the top of torproject.org.

Some relevant blog tags: human rights, the word "rights", censorship, training, EFF, media coverage, free speech.

But all of this should be made more visible to the public. Tor users can reply with this info to articles, but one comment here or there is likely to be buried in the pile.

> FBI inspired FUD

I suspect VPN and DDoS-mitigation company inspired also. They pay for tons of ads on TV in the U.S., and practically every Youtuber has shilled for one. Tor is an open, participatory, no-login, donation-funded competitor to centralized one-hop VPN, and Tor's trustless design to resist surveillance by global adversaries and its operators that so far necessarily tolerates DDoS is stigmatized which props up DDoS mitigation business models. Who knows if they aren't causing trouble in their favor through Tor themselves.

> A quick visit to the community page and Tor Stories should cover a lot on that front. The old website also has a page about Tor users. For particular questions, the documentation is linked at the top of torproject.org.

True, but let me try to restate the point I was trying to make.

Many well known national and local newspapers print stories several times a year which quote extensively from "information" (generally slanted and sometimes simply false) provided to them by anonymous FBI officials about some hair raising case involving horrifying crimes such as child sexual abuse or human trafficking, which often mention that the alleged malefactors "disguised their activities using Tor". These stories almost never give a link to torproject.org, much less mention that human rights researchers and political dissidents also use Tor. (Stories at Wired and ZDNet sometimes do, but these are exceptional.) How many readers of such anti-privacy FUD will even guess that they might be able to find another view at torproject.org, much less bother to search for the link on their own initiative?

What I am suggesting is that Tor Project should be more assiduous in sending a polite boiler plate "email to the editor" saying that TP is aware that "a story at your outlet recently mentioned Tor", adding "if you would like a response from Tor Project, please email us at or take a look at these urls from our website: ..." Responsible news outlets will, one hopes, suddenly remember that they have a responsibility to provide context for disparaging information fed to them from a source with an obvious bias (FBI in this case).

> I suspect VPN and DDoS-mitigation company inspired also.

Good point. You may well be right about that. And of course FBI loves people who think (incorrectly) that using a VPN is "safer"[sic] than using Tor Browser. And I agree that a big part of the problem is that the virus scanning industry has a vested interest in ensuring that society does not make the kind of genuine cybersecurity improvements which would render their business less relevant.

Case in point: EFF issued a wonderful tool, Yaya, built upon the open source malware scanner Yara. Alas, Yara is useless without the signatures which is what Yaya conveniently provides. But it seems that the antivirus industry is preventing them from turning this into a Debian package which any ordinary person could easily download and use to obtain the latest signatures in order to scan their own devices. Because the commercial virus scanning company customer base would be eroded by the EFF tool, if that ever became something which could be used by ordinary citizens to protect themselves, their families, their friends, their customers, their coworkers, and their community. I need more people concerned about cybersecurity to tell EFF that Yara could be even bigger than LetsEncrypt if they pursue it regardless of pushback from business interests.

As you probably know, Congress is suddenly making a lot of noise about the apalling state of US cybersecurity (federal, state, local government agencies, large and small companies, SOHO routers, medical devices and other IoT devices, Zoom calls, etc, etc). We have seen such uproars before, mainly followed by carelessly written bills which would not only do nothing to help cybersecurity but which would actually make the problems worse.

Highly sensitive information about citizens is still required to be shared among public and private entities, and is commonly shared by unencrypted fax transmissions. If Congress were really serious about protecting ordinary people, outlawing that practice would be a good place to start. USG blessing plus an NSF grant to help EFF turn YaYa into a Debian package would be another good starting point. Mandating USG backdoors in all encrypted communications would on the other hand be possibly the single worst thing they could possibly do.

Well meaning people sometimes suggest that I should express my views to politicians. Unfortunately what I hear repeatedly from saddened staffers is "one voice is never heard; you need to come back as part of a group". The more honest ones take me aside and whisper that the price of admission to the inner office is far lower than one might guess: a thousand dollar contribution to the campaign chest will get you 15 minutes. (Amazingly, that is all that horrid companies like Comcast seen to need to pour poison onto a particular Congressional ear.) But you have to come as a group. Now, Tor Project is a group. My voice alone merely echoes endlessly unheard in a desolate mountain landscape. Hint, hint.

> Who knows if they aren't causing trouble in their favor through Tor themselves.

You might well be right about that too. What a world...