One way we help human rights defenders and organizations take back their right to privacy online is by helping them to use and set up onion services. Last year, thanks to the support of Digital Defenders Partnership, we wrote a series of Onion Guides intended to make it easier for our partners to correctly and safely set up their own onion services.
We are happy to share the news of another important milestone for .onion services! You can now get DV certificates for your v3 onion site using HARICA, a Root CA Operator founded by Academic Network (GUnet), a civil society nonprofit from Greece.
Tor Browser 10.0.14 is now available from the Tor Browser download page and also from our distribution directory.
Tor Browser 10.5a12 is now available from the Tor Browser Alpha download page and also from our...
There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.6.1-alpha from the download page on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely next week.
Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.
Tor 0.4.6.1-alpha is the first alpha release in the 0.4.6.x series. It improves client circuit performance, adds missing features, and improves some of our DoS handling and statistics reporting. It also includes numerous smaller bugfixes.
Below are the changes since 0.4.5.7. (Note that this release DOES include the fixes for the security bugs already fixed in 0.4.5.7.)
The “Reclaim Your Face” coalition has launched a European Citizens’ Initiative for a ban on biometric mass surveillance. Individuals can sign the petition for a ban on biometric mass surveillance. Organizations can get involved, too.
We have a new stable release today. If you build Tor from source, you can download the source code for 0.4.5.7 on the download page. Packages should be available within the next several weeks, with a new Tor Browser coming next week.
Also today, Tor 0.3.5.14 (changelog) and Tor 0.4.4.8 (changelog) have also been released; you can find them (and source for older Tor releases) at https://dist.torproject.org.
These releases fix a pair of denial-of-service issues, described below. One of these issues is authority-only. The other issue affects all Tor instances, and is most damaging on directory authorities and relays. We recommend that everybody should upgrade to one of these versions once packages are available.
Tor 0.4.5.7 fixes two important denial-of-service bugs in earlier versions of Tor.
One of these vulnerabilities (TROVE-2021-001) would allow an attacker who can send directory data to a Tor instance to force that Tor instance to consume huge amounts of CPU. This is easiest to exploit against authorities, since anybody can upload to them, but directory caches could also exploit this vulnerability against relays or clients when they download. The other vulnerability (TROVE-2021-002) only affects directory authorities, and would allow an attacker to remotely crash the authority with an assertion failure. Patches have already been provided to the authority operators, to help ensure network stability.
We recommend that everybody upgrade to one of the releases that fixes these issues (0.3.5.14, 0.4.4.8, or 0.4.5.7) as they become available to you.
This release also updates our GeoIP data source, and fixes a few smaller bugs in earlier releases.
The metrics timeline is a database of news and events that may affect Tor Metrics graphs. This post is about how you can contribute to the timeline and help keep it up to date.
Tor Browser 10.0.13 is now available from the Tor Browser download page and also from our distribution directory.
OnionShare 2.3 adds tabs, anonymous chat, better command line support, and quite a bit more.