Our three-year development roadmap is published

by phobos | December 19, 2008

We've published our three-year development roadmap. There are two main goals in publishing this document: first to be more transparent in what we're doing; and second to ask for help in improving everything related to Tor.

While we don't expect everyone will read through the roadmap start to finish, the Table of Contents provides a quick overview of the high-level goals. Each high-level goal is fairly independent of another, so you can simply read about the goals that interest you.

And for the first time ever, we've created a press release. This is our attempt to become more press friendly and provide a way for the media to start a conversation with us.

We welcome your comments and feedback!


Please note that the comment area below has been archived.

Very good and compact information that was previously scattered in various places. Thank you! I definitely recommend this to anyone interested in onion networking.

December 22, 2008


i heard that you use unencrypted request of the Tor Node Directory, might some evil ISP shut me down because I used Tor and they know it?

Tor (as of 0.2.0.x, which is the current stable version) uses encryption when
doing directory lookups. In Tor 0.1.2.x and earlier, the lookups were in fact
unencrypted (though they were still signed, so you couldn't be tricked into
believing something you shouldn't believe).

That said, even an encrypted directory lookup will probably connect to an IP
address that your ISP can watch for: either the six Tor directory authorities,
or to some relay that's listed in the network status list.

If you want to stop that possibility, then you'll want to use a "bridge relay" to
connect to the Tor network:

December 23, 2008


Just got Tor to play with and while I was randomly surfing usung the Firefox browser I got a "pop-up" ad. from thoses spammers "Adult Friend Finder" offering me contacts in my town. Surely if this site knew where I lived then Tor must be compromised. Someone please explain.

Thanks, Mike

Mike yea, javascript and flash and pretty much any client side executable content is a big nono unless you are absolutely sure you can trust it, its code running on your machine and can completely bypass tor, well outside of some certain paranoid configurations

December 23, 2008


Mike: are you using TorButton? If not, there are many ways you could be identified based on browser cookies, persisted Flash applet data, etc.

For example, you visit site.com without Tor and unique identifier is written to your hard drive with Flash. Then you run Tor and visit the same site from an exit node. You are still sending the same unique identifier due to insecure use of Flash. There are many more examples like this; you must use Tor properly to protect yourself!

December 25, 2008


geoip.vidalia-project.net. dosnt seem to be connecting, does it affect the way TOR operates and can it be used to control which nodes you can connect to?

January 01, 2009


You should supply a tor distribution for embedded appliances if you want to increase the number of nodes. I donĀ“t want to run a server constantly on my desktop for security, practical and power reasons.

For an example of this look at how m0n0wall supplies finished ready-to-run compact flash images for the PC Engines embedded PC.