How We Work

by ailanthus | June 23, 2015

The Tor Project is driven by ideas. We believe in the right to privacy for every person on the planet. Our community—paid and volunteer—brainstorms projects that embody those ideas, like decentralized hidden messaging systems or ingenious new ways to get uncensored Internet access to people in China.

On our public wikis, we make lists of what we need to build these projects—and then we approach potential sponsors with these lists. If we’re lucky, a sponsor will pay to do the project. If not, we may make it for free.

This is true whether the potential sponsor is a government agency or anyone else.

Because of this system, some projects, like hidden services, need more funding, and we are seeking individual contributions to make this technology stronger. One day we hope to build it into many more programs—for instance, phone apps--to make them private and secure by default.

Our diverse, international community includes thousands of men and women inspired by the ideals we share. They work to support Tor and create important tools based on Tor, like Tails and Orbot (there are at least a dozen of these). Our group includes visionaries who think and talk publicly about the Internet and the future of privacy; among them: @nickm_tor, @ioerror and @RogerDingledine. @aaronsw was one of us.

We will accept no back doors to our software, ever. You can watch @ioerror talk about this at last year’s 31c3 talk in Hamburg. We believe in and build free, open source software—free as in freedom. Tor’s source code is online for everyone to see.

We are proud of our people, our work, and our ideals. We are a human rights organization. We are inventors. Our community is a workshop for the future of privacy tools; maybe even for the future of privacy.

The Tor community is open to newcomers; we hope you will join us.

Comments

Please note that the comment area below has been archived.

June 23, 2015

Permalink

Kate, many thanks for your great statement!

But one question: Why this statement right now? Are there any new threats to the Tor Project?

Everything's good at Tor--but it's clear that not everybody outside of Tor knows about our system for deciding what to work on-- so I thought I'd clarify it.

July 06, 2015

In reply to ailanthus

Permalink

Hi
is there an _official_ way to bootstrp tor-client with help of another active tor-client? and so use not preloaded but current list of entry/directory servers?

June 23, 2015

Permalink

1.3 billion people inside the G.F.W. thank you.
防火长城里面的十三亿人民感谢你们。

But not stable at all time. I prefer customized bridges to Tor, which I don't think that the evil communist china could block all the bridges inputted manually.
We need freedom and human right rather than china-dream.
我们需要自由和人权,而不是中国梦。

Thanks Tor. We love Tor.

June 23, 2015

Permalink

Maybe I am a little bit naive but you talk about China having issues please let not forget other countries such as :-

- UK
- USA
- (add your own primary concerned countries)

thanks

June 23, 2015

Permalink

Thank you to everyone involved with improving Tor!
Re: Funding
Has the possibility to pick one goal on the road map and try to crowd-fund it been considered by Tor developers?

June 23, 2015

Permalink

According to Chinese and Russian authorities who have managed to crack some of the encrypted files held by Edward Snowden, Tor contains code that help the NSA and GCHQ track people who write bad things about the United States and its "Five Eyes" allies.

So long as Tor is used by people to feedback about human rights abuses, abuses of freedom of speech and expression in countries other than the U.S. and Western Europe, it is permissible.

But as soon as people use Tor to criticise about human rights abuses in the U.S. and its allies, the NSA and GCHQ will track them. There are cases in which people use Tor to criticise the American government for not indicting racist police officers who targeted and killed African-Americans.

Another example is when people use Tor to criticise the American-led invasion of Libya. These people's online activities have been tracked by the NSA and GCHQ.

A most recent example is one which involves three sisters and their nine children who managed to leave the UK and join Islamic State in Syria this month despite them having been barred from flying in March by British customs. Brits start to criticise the UK government for their lax security and some of them have taken to using Tor to voice their criticisms. Not surprisingly the British domestic intelligence agency manage to track these people's online activities through Tor.

One starts to wonder who among the Tor developers have been bought by the NSA and its allies with huge amounts of money and promises of a life of luxury beyond imagination. If I were a Tor developer or contributor, I would never resist such good offers. Why be hard on oneself when life is short?

"According to Chinese and Russian authorities who have managed to crack some of the encrypted files held by Edward Snowden, Tor contains code that help the NSA and GCHQ track people"
Two of the regimes with most to lose with free speech on the internet claim that Tor is bad for you? Shocker.
If the Russians or Chinese had really found such code they would have published it to gain propaganda points against Tor. Instead they just have to rely on spreading FUD, not as much pr points as actual facts, but points non the less.

This statement is an old lie: According to Chinese and Russian authorities who have managed to crack some of the encrypted files held by Edward Snowden

No such thing has happened and there is no evidence of any such thing having happened. It is a lie often repeated but it is not true.

This statement is a new lie: Tor contains code that help the NSA and GCHQ track people who write bad things about the United States and its "Five Eyes" allies.

That is absolute horse shit.

不可能的,真的没有。
It's impossible. We Communist China received no files from Snowden. All his files were encrypted by PGP. We don't have his private key and passphrase, unless he decrypted himself.

Humanity has only evolved with memory of those who struggled and those were the ones that could not be bought. The rest are just worms that live and die quickly. There is always plenty for worms to feed on but there are also humans that will not eat this crap.

Now, if you really believe that one can do harm within a collective project I suggest you look into it psychologically. Spreading fear, doubt, and caution though is not wise. The code is open, thousands and thousands who have doubts will report on a bug, this is the beauty of it all.

This poison that is continuously spread among us is this importance of the good or bad individual. The collective being can hardly be affected by any individual action. This is how Rambo is propaganda by the state while convoy really wasn't. The importance is not to win in their terms but to struggle according to our terms. They may win fights but they will eventually lose the war against nature, freedom, and humanity.

My bet, that they were tracked by side channel. For example, by trojan in their Windows Operating System, or anyhow else.

Tor here - is just a toool, not a bulletproof vest.

You can create thousands of defensive towers.
Use only strong crypto.
Keeping twelve angry dogs on your backyard.
Holding machinegun right on the you work place, everytime.

But one little hole in your walls can give em chance to track you.

Little bug in the "Video card" or in the cell phone can break all of your invisibility.

Take a look at sha256 - it was developed by NSA, however, Tor's hidden services and Bitcoin are based on this standard. This doesn't means that developers are not afraid of backdoors in sha256. Everybody are looking for backdoors in sha256. It is like alchemy now.

Time shows us that there is no way to increase speed of brute-force attack on sha256. Otherwise Bitcoin was be cracked. It is millions of dollars ( $ ). Money here, like a border, edge of security.

Of-course, Tor's code much harder than sha256 block-scheme. Anyway, there are BIG community involved into this project, and large number of peoples are trying to achieve security of Tor.

From the other side. Agency, like NSA, of-course is interesting in Tor project. And FBI, and CIA, and FSB. All of them are dreaming to have BackDoor in the code of Tor-daemon, to track all of the Earth. But first of all, their efforts are directed to side channel attacks.

They are perceiving Tor as a Wall, as a Border, and they are playing around this wall with others. With us.

Moreover. Methinks, they are much more interesting in creating more such walls. Similar to Tor projects. Because, for them, it is like sandbox. Like training place.

Otherwise, they can place TAP-devices on the Internet backbones without any raisin.

It's boring. It is no development. It has no future.

June 23, 2015

Permalink

"We will accept no back doors to our software, ever. "

This is the most important statement in this post!

Yes! I encourage you to check out the 31c3 video, "State of the Onion," (link is in the blog post) and watch us explain our views on this a bit more forcefully than I do here.

"We will accept no back doors to our software, ever. "
This is the most important statement in this post!

Any software developer can make wild claims about their products.

The real proof is whether Tor has undergone a thorough audit by independent auditors. I'm sad to state that up till now, it hasn't.

June 24, 2015

Permalink

Yo, ailanthus! Please advise.

We currently have a crisis with Bashir, the ICC and South African political leadership and, as a consequence of proposed internet censorship by the FPB in that country as well as current reprisals against local activists, I thought I'd get a twitter account via tor.

But twitter require a valid mobile phone number before they'll authorize the registration of any new account - even with TBB.

Or am I doing something wrong?

And please understand that the SA political leadership has, in the past, framed false criminal charges against various ISP and media houses in order to leverage the issuance of subpoenas to ensure co-operation with their security police units. I'm not going back to goal in for any democratic cause. I'm too old.

I'll check back in a few days for your response. TIA

June 24, 2015

Permalink

Yo, ailanthus.

Yes, it is I - once more.

Here,

http://www.iol.co.za/news/crime-courts/still-no-answers-on-bashir-s-dep…

you will find material relevant to my previous post.

I must now report that the plaintiff in this instance - Southern Africa Litigation Centre - has ominously had it's website taken off line. Google it and you'll find the url. But, according to Mozilla, it's server is no longer functional. Contact with the community has been banned.

Now go figger!

June 25, 2015

In reply to arthuredelstein

Permalink

me tot

June 24, 2015

Permalink

> According to Chinese and Russian authorities who have managed to crack some of the encrypted files held by Edward Snowden, Tor contains code that help the NSA and GCHQ track people who write bad things about the United States and its "Five Eyes" allies.

I believe you may be thinking of a laughably inaccurate and misleading story which appeared in the Sunday Times earlier this month, which made vaguely similar claims. The best debunking I have seen comes from one of the worlds most respected cryptologists:

https://www.wired.com/2015/06/course-china-russia-snowden-documents/
China and Russia Almost Definitely Have the Snowden Docs
Bruce Schneier
16 Jun 2015

"Last weekend, the Sunday Times published a front-page story (full text here), citing anonymous British sources claiming that both China and Russia have copies of the Snowden documents. It’s a terrible article, filled with factual inaccuracies and unsubstantiated claims about both Snowden’s actions and the damage caused by his disclosure, and others have thoroughly refuted the story. I want to focus on the actual question: Do countries like China and Russia have copies of the Snowden documents?
I believe the answer is certainly yes, but that it’s almost certainly not Snowden’s fault.
But while cryptography is strong, computer security is weak. The vulnerability is not Snowden; it’s everyone who has access to the files.
,,,
I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they've penetrated the NSA networks where those files reside."

June 24, 2015

Permalink

> So long as Tor is used by people to feedback about human rights abuses, abuses of freedom of speech and expression in countries other than the U.S. and Western Europe, it is permissible. But as soon as people use Tor to criticize about human rights abuses in the U.S. and its allies, the NSA and GCHQ will track them.

First, I strongly agree that it is the duty of every citizen (of every nation) to criticize in the strongest terms such outrageous illegal activities of USIC as extra-judicial political assassination, torture, kidnapping, cyberintrusions into foreign telecom networks and employee health-care systems. Or profiling American children aged 3-7 yo for alleged "future terrorist propensity", i.e. creating a new Jim Crow of state-sponsored discrimination not unlike the institutionalized racism of South Carolina c. 1850.

Some analogies which I am sad to say appear to have considerable validity:

planter class: overseers: slaves
0.1 percent: USIC: 99.9 percent

Second, I agree that the published documents from the Snowden trove clearly show that NSA/GCHQ use their global surveillance apparatus to track down bloggers who express views they dislike.

As the author of one of the documents leaked by Snowden asked rhetorically: "what agency doesn't want to make the world a better place... for itself?" That pretty well captures the cynical amorality of the professional spook. Eliminating dissenting views is just one part of the evil they have wrought.

Third, I agree that thanks to Snowden it is no longer a plausible conjecture that NSA and GCHQ try hard to subvert Tor in order to do harm to Tor users. It is established fact, because these documents contain detailed information on their schemes. However, the documents clearly show that as of mid 2012, NSA and its sidekicks were not trying to directly insert malware into Tor itself, but were following the easier path of attacking components of the browser, experimenting with types of attacks anticipated by the Tor developers (such as Sybil attacks), abusing hard to avoid features of the "ecosystem" such as certain kinds of cookies, and taking advantage of user error.

See https://eff.org/nsa-spying/nsadocs for a compendium; look for the documents discussing attacks on Tor.

> One starts to wonder who among the Tor developers have been bought by the NSA and its allies

It is true that years ago Roger D worked as a summer intern at NSA. And one of the published documents is an NSA memo summarizing an invited talk he gave to his former employers, who apparently learned much less than they had hoped. The Snowden documents are themselves the best proof that Roger at least is not exactly a cats-paw of NSA! That is very good to know, with a good degree of assurance.

It is also true that the original developers of Tor were (and are) career employees at NRL (Naval Research Laboratories, part of the US Navy). In that sense, Tor was born inside the belly of the beast.

But we must all acknowledge that over the decades, the US Surveillance-Military-Industrial Complex has metastasized throughout American society like some deadly stage four cancer. Ties to the USIC are fairly common among US persons with programming skills. NSA is indeed the enemy of every citizen, everywhere in the world, but not everyone with ties to NSA is an enemy.

This said, I share the ongoing concern about the possibility (probability) that NSA will try to "shape" future directions of the Tor Project to suit its evil schemes, and I believe that the Project must accept that many will share it for quite some time to come.

I myself have tried to express concern about current ties of Rachel G, an US academic who does research on evading stylometry deanonymization attacks using stylometry, and who happens to be Roger's wife. She says her motives are pure and I have no reason to doubt that. My concern is that according to a profile of her work which appeared in a US military newspaper, DARPA views her work as supporting their efforts to deanonymize blog posts like this using stylometry. I provided a link and a quote but my post was censored. My point was and is not to criticize RG but to try to explain why IMO she has something to explain: how can she prevent her work from being exploited to harm people like us who need to express views which USIC might dislike?

Along the same lines, I and other users have urged the project to turn away funds from dubious sources such as SRI and DARPA.

> with huge amounts of money and promises of a life of luxury beyond imagination.

In general, they need promise far less than all that to "persuade" people to "assist" them, unfortunately.

> If I were a Tor developer or contributor, I would never resist such good offers. Why be hard on oneself when life is short?

Well, that's you. I feel there is still some reason to hope that Tor people would be far more resistant to threats/enticements from USIC.

I wish every Tor user personally knew some Tor developers. That's not possible, but Kate's suggestion that concerned users seek out videos of talks given by Tor developers is probably the next best thing.

June 24, 2015

Permalink

Sorry for the technical question here but my 'Tor circuit for this site' info always has the same location (and correspondent ip) marked as Location 1 (1st position).

Clicking 'New identity' or 'New tor circuit for this site' will do nothing to change it and even restarting the browser does nothing. Is this normal or should I be concerned?

June 25, 2015

Permalink

Unless something has changed recently twitter does allow registration by email alone with out a phone and even though it is hard to use with js disabled it is still possible. Although if you take many other precautions tails/wifi etc. even js will not hurt you.

In terms of reporting political matters within a spectrum of either the left or a/a movements a simple blog and/or publication of reports to indymedia servers will encounter enough solidarity republication response that will eventually find its way to social media. So find a way to publish your report according to the norms of the relative political movement. Newcomers and fascists do not fare well unless they get "agency" support.

I don't believe there is a state in this universe that does not use "any" means to defeat any organization of opposition. Which taken back to this talk of China or North Korea, Saudi Arabia, Turkey and other totalitarian regimes the variation to the most liberal European democracy is just that of shades of gray. It is a variation of the matrix programming, pretty on the outside equally ugly on the inside.

Openmailbox.org riseup.net and others provide you with email that you may keep anonymous if you want.

June 25, 2015

Permalink

"We believe in the right to privacy for every person on the planet."

"We will accept no back doors to our software, ever."

Thank you for your unambiguous statements regarding these two essential points.

The trouble comes when the Project fails, time and again, to make similarly unambiguous statements regarding two other essential points:

o Does the Project regard censorship, on-line trolling campaigns, illicit cyberintrusions for cyberespionage, "effects operations", cyberwarfare, and domestic population as acceptable [sic] when performed by the current government of the USA and its allies (e.g. JTRIG, a unit of GCHQ which has been profiled in several stories at The Intercept), but not by the current governments of nations such as China, Russia, or Zimbabwe? Or does it oppose these things unambiguously and universally? If your privacy has been invaded, or if your communications have been disrupted, does it really matter whether these crimes were committed at the behest of President Obama or President Putin?

o Much of the Project's funding apparently comes from USIC tied entities such as SRI (Stanford Research Institute). Doesn't this render the Project susceptible to "shaping" by NSA and friends?

You wrote:

"Our community—paid and volunteer—brainstorms projects that embody those ideas, like decentralized hidden messaging systems or ingenious new ways to get uncensored Internet access to people in China."

But what about (for example) Australian censorship?

I draw your attention once again to a key point which has been made by many knowledgeable observers: since 9/11 the FVEY governments appear to be moving closer and closer to the governments of nations like Russia, China, Pakistan, Thailand in controlling what technologies citizens are permitted to use, and how and where, and what and where they are permitted to read and post.

Recently enacted laws in Australia, Spain, and proposed laws in Canada, US, France show this trend very clearly when compared with "presidential decrees" in Russia and Chinese government policies which establish programs for even more intrusive surveillance and control of their own citizens.

June 25, 2015

Permalink

Shall wa consider the "no back door, ever" statement
on /this/ page a warrant canari ? Will you remove it (as far as possible) in case something "bad" happens ?

Shoudn't an "official" canari stand on Torpoject's main page,
thoughn clearly designated as such and approved by
Roger - Nick - whoever... ?

June 25, 2015

Permalink

I am under serious censorship.

and Tor helped me a lot..

but knowing the device information etc. 'they' seem to hack into the system before I connect to the Tor browser.. probably network itself.

would there be an way to solve this issue?

July 01, 2015

Permalink

Anonymity matters. From

http://america.aljazeera.com/opinions/2015/7/social-movements-need-anon…
Social movements need anonymity, but corporations are taking it away
Joshua Kopstein
1 Jul 2015

"It’s not easy to be anonymous on the Internet these days. Some would argue it’s impossible. But in a time of rampant trolling, hacking and corporate and government mass surveillance, the protective cloak of anonymity and online pseudonyms has never been more vital to marginalized groups and social movements around the world."

Referring to a recent SCOTUS decision, Kopstein asks:

"Consider the oppressive technological potential of today’s police and governments and imagine, briefly, how we might have reached last week’s victory if the gay liberation movement had begun today. How many future movements will be silently quashed and brutalized under the boot heel of an inescapable surveillance state?"

What corporations oppose anonymity? The motion picture industry and Facebook are named as two of the chief offenders. Kopstein concludes:

"Today, corporate interests — often more so than governments — are chipping away at any possibility of remaining anonymous on the Internet."

July 01, 2015

Permalink

A NATO think tank has just published a fine introduction to Tor, a bit longer (30 pp) than the UK Parliament Technical advisory paper (4 pp) from last year:

Emin Çalışkan, Tomáš Minárik, Anna-Maria Osula
Technical and Legal Overview of the Tor Anonymity Network
NATO Cooperative Cyber Defence Centre of Excellence
Jun 2015
www.ccdcoe.org
(Republished at cryptome.org)

Notable features include:

o discusses human rights applications positively,

o discusses why USG has funded Tor,

o fails to discuss why this might be problematic,

o fails to discuss the contradiction between NRL/DARPA/NID/SRI funding of Tor with calls from some US/EU officials to declare Tor illegal, or to otherwise block users from using it, but doesn't seem well disposed towards such demands,

o cites https://blog.torproject.org/blog several times,

o cites Andrew Lewman's claim that insiders in certain Western agencies sometimes help Tor developers resist some (Chinese? Iranian?) state-sponsored attempts to subvert Tor.

I suggest that Tor Project archive copies of the better overviews of current Tor network in some prominent place, or at least link to them. It would be good to have them handy to quote to politicians at every opportunity, since they all (even the ones from unlikely sources such as NATO think tanks) seem to agree that Tor is an essential component of the technological infrastructure of global society.