Tor Project blogurn:uuid:201c3fb3-b4bd-3a4e-85ed-16327d11d7a62024-03-12T00:00:00ZThe Tor ProjectOfficial channel for news and updates from the Tor ProjectHiding in plain sight: Introducing WebTunnel2024-03-12T00:00:00Zshelikhoo, ggusurn:uuid:4811132e-7f72-3a78-b9a8-9ead33809ede<article class="blog-post">
<picture>
<source media="(min-width:415px)" srcset="https://blog.torproject.org/introducing-webtunnel-evading-censorship-by-hiding-in-plain-sight/lead.webp" type="image/webp">
<source srcset="https://blog.torproject.org/introducing-webtunnel-evading-censorship-by-hiding-in-plain-sight/lead_small.webp" type="image/webp">
<img class="lead" referrerpolicy="no-referrer" loading="lazy" src="https://blog.torproject.org/introducing-webtunnel-evading-censorship-by-hiding-in-plain-sight/lead.png">
</picture>
<div class="body"><p>Today, March 12th, on the <a href="https://en.wikipedia.org/wiki/World_Day_Against_Cyber_Censorship">World Day Against Cyber Censorship</a>, the Tor Project's Anti-Censorship Team is excited to officially announce the release of WebTunnel, a new type of Tor bridge designed to assist users in heavily censored regions to connect to the Tor network. Available now in the stable version of Tor Browser, WebTunnel joined our collection of censorship circumvention tech developed and maintained by The Tor Project. </p>
<p>The development of different types of bridges are crucial for making Tor more resilient against censorship and stay ahead of adversaries in the highly dynamic and ever-changing censorship landscape. This is especially true as we're going through the 2024 global election megacycle, <a href="https://blog.torproject.org/2024-defend-internet-freedom-during-elections/">the role of censorship circumvention tech becomes crucial in defending Internet Freedom</a>.</p>
<p>If you've ever considered becoming a Tor bridge operator to help others connect to Tor, now is an excellent time to get started! You can find the requirements and instructions for running a WebTunnel bridge in the <a href="https://community.torproject.org/relay/setup/webtunnel/">Tor Community portal</a>.</p>
<h2>What is WebTunnel and how does it work?</h2>
<p>WebTunnel is a censorship-resistant pluggable transport designed to mimic encrypted web traffic (HTTPS) inspired by <a href="https://www.usenix.org/conference/foci20/presentation/frolov">HTTPT</a>. It works by wrapping the payload connection into a WebSocket-like HTTPS connection, appearing to network observers as an ordinary HTTPS (WebSocket) connection. So, for an onlooker without the knowledge of the hidden path, it just looks like a regular HTTP connection to a webpage server giving the impression that the user is simply browsing the web. </p>
<p>In fact, WebTunnel is so similar to ordinary web traffic that it can coexist with a website on the same network endpoint, meaning the same domain, IP address, and port. This coexistence allows a standard traffic reverse proxy to forward both ordinary web traffic and WebTunnel to their respective application servers. As a result, when someone attempts to visit the website at the shared network address, they will simply perceive the content of that website address and won't notice the existence of a secret bridge (WebTunnel).</p>
<h2>Comparing WebTunnel to obfs4 bridges</h2>
<p>WebTunnel can be used as an alternative to obfs4 for most Tor Browser users. While obfs4 and other fully encrypted traffic aim to be entirely distinct and unrecognizable, WebTunnel's approach to mimicking known and typical web traffic makes it more effective in scenarios where there is a protocol allow list and a deny-by-default network environment.</p>
<p>Consider a network traffic censorship mechanism as a coin sorting machine, with coins representing the flowing traffic. Traditionally, such a machine checks if the coin fits a known shape and allows it to pass if it does or discards it if it does not. In the case of fully encrypted, unknown traffic, as demonstrated in the published research <a href="https://www.usenix.org/conference/usenixsecurity23/presentation/wu-mingshi">How the Great Firewall of China Detects and Blocks Fully Encrypted Traffic</a>, which doesn't conform to any specific shape, it would be subject to censorship. In our coin analogy, not only must the coin not fit the shape of any known blocked protocol, it also needs to fit a recognized allowed shape--otherwise, it would be dropped. Obfs4 traffic, being neither a match for any known allowed protocol nor a text protocol, would be rejected. In contrast, WebTunnel traffic resembling HTTPS traffic, a permitted protocol, will pass.</p>
<p>If you want to learn more about bridges, different designs and how they work, <a href="https://www.youtube.com/watch?v=8mdtSgHWhXY">check out our video series.</a></p>
<h2>How to use a WebTunnel Bridge? </h2>
<h3>🌉 Step 1 - Getting a WebTunnel bridge</h3>
<p>At the moment, WebTunnel bridges are only distributed via the Tor Project bridges website. We plan to include more distributor methods like Telegram and moat. </p>
<ol>
<li><p>Using your regular web browser, visit the website: <a href="https://bridges.torproject.org/options">https://bridges.torproject.org/options</a></p>
</li>
<li><p>In "Advanced Options", select "webtunnel" from the dropdown menu, and click on "Get Bridges".</p>
</li>
<li><p>Solve the captcha.</p>
</li>
<li><p>Copy the bridge line.</p>
</li>
</ol>
<h3>💻 Step 2 - Download and install Tor Browser for Desktop</h3>
<p>Note: WebTunnel bridges will not work on old versions of Tor Browser (12.5.x).</p>
<ol>
<li><p>Download and install the latest version of Tor Browser for Desktop.</p>
</li>
<li><p>Open Tor Browser and go to the Connection preferences window (or click on "Configure Connection").</p>
</li>
<li><p>Click on "Add a Bridge Manually" and add the bridge lines provided on Step 1.</p>
</li>
<li><p>Close the bridge dialog and click on "Connect."</p>
</li>
<li><p>Note any issues or unexpected behavior while using WebTunnel.</p>
</li>
</ol>
<h3>📲 Or Download and install Tor Browser for Android</h3>
<ol>
<li><p>Download and install the latest version of Tor Browser for Android.</p>
</li>
<li><p>Run Tor Browser and choose the option to configure a bridge.</p>
</li>
<li><p>Select "Provide a Bridge I know" and enter the provided bridge addresses.</p>
</li>
<li><p>Tap "OK" and, if everything works well, it will connect.</p>
</li>
</ol>
<h3>✍️ Step 3 - Share feedback with us</h3>
<p>Your feedback is crucial to help us identify any issues and ensuring the reliability of WebTunnel bridges. For users living in censored regions, we would love to hear how this new bridge's performance compares to other circumvention methods such as obfs4 and Snowflake.</p>
<h2>Thank you to all the volunteers who have contributed to making WebTunnel possible</h2>
<p>The more tools we have at our disposal, the better we will be able to target our response, keeping censors at bay and enabling millions of users to access the free and open internet. We first <a href="https://forum.torproject.org/t/call-for-testers-webtunnel-a-new-way-to-bypass-censorship-with-tor-browser/9855">announced this new bridge type in October 2023 with a call for testers</a> asking Tor users for whom it was safe to use WebTunnel to provide feedback. So many of you sprung into action and we received a lot of feedback, both public and private, that allowed us to make numerous stability improvements to WebTunnel. </p>
<p>Right now, there are <a href="https://metrics.torproject.org/rs.html#search/transport:webtunnel?fields=transports">60 WebTunnel bridges</a> hosted all over the world, and <a href="https://metrics.torproject.org/userstats-bridge-transport.html?start=2023-12-08&end=2024-03-07&transport=webtunnel">more than 700 daily active users using WebTunnel</a> on different platforms. However, while WebTunnel works in regions like China and Russia, it does not currently work in some regions in Iran.</p>
<p>Our goal is to ensure that Tor works for everyone. Amid geopolitical conflicts that put millions of people at risk, the internet has become crucial for us to communicate, to witness and share what is happening around the world, to organize, to defend human rights, and to build solidarity. That is why our community's volunteer contributions are vital. Remember, there are many ways to get engaged: You can run more <a href="https://community.torproject.org/relay/setup/bridge">bridges</a>, <a href="https://snowflake.torproject.org/">Snowflake proxies</a> and <a href="https://community.torproject.org/relay/">relays</a> to continue our fight against censorship and for free and open access to the unrestricted internet.</p>
</div>
<div class="categories">
<ul><li>
<a href="https://blog.torproject.org/../category/circumvention">
circumvention
</a>
</li><li>
<a href="https://blog.torproject.org/../category/human-rights">
human rights
</a>
</li><li>
<a href="https://blog.torproject.org/../category/announcements">
announcements
</a>
</li></ul>
</div>
</article>
New Release: Tor Browser 13.0.112024-03-06T00:00:00Zrichardurn:uuid:d809471e-30a7-33c7-b07c-147f3bcd9a7c<article class="blog-post">
<picture>
<source media="(min-width:415px)" srcset="https://blog.torproject.org/new-release-tor-browser-13011/lead.webp" type="image/webp">
<source srcset="https://blog.torproject.org/new-release-tor-browser-13011/lead_small.webp" type="image/webp">
<img class="lead" referrerpolicy="no-referrer" loading="lazy" src="https://blog.torproject.org/new-release-tor-browser-13011/lead.png">
</picture>
<div class="body"><p>Tor Browser 13.0.11 is now available from the <a href="https://www.torproject.org/download/">Tor Browser download page</a> and also from our <a href="https://www.torproject.org/dist/torbrowser/13.0.11/">distribution directory</a>.</p>
<p>This is an emergency release which updates our the domain fronting configuration for the Snowflake pluggable transport and the moat connection to the rdsys backend used by the censorship circumvention system.</p>
<p>A known issue is that the source archives do not match likely due to a change in xz-utils (the underlying source in the archive is identical, only the compressed archive differs). This is not considered a blocker for this release and is being tracked here:</p>
<ul>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41102">https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41102</a></li>
</ul>
<h2>Send us your feedback</h2>
<p>If you find a bug or have a suggestion for how we could improve this release, <a href="https://support.torproject.org/misc/bug-or-feedback/">please let us know</a>.</p>
<h2>Full changelog</h2>
<p>The full changelog since <a href="https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/maint-13.0/projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt">Tor Browser 13.0.10</a> is:</p>
<ul>
<li>All Platforms<ul>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42435">Bug tor-browser#42435</a>: Update moat domain fronting configuration</li>
</ul>
</li>
<li>Build System<ul>
<li>All Platforms<ul>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41085">Bug tor-browser-build#41085</a>: kick_devmole_build script prints wrong URL for Mullvad's build hashes</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41097">Bug tor-browser-build#41097</a>: authenticode-timestamping.sh fails to run again because tmp-timestamp already exists</li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class="categories">
<ul><li>
<a href="https://blog.torproject.org/../category/applications">
applications
</a>
</li><li>
<a href="https://blog.torproject.org/../category/releases">
releases
</a>
</li></ul>
</div>
</article>
Arti 1.2.0 is released: onion services development2024-03-04T00:00:00Zgabiurn:uuid:206f8918-097f-37fd-ac61-585758fe915b<article class="blog-post">
<picture>
<source media="(min-width:415px)" srcset="https://blog.torproject.org/arti_1_2_0_released/lead.webp" type="image/webp">
<source srcset="https://blog.torproject.org/arti_1_2_0_released/lead_small.webp" type="image/webp">
<img class="lead" referrerpolicy="no-referrer" loading="lazy" src="https://blog.torproject.org/arti_1_2_0_released/lead.png">
</picture>
<div class="body"><p>Arti is our ongoing project to create a next-generation Tor client in
Rust. Now we're announcing the latest release, Arti 1.2.0.</p>
<p>In Arti 1.2.0, trying out onion services will hopefully be a
smoother experience.
We have fixed a number of bugs and security issues,
and have made the <code>onion-service-service</code> feature non-experimental.</p>
<p>We have begun design work on some of the onion service security features on our roadmap,
such as the memory DoS prevention subsystem,
and the connection bandwidth rate-limiter.
In addition, we have scoped the remaining work
for supporting hidden service client authorization,
which will be implemented in a future release.</p>
<p>This release also fixes a <a href="https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/SecurityPolicy#how-will-we-assess-the-severity-of-a-security-issue">low severity</a> security issue:
the relay message handling code was not rejecting empty DATA messages,
which could be used to inject an undetected traffic signal.
This issue is tracked as <a href="https://gitlab.torproject.org/tpo/core/arti/-/issues/1269">TROVE-2024-001</a>.</p>
<p>There are still some rough edges and missing security features,
so we don't (yet) recommend Arti onion services for production use,
or for any purpose that requires privacy.</p>
<p>For instructions on how to run an onion service in Arti,
see our <a href="https://gitlab.torproject.org/tpo/core/arti/-/blob/arti-v1.2.0/doc/OnionService.md?ref_type=tags">work-in-progress HOWTO document</a>.
We hope to make these instructions simpler and better
as our implementation improves.</p>
<p>For full details on what we've done, and for information about
many smaller and less visible changes as well,
please see the <a href="https://gitlab.torproject.org/tpo/core/arti/-/blob/ef374c925a56be2c308bb78f402eca44d98d377b/CHANGELOG.md#arti-120-4-march-2024">CHANGELOG</a>.</p>
<p>In the next releases, we will focus on implementing
the missing <a href="https://gitlab.torproject.org/tpo/core/arti/-/issues/?label_name%5B%5D=Onion%20Services%3A%20Improved%20Security">security features</a> and on improving stability.</p>
<p>For more information on using Arti, see our top-level <a href="https://gitlab.torproject.org/tpo/core/arti/-/blob/main/README.md">README</a>, and the
documentation for the <a href="https://gitlab.torproject.org/tpo/core/arti/-/tree/main/crates/arti"><code>arti</code> binary</a>.</p>
<p>Thanks to everybody who's contributed to this release, including
Alexander Færøy, Jim Newsome, Tobias Stoeckmann, and trinity-1686a.</p>
<p>Also, our deep thanks to <a href="https://zcashcommunitygrants.org/">Zcash Community Grants</a> and our <a href="https://www.torproject.org/about/sponsors/">other sponsors</a>
for funding the development of Arti!</p>
</div>
<div class="categories">
<ul><li>
<a href="https://blog.torproject.org/../category/announcements">
announcements
</a>
</li></ul>
</div>
</article>
New Alpha Release: Tor Browser 13.5a52024-02-28T00:00:00Zrichardurn:uuid:6a15b467-137c-38fa-835c-35a118dd34e1<article class="blog-post">
<picture>
<source media="(min-width:415px)" srcset="https://blog.torproject.org/new-alpha-release-tor-browser-135a5/lead.webp" type="image/webp">
<source srcset="https://blog.torproject.org/new-alpha-release-tor-browser-135a5/lead_small.webp" type="image/webp">
<img class="lead" referrerpolicy="no-referrer" loading="lazy" src="https://blog.torproject.org/new-alpha-release-tor-browser-135a5/lead.png">
</picture>
<div class="body"><p>Tor Browser 13.5a5 is now available from the <a href="https://www.torproject.org/download/alpha/">Tor Browser download page</a> and also from our <a href="https://www.torproject.org/dist/torbrowser/13.5a5/">distribution directory</a>.</p>
<p>This version includes important <a href="https://www.mozilla.org/en-US/security/advisories/">security updates</a> to Firefox.</p>
<p>We would like to thank the folowing community members for their contributions this release:</p>
<ul>
<li>ppisar for their fixup to <a href="https://gitlab.torproject.org/tpo/applications/rbm/-/issues/40072">rbm#40072</a></li>
</ul>
<p>We would also like to bring attention to a work-in-progress merge request from community members NoisyCoil, <a href="https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_requests/920">tor-browser-build!920</a>. This work is the first step toward potentially supporting aarch64 Linux builds of Tor Browser in an official capacity. If you've any interest in the work behind cross-compiled Tor Browser builds, this MR is the one keep an eye on!</p>
<p>Thank you both for your contributions! If you would like to contribute, our contributor guide can be found <a href="https://gitlab.torproject.org/tpo/applications/team/-/wikis/Development-Information/Tor-Browser/Contributing-to-Tor-Browser">here</a>.</p>
<h2>Native Android Connect Assist UX</h2>
<p>As discussed in the <a href="https://blog.torproject.org/new-alpha-release-tor-browser-135a3/">13.5a3</a> and <a href="https://blog.torproject.org/new-alpha-release-tor-browser-135a4/">13.5a4</a> release posts, we have been working on bringing the connect-assist feature from Desktop to Android. The work continues, and we now have an initial implementation of this feature exposed via native Android interface.</p>
<p>You can access the native Android interface by navigating to <code>Settings > Tor Network</code> and selecting <code>Enable beta connection features</code>. From there, select <code>Native Android UI</code>. The <code>HTML UI</code> option is still available for debugging purposes, but will be removed once this feature stabilises in 13.5.</p>
<p>Please give this feature a go! The native UI is not yet feature complete but regardless, if you run into problems please open an issue on our <a href="https://gitlab.torproject.org/tpo/applications/tor-browser">gitlab</a> or on our <a href="https://forum.torproject.org">forum</a>.</p>
<h2>Send us your feedback</h2>
<p>If you find a bug or have a suggestion for how we could improve this release, <a href="https://support.torproject.org/misc/bug-or-feedback/">please let us know</a>.</p>
<h2>Full changelog</h2>
<p>The full changelog since <a href="https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/main/projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt">Tor Browser 13.5a4</a> is:</p>
<ul>
<li>All Platforms<ul>
<li>Updated OpenSSL to 3.0.13</li>
<li>Updated Snowflake to 2.9.0</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42376">Bug tor-browser#42376</a>: The placeholder of datetime inputs keeps being localized when spoof English is on</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42378">Bug tor-browser#42378</a>: spoof english + htmlform <details> can leak app language</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42390">Bug tor-browser#42390</a>: Betterboxing: make the decorator border disappear when the corners are flat</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42397">Bug tor-browser#42397</a>: Change RFP-spoofed Timezone from UTC to a real-world, less discriminable one</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42412">Bug tor-browser#42412</a>: Rebase Tor Browser Alpha onto 115.8.0esr</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41079">Bug tor-browser-build#41079</a>: Bump version of Snowflake to v2.9.0</li>
</ul>
</li>
<li>Windows + macOS + Linux<ul>
<li>Updated Firefox to 115.8.0esr</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41814">Bug tor-browser#41814</a>: Change "vanilla bridge:" to "Tor bridge:" in bridge cards</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42270">Bug tor-browser#42270</a>: Implement design changes to QR code dialog</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42389">Bug tor-browser#42389</a>: Betterboxing: gradient is never shown</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42398">Bug tor-browser#42398</a>: Include Alpha and Nightly in MOZ_APP_DISPLAYNAME (and possibly in other places)</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42414">Bug tor-browser#42414</a>: Show ellipsis when the tor bridge address overflows</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42415">Bug tor-browser#42415</a>: Improve focus styling for forced focus in bridge settings</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42421">Bug tor-browser#42421</a>: Remove bridge option should be hidden for Lox bridges</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42423">Bug tor-browser#42423</a>: Move temporary Lox Fluent strings to new file</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42425">Bug tor-browser#42425</a>: Improve accessibility of the bridge emoji cells</li>
</ul>
</li>
<li>Android<ul>
<li>Updated GeckoView to 115.8.0esr</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42253">Bug tor-browser#42253</a>: Remove "New private tab" action and widget</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42402">Bug tor-browser#42402</a>: Remove Android YEC strings</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42407">Bug tor-browser#42407</a>: TTP-03-010 WP3: Potential phishing</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42416">Bug tor-browser#42416</a>: Backport Android security fixes from Firefox 123</li>
</ul>
</li>
<li>macOS<ul>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40569">Bug tor-browser-build#40569</a>: Create build-specific installer for macOS</li>
</ul>
</li>
<li>Build System<ul>
<li>All Platforms<ul>
<li>Updated Go to 1.20.14 and 1.21.7</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41081">Bug tor-browser-build#41081</a>: Update detailsURL in tools/signing/nightly/update-responses-base-config.yml</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41085">Bug tor-browser-build#41085</a>: kick_devmole_build script prints wrong URL for Mullvad's build hashes</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/rbm/-/issues/40068">Bug rbm#40068</a>: Switch from IO::CaptureOutput to Capture::Tiny</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/rbm/-/issues/40069">Bug rbm#40069</a>: Make stdout and stderr utf8</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/rbm/-/issues/40071">Bug rbm#40071</a>: Add an option to create zip files using 7z</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/rbm/-/issues/40072">Bug rbm#40072</a>: Move capture_exec to a separate module</li>
</ul>
</li>
<li>Windows<ul>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41076">Bug tor-browser-build#41076</a>: Include the ShellLink plugin in NSIS</li>
</ul>
</li>
<li>macOS<ul>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41084">Bug tor-browser-build#41084</a>: $app_bundle is missing the final .app in projects/firefox/build</li>
</ul>
</li>
<li>Android<ul>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42399">Bug tor-browser#42399</a>: Re-enable minimization of JS for Android</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41080">Bug tor-browser-build#41080</a>: Re-pack omni.ja with 7-zip on Android</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41092">Bug tor-browser-build#41092</a>: Use an uncompressed omni.ja to improve final apk compression.</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41093">Bug tor-browser-build#41093</a>: Sign unsigned APKs instead of the QA-signed ones</li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class="categories">
<ul><li>
<a href="https://blog.torproject.org/../category/applications">
applications
</a>
</li><li>
<a href="https://blog.torproject.org/../category/releases">
releases
</a>
</li></ul>
</div>
</article>
New Release: Tails 6.02024-02-27T00:00:00Ztailsurn:uuid:1d902882-4b09-354c-902e-744b60c4291e<article class="blog-post">
<picture>
<source media="(min-width:415px)" srcset="https://blog.torproject.org/new-release-tails-60/lead.webp" type="image/webp">
<source srcset="https://blog.torproject.org/new-release-tails-60/lead_small.webp" type="image/webp">
<img class="lead" referrerpolicy="no-referrer" loading="lazy" src="https://blog.torproject.org/new-release-tails-60/lead.jpg">
</picture>
<div class="body"><h2>New features</h2>
<h3>Error detection on the Persistent Storage</h3>
<p>Tails 6.0 warns you about <a href="https://tails.net/ioerror/">errors when reading or
writing</a> from your Tails USB stick.</p>
<p>These alerts can help you diagnose hardware failures on your USB stick and
backup your Persistent Storage before it's too late.</p>
<h3>Mount external devices automatically</h3>
<p>When you plug in an external storage device, a USB stick or an external hard
disk, Tails 6.0 mounts it automatically. If the storage device contains an
encrypted partition, Tails 6.0 offers you to unlock the encryption
automatically.</p>
<p>This feature also simplifies how to unlock <a href="https://tails.net/doc/encryption_and_privacy/veracrypt/"><em>VeraCrypt</em> encrypted
volumes</a>.</p>
<h3>Protection against malicious USB devices</h3>
<p>If an attacker manages to plug a <a href="https://en.wikipedia.org/wiki/BadUSB">malicious USB
device</a> in your computer, they could run
software that breaks the security built in Tails without your knowledge.</p>
<p>To protect from such attacks while you are away from your computer, Tails 6.0
ignores any USB device that is plugged in while your screen is locked.</p>
<p>You can only use new USB devices if they are plugged in while the screen is
unlocked.</p>
<h3>Dark Mode and Night Light</h3>
<p>From the system menu of Tails 6.0, you can now switch between:</p>
<ul>
<li>The default <em>light</em> mode with colder colors and more brightness</li>
<li>A <em>dark</em> mode</li>
<li>A <em>night light</em> mode with warmer colors and less brightness</li>
<li>A combination of both the <em>dark</em> mode and <em>night light</em> mode</li>
</ul>
<h3>Easier screenshots and screencasts</h3>
<p>GNOME 43 introduces a new shortcut in the system menu that makes it easier to
take a screenshot or record a screencast.</p>
<h3>Easier Gmail in Thunderbird</h3>
<p>Thanks to changes in both Thunderbird and Gmail, it's much easier to configure
a Gmail account in Thunderbird in Tails 6.0.</p>
<ul>
<li>You don't have to configure anything special in your Gmail account, other than the usual 2-Step Verification.</li>
<li>You can sign in to your Gmail account directly when configuring it in <em>Thunderbird</em>.</li>
</ul>
<h3>Diceware passphrases in 5 more languages</h3>
<p>When creating a Persistent Storage, suggested passphrases are now also
generated in Catalan, German, Italian, Portuguese, and Spanish.</p>
<p>Thanks to <a href="https://gitlab.tails.boum.org/jawlensky">jawlensky</a> who created the
word lists for Catalan, Italian, and Spanish for Tails, but also made them
available to all users of <code>diceware</code>.</p>
<h2>Changes and updates</h2>
<h3>Included software</h3>
<p>Tails 6.0 updates most of the applications included in Tails, among others:</p>
<ul>
<li><em>Tor Browser</em> to <a href="https://blog.torproject.org/new-release-tor-browser-13010/">13.0.10</a>.</li>
<li><em>Electrum</em> from 4.0.9 to 4.3.4<ul>
<li>Improve support for the Lightning protocol and hardware wallets.</li>
</ul>
</li>
<li><em>KeePassXC</em> from 2.6.2 to 2.7.4<ul>
<li>Add entry tags.</li>
<li>Support dark mode.</li>
<li>Redesign history view.</li>
</ul>
</li>
<li><em>Metadata Cleaner</em> from 1.0.2 to 2.4.0<ul>
<li>Redesign the whole user interface.</li>
<li>Support dark mode.</li>
<li>Add support for AIFF and HEIC files.</li>
</ul>
</li>
<li><em>Text Editor</em> from <code>gedit</code> to <code>gnome-text-editor</code><ul>
<li>Support dark mode.</li>
</ul>
</li>
<li><em>Inkscape</em> from 1.0.2 to 1.2.2</li>
<li><em>Audacity</em> from 2.4.2 to 3.2.4</li>
<li><em>Gimp</em> from 2.10.22 to 2.10.34</li>
<li><em>Kleopatra</em> from 4:20.08 to 4:22.12</li>
</ul>
<h3>Removed features</h3>
<ul>
<li>Remove the icons on the desktop.</li>
</ul>
<p>The extension of GNOME Shell that we used to provide this feature is not well
integrated into GNOME and created other problems.
(<a href="https://gitlab.tails.boum.org/tails/tails/-/issues/19920">#19920</a>)</p>
<ul>
<li>Remove the item <strong>Wipe</strong> and <strong>Wipe available disk space</strong> from the shortcut menu of the <em>Files</em> browser.</li>
</ul>
<p>Secure deletion is not reliable enough on USB sticks and Solid-State Drives
(SSDs) for us to keep advertising this feature.</p>
<p>We updated our documentation on <a href="https://tails.net/doc/encryption_and_privacy/secure_deletion/">secure
deletion</a> to
new recommendations: use encrypted volumes, overwrite the entire device, or
disintegrate it physically.</p>
<ul>
<li>Remove the item <strong>Remove metadata</strong> from the shortcut menu of the <em>Files</em> browser.</li>
</ul>
<p>The developers of MAT2, the metadata removal library used by <em>Metadata
Cleaner</em> are not providing this option anymore.</p>
<ul>
<li>Remove <em>GtkHash</em></li>
</ul>
<p>You can still install <em>GtkHash</em> as <a href="https://tails.net/doc/persistent_storage/additional_software/">Additional
Software</a>.</p>
<h2>Fixed problems</h2>
<ul>
<li>Fix several issues with special characters and non-Latin scripts in the screen keyboard. (<a href="https://gitlab.tails.boum.org/tails/tails/-/issues/18076">#18076</a>)</li>
</ul>
<p>For more details, read our
<a href="https://gitlab.tails.boum.org/tails/tails/-/blob/master/debian/changelog">changelog</a>.</p>
<h2>Known issues</h2>
<ul>
<li><em>OnionShare</em> is still included as version 2.2.</li>
</ul>
<p>We tried to include <em>OnionShare</em> 2.6 in Tails 6.0, but it has several issues
that had security implications.
(<a href="https://gitlab.tails.boum.org/tails/tails/-/issues/20135">#20135</a> and
<a href="https://gitlab.tails.boum.org/tails/tails/-/issues/20140">#20140</a>)</p>
<ul>
<li>Mounting external devices automatically interferes with the <em>Back Up Persistent Storage</em> utility. (<a href="https://gitlab.tails.boum.org/tails/tails/-/issues/20143">#20143</a>)</li>
</ul>
<h2>Get Tails 6.0</h2>
<h3>To upgrade your Tails USB stick and keep your Persistent Storage</h3>
<ul>
<li>Automatic upgrades are only available from Tails 6.0~rc1 to 6.0.</li>
</ul>
<p>All other users have to do a <a href="https://tails.net/doc/upgrade/#manual">manual
upgrade</a>.</p>
<h3>To install Tails 6.0 on a new USB stick</h3>
<p>Follow our installation instructions:</p>
<ul>
<li><p><a href="https://tails.net/install/windows/">Install from Windows</a></p>
</li>
<li><p><a href="https://tails.net/install/mac/">Install from macOS</a></p>
</li>
<li><p><a href="https://tails.net/install/linux/">Install from Linux</a></p>
</li>
<li><p><a href="https://tails.net/install/expert/">Install from Debian or Ubuntu using the command line and GnuPG</a></p>
</li>
</ul>
<p>The Persistent Storage on the USB stick will be lost if you install instead of
upgrading.</p>
<h3>To download only</h3>
<p>If you don't need installation or upgrade instructions, you can download Tails
6.0 directly:</p>
<ul>
<li><p><a href="https://tails.net/install/download/">For USB sticks (USB image)</a></p>
</li>
<li><p><a href="https://tails.net/install/download-iso/">For DVDs and virtual machines (ISO image)</a></p>
</li>
</ul>
<h2>Support and feedback</h2>
<p>For support and feedback, visit the <a href="https://tails.net/support/">Support
section</a> on the Tails website.</p>
</div>
<div class="categories">
<ul><li>
<a href="https://blog.torproject.org/../category/partners">
partners
</a>
</li><li>
<a href="https://blog.torproject.org/../category/releases">
releases
</a>
</li></ul>
</div>
</article>
New Release: Tor Browser 13.0.102024-02-20T00:00:00Zrichardurn:uuid:1ea9d4a3-2217-3887-bdb9-b9f17c5f2d76<article class="blog-post">
<picture>
<source media="(min-width:415px)" srcset="https://blog.torproject.org/new-release-tor-browser-13010/lead.webp" type="image/webp">
<source srcset="https://blog.torproject.org/new-release-tor-browser-13010/lead_small.webp" type="image/webp">
<img class="lead" referrerpolicy="no-referrer" loading="lazy" src="https://blog.torproject.org/new-release-tor-browser-13010/lead.png">
</picture>
<div class="body"><p>Tor Browser 13.0.10 is now available from the <a href="https://www.torproject.org/download/">Tor Browser download page</a> and also from our <a href="https://www.torproject.org/dist/torbrowser/13.0.10/">distribution directory</a>.</p>
<p>This version includes important <a href="https://www.mozilla.org/en-US/security/advisories/">security updates</a> to Firefox.</p>
<p>This release updates Firefox to 115.8.0esr, OpenSSL to 3.0.13, zlib to 1.3.1, and Snowflake to 2.9.0. It also includes various bug fixes (see changelog for details).</p>
<h2>Send us your feedback</h2>
<p>If you find a bug or have a suggestion for how we could improve this release, <a href="https://support.torproject.org/misc/bug-or-feedback/">please let us know</a>.</p>
<h2>Full changelog</h2>
<p>The full changelog since <a href="https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/maint-13.0/projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt">Tor Browser 13.0.9</a> is:</p>
<ul>
<li>All Platforms<ul>
<li>Updated OpenSSL to 3.0.13</li>
<li>Updated zlib to 1.3.1</li>
<li>Updated Snowflake to 2.9.0</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42374">Bug tor-browser#42374</a>: spoof english leaks via numberingSystem: numbers (non-latn) or decimal separator (latn)</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42411">Bug tor-browser#42411</a>: Rebase Tor Browser stable onto 115.8.0esr</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41079">Bug tor-browser-build#41079</a>: Bump version of Snowflake to v2.9.0</li>
</ul>
</li>
<li>Windows + macOS + Linux<ul>
<li>Updated Firefox to 115.8.0esr</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42338">Bug tor-browser#42338</a>: Changing circuit programmatically in Tor Browser not working anymore!</li>
</ul>
</li>
<li>Android<ul>
<li>Updated GeckoView to 115.8.0esr</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42402">Bug tor-browser#42402</a>: Remove Android YEC strings</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42416">Bug tor-browser#42416</a>: Backport Android security fixes from Firefox 123</li>
</ul>
</li>
<li>Linux<ul>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42293">Bug tor-browser#42293</a>: Updater is disabled when tor-browser is run by torbrowser-launcher flatpak</li>
</ul>
</li>
<li>Build System<ul>
<li>All Platforms<ul>
<li>Updated Go to 1.20.14 and 1.21.7</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41067">Bug tor-browser-build#41067</a>: Use Capture::Tiny instead of IO::CaptureOutput</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/rbm/-/issues/40067">Bug rbm#40067</a>: Use --no-verbose wget option when not running in a terminal</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/rbm/-/issues/40068">Bug rbm#40068</a>: Switch from IO::CaptureOutput to Capture::Tiny</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/rbm/-/issues/40069">Bug rbm#40069</a>: Make stdout and stderr utf8</li>
<li><a href="https://gitlab.torproject.org/tpo/applications/rbm/-/issues/40072">Bug rbm#40072</a>: Move capture_exec to a separate module</li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class="categories">
<ul><li>
<a href="https://blog.torproject.org/../category/applications">
applications
</a>
</li><li>
<a href="https://blog.torproject.org/../category/releases">
releases
</a>
</li></ul>
</div>
</article>
Celebrating the next generation of software tinkerers: interview with Matthias Kirschner from FSFE2024-02-14T00:00:00Zpavelurn:uuid:7eaeb1b1-0733-3760-957e-8bc6ae26a02a<article class="blog-post">
<picture>
<source media="(min-width:415px)" srcset="https://blog.torproject.org/i-love-free-software-day-interview-fsfe/lead.webp" type="image/webp">
<source srcset="https://blog.torproject.org/i-love-free-software-day-interview-fsfe/lead_small.webp" type="image/webp">
<img class="lead" referrerpolicy="no-referrer" loading="lazy" src="https://blog.torproject.org/i-love-free-software-day-interview-fsfe/lead.png">
</picture>
<div class="body"><p>Today is <a href="https://fsfe.org/news/2024/news-20240109-01.en.html">"I love Free Software Day"</a> a special day of appreciation to all the contributors to free software projects, large or small, and to show some love to those who advocate for free software. This year's theme is "Forging the future with Free Software" to engage younger generations, i.e. those who play a big part in shaping the future of free software. That's why we're putting a spotlight on one of those projects that aims to do exactly that: the children's book <em><a href="https://fsfe.org/activities/ada-zangemann//">Ada & Zangemann -- A Tale of Software, Skateboards, and Raspberry Ice Cream</a></em> by Matthias Kirschner with illustrations from Sandra Brandstätter.</p>
<p>The story follows a young hardware tinkerer Ada on her quest to take on Zangemann, an inventor who began controlling all of the world's computerized devices to do exactly what he wants. She learns that the power of computer code can set her and children everywhere free from the villainous inventor's selfish plan. Through clever experiments with hardware and software, Ada and her friends show the world how important it is to be able to have control over the everyday technologies we use. Suited for readers ages 6 to 106, the book is designed to peak children's interest in engaging with hardware and software, and to encourage their desire to shape their own technology.</p>
<p>From our own community outreach and advocacy work, we know how hard it is to illustrate the critical role of free and open-source technology for democratic participation. It's even more difficult if you have to break it down for younger generations. We sat down with Matthias Kirschner, the author of the book and <a href="https://fsfe.org/index.en.html">president of the FSFE (Free Software Foundation Europe)</a> to learn more about what inspired this project, how his own children helped him tease out the narrative--and what parents and others can do today to help shape the future of free software.</p>
<h3>What is the importance of introducing younger audiences to the concept of free and open-source technology and its role in democratic societies?*</h3>
<p>In Democracies we distribute power, and try to ensure that not too much power is concentrated in the hands of only a few people. Those checks and balances are often missing or not considered for technology. If we want to prevent a few people from controlling the rest of humankind, we need to ensure the distribution of power in the realm of technology as well.</p>
<p>Enabling the next generations to tinker, to actively shape technology, and have discussions about the effects on how we live together in a world full of technology will heavily influence democratic outcomes in the future. So, if you care about a free society, you should care about software freedom.</p>
<h3>How were you able to tackle these technical issues and abstract concepts and package them into a story that would appeal to a young(er) audience?</h3>
<p>As a father I read a lot of stories for children, with some of them doing a really good job at explaining complex topics, and I thought there would also be something like that about the impact of technology on our lives. So, I asked around on mailing lists for recommendations on books about software, hardware, programming, or also ethical aspects of those technologies for children. But I did not get a lot of recommendations and those I liked were geared more towards older children.</p>
<p>That's why I started to make up my own bedtime stories for my children that focused on those topics by viewing them through the lens of what they experienced during the day. And that was a great way to receive some honest and direct feedback. What did they understand, what did they like and what not? This helped me understand what story elements would work and should be included--and slowly but surely, the story of Ada emerged.</p>
<h3>You mentioned the difficulty of finding resources that are also suitable for children. How can interested parents and kids continue their digital rights education journey after you've peaked their interest with your book?</h3>
<p>For children, depending on how they like to learn I would either recommend checking if there are any local groups out there that already offer programming classes for certain age groups or that allow them to tinker with hardware. Or to check out resources in the library or online resources for self-guided learning. In general it is great for children and teenagers to connect with others with the same interests; at least I experience that with the children I met at my book readings and with the participants of the <a href="https://yh4f.org/">FSFE's coding competition for teenagers Youth Hacking 4 Freedom</a>. </p>
<p>I would also recommend introducing them to other books about the impact of technology on our society that are slightly outside of their age group and do some guided reading with parents. For example, I am a big fan of Cory Doctorow's stories. If you are an adult and have not yet read "Little Brother" or "Unauthorized Bread" by him, you definitely should do so. </p>
<p>For those who are interested in non-fiction, the writings that influenced me most and made me better understand those topics were <a href="https://lessig.org/product/codev2">Lawrence Lessig's "Code and other laws of cyberspace"</a> as well as the <a href="https://www.gnu.org/philosophy/">GNU project's philosophy page</a>. And of course I also recommend people interested in those topics to follow <a href="https://fsfe.org/news/index.html">the FSFE's work for software freedom</a>.</p>
<p>This book is suited for kids, but they will grow up to become adults. What can the adults of today do to create a better digital future for their kids? What are some future scenarios that demand action today so that upcoming generations can have a 'better internet'?</p>
<p>The good thing is there are many things that can be done. Have a look at websites of organisations like <a href="https://www.eff.org/">EFF</a>, <a href="https://www.fsf.org/">Free Software Foundation</a>, <a href="https://sfconservancy.org/">Software Freedom Conservancy </a>working on user rights, many of the great groups developing free software, like the Tor Project, and see how you can contribute.</p>
<p>For example, for us at the Free Software Foundation Europe, contributing as a volunteer or donating makes a huge difference on what we can achieve in our policy, legal, technical, and public awareness work for software freedom. In general you should give more money to people, organizations, and companies that enable you to use software, which you are allowed to use, understand, share, and improve. </p>
<p>Besides that it is important to work on those topics long-team. It took a long time in many countries to establish the freedom of the press. There are still many people who do not benefit from it. And it does not stop there: you have to defend such rights constantly. The same applies for software freedom. It will take us a long time to establish it as a default right and even longer to defend it.</p>
<h3>What is the feedback you've been getting from kids & their parents about this book?</h3>
<p>I suspected that some people would like such a book, but I was surprised how much positive feedback we received. From "I read the book with my daughter and now she wants to start programming" to those who gifted the book to their parents, colleagues, business partners, their boss or politicians and say that it helped start discussions about ethics and technology. </p>
<p>There are also people who suggest or donate the book to libraries or those who even offer schools, youth clubs, or hackerspaces to read the book there -- which I can just recommend to everyone. I have meanwhile read the book to over 1000 people, and it highly motivates me every time <a href="https://git.fsfe.org/FSFE/ada-zangemann">(you can find all the materials for readings in our git repository.)</a></p>
<p>And it is great to see how people support translations of the book. For example, volunteers translated and published it in Italian; through donations we could print 3500 Ukrainian copies and distribute them to organizations working with refugees; afterwards we could repeat that with 7000 Arabic copies; a large car manufacturer contracted a Spanish translation which should soon be finished, in order to increase the participation of girls and young women in STEM; and through an initiative of the French Ministry of Education four schools did a project for several weeks to work with the book and do a collaborative online translation of it, which was then release by a publisher in December.</p>
<h3>Is there anything else you'd like to share about this project or others that you are working on?</h3>
<p>The book is published under CC-BY-SA, so use the power of the license to support and I hope you find it useful to assist your work for digital rights. More information on <a href="https://ada.fsfe.org">https://ada.fsfe.org</a> including a link to our git repository <a href="https://git.fsfe.org/FSFE/ada-zangemann">https://git.fsfe.org/FSFE/ada-zangemann</a> which hosts the illustrations and texts including community translations, as well as all the material I used to read it at schools or libraries.</p>
<p>It is also currently available in English by the publisher <a href="https://nostarch.com/ada-zangemann">No Starch Press</a> to order from the US and can be pre-ordered from your preferred bookstore world-wide with the ISBN 978-1-718-50318-2.</p>
<p>Do not forget to contribute and donate to organizations like the Tor<a href="https://donate.torproject.org/"> Project</a> or the <a href="https://fsfe.org/donate">FSFE</a>.</p>
<p>And most importantly, a big thank you to all the contributors of the Tor project. You are making crucial contributions to our society. That is what "<a href="https://fsfe.org/activities/ilovefs/index.html">I love Free Software Day" is all about. Thank you very much!</a></p>
</div>
<div class="categories">
<ul><li>
<a href="https://blog.torproject.org/../category/community">
community
</a>
</li><li>
<a href="https://blog.torproject.org/../category/human-rights">
human rights
</a>
</li></ul>
</div>
</article>
Thank you! Our 2023 year-end fundraising results 🎉2024-02-14T00:00:00Zalsmithurn:uuid:05f7827a-cc75-3287-8ba0-e6d26d21a812<article class="blog-post">
<picture>
<source media="(min-width:415px)" srcset="https://blog.torproject.org/2023-fundraising-results-thank-you/lead.webp" type="image/webp">
<source srcset="https://blog.torproject.org/2023-fundraising-results-thank-you/lead_small.webp" type="image/webp">
<img class="lead" referrerpolicy="no-referrer" loading="lazy" src="https://blog.torproject.org/2023-fundraising-results-thank-you/lead.png">
</picture>
<div class="body"><p>Good news, Tor community!</p>
<p>Today I am happy to share the results of the Tor Project’s 2023 year-end fundraising campaign.</p>
<p>From October through December 2023, <strong>you answered the call for support</strong> by contributing $427,558 to power the Tor network, Tor Browser, onion services, Snowflake, and the ecosystem of tools and services built and maintained by the Tor Project.</p>
<p><strong>Everyone in our community deserves a big THANK YOU for supporting the Tor Project during the campaign.</strong> Whether you made a donation, shared the campaign on social media, or spread the world about the importance of using Tor, you have made our success this year possible. <a href="https://blog.torproject.org/friends-of-tor-match-2023/">Your impact was then amplified by the Friends of Tor</a> who provided the generous match during the campaign.</p>
<h1>How will the Tor Project spend the money raised?</h1>
<ul>
<li><strong>Defending access to information during the Year of Democracy.</strong> In 2024, <a href="https://blog.torproject.org/2024-defend-internet-freedom-during-elections/">more people are living in a place with a national election than ever before</a>. Over the last decade, we've seen that election events bring spikes in internet censorship -- and we're expecting that these tactics of suppressing speech will be used widely this year. We’ve already begun to use funds raised to prepare. We're monitoring elections as they take place and watching for events of censorship. We're holding trainings on how to use Tor to bypass censorship to relevant communities. Not all of this work is funded by grants, and our community team relies on your contributions to make this work possible and reach more at-risk users.</li>
<li><strong>Increasing our capacity to achieve our mission.</strong> As the Tor Project has matured into a human-rights focused organization, we have grown to meet the challenges of an increasingly restrictive internet landscape. We share the ambitious vision of a world where everyone is able to exercise their right to privacy and access information freely. To achieve this vision, we need to have the proper infrastructure, staff support, and tools to be effective. That includes things like hiring an additional project manager, improving our donation infrastructure, and investing in tools that will help our team focus on reaching more users in real-time, support our community in moments of crises, and increase adoption of Tor technology globally. Your donation keeps the Tor Project a strong organization that can continue to build vital privacy and anti-censorship tools.</li>
<li><strong>Expanding global access to Tor.</strong> Every initiative to help more people use Tor is powered in part by individual donations. Your contributions will go towards expanding our live <a href="https://blog.torproject.org/meeting-you-where-you-are-we-added-whatsapp-user-support/">user support channels</a>, <a href="https://community.torproject.org/localization/">localization</a>, <a href="https://blog.torproject.org/furthering-our-mission-in-the-global-south/">training with community partners</a>, and tracking the development of internet freedom around the world. You’ll also be supporting onion service adoption by <a href="https://blog.torproject.org/how-we-plant-and-grow-new-onions/">continuing our development of administration tools for onion service operators</a> and support of <a href="https://blog.torproject.org/amnesty-international-launches-onion-service/">organizations that want to release onion sites</a>; strengthening the Tor network against attacks in <a href="https://gitlab.torproject.org/tpo/team/-/wikis/sponsors-2023#combating-malicious-relays-s112">our multi-year focus on reducing malicious relay activity on the network</a>; and <a href="https://blog.torproject.org/arti_1_1_11_released/">re-writing Tor in Rust</a>, a safer, more modern language that makes Tor easier to integrate in a variety of applications and services. </li>
</ul>
<p>You can trust that your donations are hard at work – and not just because we say so. The Tor Project is a Charity Navigator <a href="https://www.charitynavigator.org/ein/208096820">Four-Star Charity</a>, and we’ve earned Candid’s <a href="https://www.guidestar.org/profile/shared/7d68a7b7-2a9f-4613-a985-1638da87abdf">Platinum Seal of Transparency</a>. Plus, you can read in detail about all of our revenue and expenses in our <a href="https://blog.torproject.org/transparency-openness-and-our-2021-and-2022-financials/">annual fiscal year transparency reports</a>.</p>
<p>We look forward to our continued collaboration with you, our community, to stand up for the human right to privacy, freedom of expression, and access to information. <a href="https://newsletter.torproject.org">Keep up with progress and get the latest Tor news by subscribing to our newsletter</a>.</p>
</div>
<div class="categories">
<ul><li>
<a href="https://blog.torproject.org/../category/fundraising">
fundraising
</a>
</li></ul>
</div>
</article>
Defend Internet Freedom with Tor in 2024 elections season2024-02-06T00:00:00Zggusurn:uuid:57a1bc40-6a00-30d4-bc34-8b4445757daa<article class="blog-post">
<picture>
<source media="(min-width:415px)" srcset="https://blog.torproject.org/2024-defend-internet-freedom-during-elections/lead.webp" type="image/webp">
<source srcset="https://blog.torproject.org/2024-defend-internet-freedom-during-elections/lead_small.webp" type="image/webp">
<img class="lead" referrerpolicy="no-referrer" loading="lazy" src="https://blog.torproject.org/2024-defend-internet-freedom-during-elections/lead.jpg">
</picture>
<div class="body"><h2>The Battle for Internet Freedom in 2024</h2>
<p>This year, with more than <a href="https://en.wikipedia.org/wiki/List_of_elections_in_2024">65 elections</a> happening around the world, Internet freedom may be at risk. Some organizations have called it the <a href="https://yearofdemocracy.org/">Year of Democracy</a>. Simultaneously, there is a rising concern that during these many electoral processes, governments around the world will block access to the Internet in their countries. They may also censor media outlets, persecute and harass journalists, and block social media platforms and messaging apps. Under the justification of protecting national security, surveillance and online censorship can compromise and undermine the integrity, fairness, and transparency of elections.</p>
<p>In 2022, Access Now's Shutdown Tracker Optimization Project (STOP) and the <a href="https://www.accessnow.org/campaign/keepiton/">#KeepItOn coalition</a> recorded 187 instances of Internet censorship events across 35 countries. These events ranged from social media blocks to internet outages. In 14 of these countries, censorship events were followed by documented human rights abuses, as detailed in the <a href="https://www.accessnow.org/internet-shutdowns-2022/">Access Now annual report</a>. Internet censorship frequently acts as an early indicator of other violations of human rights.</p>
<p>The <a href="https://ooni.org/reports/">Open Observatory of Network Interference - OONI</a> has documented Internet censorship around the elections in multiple countries. Focusing on the most recent and national events during the elections, these include throttling in <a href="https://ooni.org/post/2023-throttling-kz-elections/">Kazakhstan (2023)</a>, <a href="https://ooni.org/post/2021-zambia-social-media-blocks-amid-elections/">social media blocks in Zambia (2021)</a>, a complete <a href="https://ooni.org/post/2021-uganda-general-election-blocks-and-outage/">Internet outage in Uganda (2020)</a>, and <a href="https://ooni.org/post/2020-tanzania-blocks-social-media-tor-election-day/">social media block in Tanzania (2019)</a>.</p>
<p>In this context, where digital rights and other human rights are already under attack in many places, and these attacks could potentially be furthered by this round of elections, Tor can protect and defend our right to freely access information and express ourselves. Tor-powered apps offer a level of anonymity that protects users from surveillance, enabling them to access the internet freely and securely.</p>
<p>Unlike commercial VPN providers, which can also help someone to access blocked content, Tor operates as a decentralized and community-driven network. It's a non-commercial service, free and open-source, making it accessible to everyone. In countries with non-democratic regimes, governments can monitor commercial transactions they deem suspicious, including the <a href="https://cepa.org/article/russias-bankers-become-secret-policemen/">purchase of VPNs to bypass censorship</a>, and some VPN companies refuse to operate in areas where legality or profitability restrictions hurt their bottom line. By contrast, Tor is free for everyone, and built by a nonprofit that is guided by a mission to advance human rights--not by shareholders or money.</p>
<p>In most countries, people can use Tor to connect to the Internet. But, in countries where governments and Internet providers are deploying Deep Packet Inspection (DPI) and other censorship tech, they're trying to block Tor because it enables people to access their right to free access to information. For example, in <a href="https://support.torproject.org/censorship/connecting-from-china/">China</a>, Belarus, Egypt, <a href="https://blog.torproject.org/tor-censorship-in-russia/">Russia</a>, <a href="https://forum.torproject.org/t/iran-circumventing-censorship-with-tor/4590">Iran</a>, <a href="https://forum.torproject.org/t/tor-relays-help-turkmens-to-bypass-internet-censorship-run-an-obfs4-bridge/7002">Turkmenistan</a> and other countries, users will need to use a <a href="https://tb-manual.torproject.org/circumvention/">Tor bridge</a> in order to use Tor. For an overview about the censorship arms race, watch our co-founder Roger Dingledine's presentation at #37C3: <a href="https://blog.torproject.org/37c3-talk/">Tor censorship attempts in Russia, Iran, Turkmenistan</a>.</p>
<h2>Prepare Yourself Before an Election Cycle</h2>
<p>During this megacycle of elections, it is possible to defend yourself against online censorship and surveillance. If the elections are coming up in your country, you can prepare yourself by downloading Tor-powered apps like <a href="https://torproject.org/download">Tor Browser</a>, <a href="https://onionbrowser.com">Onion Browser</a>, <a href="https://orbot.app">Orbot</a>, <a href="https://tails.net">Tails</a>, and <a href="https://onionshare.org">OnionShare</a>. It's important to download these apps <em>before</em> the elections, because the censors can block these websites just before the election day. If you can't connect to Tor and suspect that it's because censors are blocking the Tor network, please contact Tor <a href="https://tb-manual.torproject.org/support/">user support</a>.</p>
<h2>Volunteer to Defend Internet Freedom</h2>
<p>You can help defend Internet freedom by contributing to the decentralized, community-driven nature of the Tor network. Here are some volunteer opportunities that are very important for the coming "Year of Democracy":</p>
<ul>
<li><p>Run a Tor <a href="https://snowflake.torproject.org">Snowflake</a> proxy and promote it: Install the Snowflake browser add-on to help users from highly-censored regions to connect to Tor. With over 150,000 proxies, there is still need for more diverse and <a href="https://community.torproject.org/relay/setup/snowflake/standalone/">Snowflake standalone proxies</a>. While other Tor Snowflake users will use your computer to access Tor, they won't exit to the Internet using your IP address; instead, Tor's exit nodes' IP addresses are used.</p>
</li>
<li><p>Run a Tor bridge: For those who are tech-savvy or want to learn about running Tor relays, the <a href="https://community.torproject.org/relay/">Tor Relay Operator Community page</a> provides the guides to deploy obfs4 and <a href="https://community.torproject.org/relay/setup/webtunnel/">WebTunnel</a> bridges. Operators can help by running <a href="https://community.torproject.org/relay/setup/bridge/">bridges</a> before these <a href="https://www.accessnow.org/campaign/2024-elections-and-internet-shutdowns-watch/">countries elections</a>.</p>
</li>
</ul>
<p>It would be great if you could run bridges and Tor Snowflake during the whole year, however, if you don't have enough resources, running a bridge the week before the elections of these countries can help many users to circumvent censorship. Remember to become a part of the <a href="https://community.torproject.org/">Tor community</a> by joining the <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays">tor-relays mailing list</a>, participating in the <a href="https://forum.torproject.org">Tor Forum</a>, following our <a href="https://community.torproject.org/policies/relays/expectations-for-relay-operators/">policies</a>, and engaging in our <a href="https://support.torproject.org/get-in-touch/irc-help/">Matrix/IRC chat</a>!</p>
<ul>
<li><p>Organize <a href="https://community.torproject.org/training/resources/">Tor trainings</a> with your community or ask us to do so: If you're part of a human rights organization based in the Global South and are concerned about online censorship and surveillance, contact us for a Tor training with your staff: training@torproject.org. Unfortunately, individual training support isn't available this year.</p>
</li>
<li><p>Document online censorship: Monitoring and documenting Internet censorship helps Tor developers and the anti-censorship community understand where and what piece of Internet is blocked. If you suspect that some Internet censorship is happening or Tor is blocked, <a href="https://support.torproject.org/censorship/how-to-check-if-tor-is-blocked-using-ooni/">OONI</a> can provide measurements to help confirm your suspicion.</p>
</li>
<li><p>Advocate against Internet shutdowns: Please consider joining the <a href="https://www.accessnow.org/campaign/keepiton/#coalition">#KeepItOn Coalition</a> and share how you are personally impacted by Internet shutdowns.</p>
</li>
</ul>
<p>Finally, defending Internet freedom is not just about preserving the integrity of elections; it's about upholding the democratic values and rights that form the foundation of societies.</p>
</div>
<div class="categories">
<ul><li>
<a href="https://blog.torproject.org/../category/circumvention">
circumvention
</a>
</li><li>
<a href="https://blog.torproject.org/../category/human-rights">
human rights
</a>
</li><li>
<a href="https://blog.torproject.org/../category/community">
community
</a>
</li></ul>
</div>
</article>
Arti 1.1.13 is released: onion services development2024-02-05T00:00:00Ziwjurn:uuid:2246bdbe-fc33-3044-8cb5-1ac29e74a3b5<article class="blog-post">
<picture>
<source media="(min-width:415px)" srcset="https://blog.torproject.org/arti_1_1_13_released/lead.webp" type="image/webp">
<source srcset="https://blog.torproject.org/arti_1_1_13_released/lead_small.webp" type="image/webp">
<img class="lead" referrerpolicy="no-referrer" loading="lazy" src="https://blog.torproject.org/arti_1_1_13_released/lead.png">
</picture>
<div class="body"><p>Arti is our ongoing project to create a next-generation Tor client in
Rust. Now we're announcing the latest release, Arti 1.1.13.</p>
<p>In Arti 1.1.13, trying out onion services will hopefully be a
smoother experience.
We've fixed some important bugs.
We've also been doing a lot of work on storage of persistent state,
and cryptographic keys,
to support proper expiry of obsolete keys,
and deletion of state for no-longer-required onion services.</p>
<p>There are still rough edges and
important missing security features,
so we don't (yet) recommend Arti onion services for production use,
or for any purpose that requires privacy.</p>
<p>For instructions on how to run an onion service in Arti,
see our <a href="https://gitlab.torproject.org/tpo/core/arti/-/blob/arti-v1.1.13/doc/OnionService.md?ref_type=tags">work-in-progress HOWTO document</a>.
We hope to make these instructinos simpler and better
as our implementation improves.</p>
<p>For full details on what we've done, and for information about
many smaller and less visible changes as well,
please see the <a href="https://gitlab.torproject.org/tpo/core/arti#arti-1112-9-january-2024">CHANGELOG</a>.</p>
<p>There's still a modest amount of essential work to do
before we can start to move on from
basic functionality to onion service security work;
You can find a list of what we still need to do
<a href="https://gitlab.torproject.org/tpo/core/arti/-/issues/?sort=updated_desc&state=opened&label_name%5B%5D=Onion%20Services%3A%20Basic%20Service&label_name%5B%5D=Onion%20Services%3A%20MUST">on the bugtracker</a>.
Once that work is done enough
we plan to move on to the <a href="https://gitlab.torproject.org/tpo/core/arti/-/issues/?label_name%5B%5D=Onion%20Services%3A%20Improved%20Security">security features</a>
necessary for a private onion service implementation.</p>
<p>For more information on using Arti, see our top-level <a href="https://gitlab.torproject.org/tpo/core/arti/-/blob/main/README.md">README</a>, and the
documentation for the <a href="https://gitlab.torproject.org/tpo/core/arti/-/tree/main/crates/arti"><code>arti</code> binary</a>.</p>
<p>Thanks to everybody who's contributed to this release, including
Alexander Færøy, Jim Newsome, and ramidzkh.</p>
<p>Also, our deep thanks to <a href="https://zcashcommunitygrants.org/">Zcash Community Grants</a> and our <a href="https://www.torproject.org/about/sponsors/">other sponsors</a>
for funding the development of Arti!</p>
</div>
<div class="categories">
<ul><li>
<a href="https://blog.torproject.org/../category/announcements">
announcements
</a>
</li></ul>
</div>
</article>