Bug Smash Fund, Year 2: Progress So Far!

Last August, we asked you to help us fundraise during our second annual Bug Smash Fund campaign. This fund is designed to grow a healthy reserve earmarked for maintenance work, finding bugs, and smashing them—all tasks necessary to keep Tor Browser, the Tor network, and the many tools that rely on Tor strong, safe, and running smoothly. In 2020, despite the challenges of COVID-19 and event cancellations, you helped us to raise $106,709! 
 
We want to share an update on some of the work that the second year of the Bug Smash Fund has made possible.
 
Since 2019, we’ve marked 134 tickets with BugSmashFund. As of today, 97 of those tickets have been closed, and 37 of them are still in progress. This year, we've used the Bug Smash Fund to work on continuous integration tooling, Tor Browser improvements, defense against DDoS on onion services v3, GetTor, Arti, and security fixes. We have also used the Bug Smash Fund to create a new status.torproject.org page, which will act as a landing place for network and service status updates.
 
Thanks for supporting this work!
 
Below is a list of many of the tickets we’ve closed so far.

Continuous integration tooling

When we made the transition from Trac to GitLab for issue tracking, we moved our CI tooling into GitLab CI and Appveyor. Because this work is critical--but not covered by a grant--the Bug Smash Fund helped us to fix the CI pipeline in GitLab and improve the infrastructure we use to develop Tor. See all CI tickets.
 

Tor Browser

The Bug Smash Fund helps us to resolve issues in Tor Browser that are not part of a grant or sponsored project, including fixing AV1 playback. It has also helped us make updates to Tor Browser's custom UI.
 

Network Health

Over the last month, overload bugs on the directory authorities have caused v3 onion services to become unreliable. The Bug Smash Fund was critical here--it allowed us to pivot from other work to address these issues.
 

Tor Network Status

We were in need of a clear, easy-to-read place to share updates on the status of the Tor network when there have been disruptions. The Bug Smash Fund allowed us to set up status.torproject.org. Let us know what you think! We also fixed Schleuder, a tool we use to communicate with encrypted email to/from network-team-security@torproject.org (#40002).
 
Thank you to everybody who made a contribution to the Bug Smash Fund. This work is critical in helping us to provide safer tools for millions of people around the world exercising their human rights to privacy and freedom online.
 
If you’d like to make a contribution to the Bug Smash Fund, you can do so by making a gift at donate.torproject.org: just add “Bug Smash Fund” into the comment field, and we’ll make sure it’s directed to the right place.
Jason

February 12, 2021

Permalink

status.torproject.org is cool, much easier to understand than consensus-health.torproject.org

Jason

February 16, 2021

Permalink

Many thanks to everyone at Tor Project who help do the essential work of catching and fixing bugs, network issues, etc!

All the most powerful entities in the world hate everything which truly empowers ordinary citizens to exert some control over their own data destiny. Consequently, right from the beginning, Tor Project has been continually buffetted by an unending sequences of technical, legal and political threats. And the Great Lockdown which began early in 2020 seems to have been unusually challenging for TP and all small nonprofits. But I am cautiously optimistic that 2021 will see things improve for our side.

I hope all readers of the blog will join me in contributing whenever and to what extent we are able. Let's make Tor a user-supported NGO beholden to no government or megacorporate agenda!

P.S. A new site from ACLU-WA is at coveillance.org. Check out the Acyclica devices and the NSA secret room featured in the walking tour! Uhm.... Shouldn;t TP belong to their tech coalition?

Tor is not funded by the NSA. That's FUD.

Our financials are open. You can look at an easy to read list of our funders here: https://www.torproject.org/about/sponsors/

Or dig deeper in our tax documents here: https://www.torproject.org/about/financials

And read posts that explain these documents here: https://blog.torproject.org/category/tags/form-990

Jason

February 18, 2021

Permalink

Why are gitlab and anonticket logins subdomains of the domain, `onionize.space`, rather than torproject.org? Who owns and operates `onionize.space`? Why is it a potential MITM? Is there more Tor Project infrastructure on non-TorProject domains than those two login subdomains?

It's my domain that I use for highly experimental things I do related to Tor. This site will eventually be moved over to Tor Project infrastructure, but since we are working in a time constrained environment, where the internship ends soon, we wanted to get something setup as quickly as possible so that we could gather feedback from the user community.

The goal for this is to have it moved to torproject.org infrastructure and have an onion service. This is likely to happen in the near'ish future.

Jason

February 18, 2021

Permalink

I like the new status page, but I do wish the description for "directory authorities" was a tad more informative than "whatever it is that those things do". Made me laugh though!
Anyway, amazing progress. Thank you, Tor Project!