Tor Project blog

Keeping the doors open

2026-05-15T00:00:00Z

This guest post is part of a spotlight series on the organizations defending the free internet.

A user in China once said this about our work:

"You have helped many many people to overcome the great firewall. Without your help, I would be in the totally darkness trap and being brain-washed."

We don't hear from the people who use our services very often. Most of them can't or don't feel that they can safely send a message. When one comes through, it's a reminder of what's actually at stake.

We're Unredacted, a US-based 501(c)(3) non-profit. We build and operate Internet infrastructure that helps people reach the open Internet and protect their right to privacy. We do this by operating a network of over 300 servers around the world. We're a way through when the front door is locked, and a place to communicate when the public square isn't safe. Most of the work is invisible: datacenter work, hardware, automation, open source software, bandwidth, abuse queues, monitoring alerts, and the late nights spent keeping all of it online.

What we do falls into three areas. Censorship Evasion is where Unredacted Door lives, our umbrella for the services designed to route around blocking. Secure Infrastructure is where we run things like XMPP.is and our Matrix homeserver, and other free services built with security and privacy in mind. Unredacted Education is the writing and documentation side: guides and explainers for the people who want to understand the work and replicate it. Alongside those, Unredacted Labs is where we experiment with infrastructure ideas that aren't quite production-ready. GreenWare is one of those, our effort to run real network capacity on hardware that doesn't burn a lot of power.

Unredacted Door

The name is literal. When the entrance to the open Internet gets walled off, people need another way in.

Unredacted Door brings together several of our circumvention services: FreeSocks, messaging proxies for Signal and Telegram, Tor bridges, and Snowflake proxies. In a recent 30-day window, these services carried nearly 300 TiB of traffic for tens of thousands of people routing around censorship in their countries. That's roughly the equivalent of bandwidth to stream tens of thousands of hours of 4K video. Demand isn't slowing, and we need to continue building more. Every new filter, every new law, every "for your safety" rollout sends more people looking for a route the censors haven't found yet.

The largest piece of Unredacted Door is FreeSocks: free proxies for people in places where censorship is severe. If you've never run into one, a proxy is a relay point. Your app doesn't talk directly to the blocked service. It talks to a server that carries the connection past whatever filters are sitting between you and the wider Internet. FreeSocks is built to make that relay quietly unremarkable, which is exactly the trait a standard VPN tends to lack. A VPN advertises itself. There's a known endpoint, a known handshake, an obvious shape on the wire. Censors are very good at blocking things they can recognize.

No single tool covers every situation. Tor Browser gives you strong privacy and anonymity for browsing. Snowflake helps people reach Tor when access to the network itself is blocked. FreeSocks proxies push specific traffic through a route that's harder to spot. People living under censorship usually need a few of these on hand, because no single door stays open forever.

That's why we're putting serious work into the next version of FreeSocks (v2). It uses Xray - a powerful and versatile traffic-routing engine, which can make proxy traffic look more like ordinary web traffic bundled with our open source control plane that allows us to rotate endpoints automatically when censors find and block a server. The less a user has to fiddle with their setup while they're already under pressure, the better.

GreenWare: sustainable infrastructure, literally

Tor relays, bridges, proxies, and more. They run on hardware in datacenters, and that hardware has a real footprint: financial, operational, and environmental. If we want privacy infrastructure to last, we have to ask what's actually sustainable to operate.

GreenWare is our attempt to shrink that footprint without shrinking what we can carry on it. The premise is straightforward: most Tor relay traffic doesn't need a server that draws power like a space heater. A relay needs a steady network, predictable CPU, and enough memory to hold its state. That's a workload a single-board computer can handle, if the chassis around it is built to take it seriously.

We started with Raspberry Pi 5 boards powered over PoE, fed entirely through their network cables. The idea worked. A typical server in a datacenter draws as much power as a small space heater. A Pi draws less than a lightbulb. But the first generation had ceilings. Density wasn't where we wanted it, and a few of the supporting components weren't built for the hours we were putting on them.

So we run two deployments in parallel now. The first is a 1U chassis with 20 ComputeBlade modules stacked into it. We deployed all 20 in our datacenter and moved a chunk of our Tor exit relays onto them. That chassis pulls a little over 100W under load, roughly what an old incandescent bulb burns. The second is a custom Raspberry Pi chassis we designed after the ComputeBlade work taught us what we actually wanted in the field. Both are live, and as of writing all 123 of our Tor exit relays run on this combined infrastructure, drawing roughly 400W in total. As time goes on, we'll have more to say about the chassis design and the project as it matures.

The Tor network runs on people and organizations willing to operate infrastructure for it. Exits are the hardest part of that job. They need bandwidth, maintenance, abuse handling, legal nerve, and money. If we can drop the cost and the power required to run real exit capacity, more people can take on a piece of the work and diversify and grow the network.

Our longer-term ambition is to keep pushing on efficient hardware, carbon tracking, and eventually renewable-powered micro points of presence. We'd be more than glad to partner with organizations and companies that want to see this grow.

The open Internet is kept open by many people and organizations investing energy, time, and effort: The researchers measuring censorship, the relay operators providing bandwidth, and the communities that refuse to leave one another behind. At Unredacted, our part is building and maintaining the routes people may need when the obvious ones disappear.

New Release: Tails 7.7.3

2026-05-12T00:00:00Z

This release is an emergency release to fix a critical security vulnerability in the Linux kernel, as well as security vulnerabilities in Tor Browser and in the Tor client.

Changes and updates

Update the Linux kernel to 6.12.86, which fixes Dirty Frag, a vulnerability that could allow an application in Tails to gain administration privileges.

For example, if an attacker was able to exploit other unknown security vulnerabilities in an application included in Tails, they might then use Copy Fail to take full control of your Tails and deanonymize you.

We are not aware of this vulnerability being used in practice until now.
Update Tor Browser to 15.0.12.
Update the Tor client to 0.4.9.8.
Update Thunderbird to 140.10.1.

Fixed problems

For more details, read our changelog.

Get Tails 7.7.3

To upgrade your Tails USB stick and keep your Persistent Storage

Automatic upgrades are available from Tails 7.0 or later to 7.7.3.
If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade.

To install Tails 7.7.3 on a new USB stick

Follow our installation instructions.

The Persistent Storage on the USB stick will be lost if you install instead of upgrading.

To download only

If you don't need installation or upgrade instructions, you can download Tails 7.7.3 directly:

Support and feedback

For support and feedback, visit the Support section on the Tails website.

Defending the public's right to know

2026-05-12T00:00:00Z

This post is part of a spotlight series on the organizations defending the free internet.

Internet freedom has declined for 15 consecutive years. Beyond surveillance, the erosion of privacy and anonymity, and information manipulation, governments are targeting specific sites and services, or attacking infrastructure itself, causing shutdowns and deliberate disruptions for internet users. But how do we know when the internet is censored and how?

OONI, the Open Observatory for Network Interference, born out of the Tor Project, exists to answer that question. Through free software tools and open data OONI makes censorship measurable, verifiable, and actionable. This post is about what that looks like in practice.

Protecting the public record

OONI data is the world's largest open dataset on internet censorship: billions of measurements collected across tens of thousands of networks from 245 countries and territories since 2012. OONI's data exists because people around the world run OONI Probe and contribute measurements from the networks that they are connected to. Every new measurement adds to a shared public record.

Both its scale and methodology contribute to OONI's impact. Internet censorship often works by making interference hard to see. It can make a blocked website look broken, a throttled app look unreliable, or a shutdown look like a technical failure. OONI helps expose these tactics through open measurement methodologies, peer review, expert feedback, and comparison against control measurements, so that censorship claims can be tested, challenged, and verified.

To make this dataset user-friendly, OONI launched thematic pages in OONI Explorer focusing on the areas most frequently targeted: social media and messaging apps, news media, and circumvention tools. Each page includes short reports, longer research reports, and charts with the latest OONI data.

In 2025, a dedicated "Blocking of News Media" page helped surface findings that would otherwise require sifting through billions or raw measurements: the blocking of the independent media outlet Zawia3 in Egypt, the blocking of 12 news media websites in Jordan, and the blocking of The Wire in India during the military conflict with Pakistan.

Think about when censorship events tend to happen: elections, protests, armed conflict, national exams, and periods of political unrest. The moment when access to information matters most. OONI gives affected communities a shared factual basis at those moments to make accountability possible.

How journalists and media organizations use OONI

In 2025, Meduza, one of the most prominent Russian media outlets in exile published an article introducing OONI tools and encouraging readers to use them. It's just one example how a newsroom can effectively use censorship measurement not just to report a story, but as an act of public education: helping audiences understand how network interference works, how it can be documented, and how they can contribute to that evidence base themselves.

When a news website is blocked, that's not just a technical event. It's the public losing access to reporting, communities losing access to timely information, and journalists losing access to their audiences. Documentation that can be cited and analyzed is what turns that event into something actionable.

The most concrete example of that chain in action is Kenya. OONI data served as evidence in a public-interest case challenging the unlawful disruption of internet access. The case was filed by a coalition that included BAKE, ICJ Kenya, Paradigm Initiative, the Kenya Union of Journalists, Katiba Institute, the Law Society of Kenya, and CIPESA. To support the petition before the High Court of Kenya, OONI produced a detailed research report, in the form of an expert opinion, documenting the blocking of Telegram during Kenya's 2023 and 2024 KCSE national exams.

This is a case where a journalists' union, digital rights organizations, legal advocates, and technical researchers were able to work from the same datasets to elevate internet disruption to a public-interest issue. And this case also helped set an important regional precedent: lawyers in Tanzania subsequently reached out to OONI for data to support legal efforts challenging the blocking of Twitter/X there, prompting OONI to publish a research report documenting the block.

Collective action for a collective internet

The Kenya-to-Tanzania ripple effect illustrates how internet censorship works across geographies. But also how we can fight it. A block on messaging apps isn't a standalone event. Journalists may lose access to sources. Activists may lose organizing channels. Circumvention tool developers may need to adapt. Researchers may need to verify what happened. Lawyers may need evidence. But everyone needs documentation.

OONI's open data model is built for exactly these moments. Protecting the free internet requires documenting censorship, sharing evidence, and building the collective capacity to respond.

New Release: Tor Browser 15.0.13

2026-05-08T00:00:00Z

Tor Browser 15.0.13 is now available from the Tor Browser download page and also from our distribution directory.

Send us your feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know.

Full changelog

The full changelog since Tor Browser 15.0.12 is:

All Platforms
- Updated tor to 0.4.9.8
- Updated NoScript to 13.6.19.1984

Arti 2.3.0 released: Logging, Relay, Directory authority, and RPC development.

2026-05-07T00:00:00Z

Arti is our ongoing project to create a next-generation Tor implementation in Rust. We're happy to announce the latest release, Arti 2.3.0.

This release bumps the minimum MacOS version supported by Arti to 10.14, up from 10.12. Despite being supported on a technical level, we do not recommend the use of MacOS versions that old, as they are no longer receiving updates from Apple and may have unpatched security issues.

This release continues our ongoing development towards using Arti as a relay and as a directory authority. It also continues development on RPC, including adding a new RPC API for inspecting tunnel paths.

Additionally, there are a couple new logging related features. Arti now supports logging to syslog when the syslog feature is enabled and the logging.syslog config option is enabled. We've also added a new logging.protocol_warnings option to log protocol violations as warnings.

Developers who use the arti-client crate should note that in the release after this one, we plan to change TorClient to be wrapped in an Arc explicitly, rather than implicitly having Arc-like semantics. Be prepared for this breaking change, and if you have any thoughts about it, please speak up in #2469.

As usual, there is also a signigicant amount of cleanup, improvements to testing, infrastructure, and documentation, and many small bugfixes.

For full details on what we've done, including API changes, and for information about many more minor and less-visible changes, please see the CHANGELOG.

For more information on using Arti, see our top-level README, and the documentation for the arti binary.

Thanks to everybody who's contributed to this release, including Andrew Kloet, hjrgrn, and moumenalaoui.

Also, our deep thanks to our sponsors for funding the development of Arti!

New Alpha Release: Tor Browser 16.0a6

2026-05-07T00:00:00Z

Tor Browser 16.0a6 is now available from the Tor Browser download page and also from our distribution directory.

This version includes important security updates to Firefox.

⚠️ Reminder: The Tor Browser Alpha release-channel is for testing only. As such, Tor Browser Alpha is not intended for general use because it is more likely to include bugs affecting usability, security, and privacy.

Moreover, Tor Browser Alphas are now based on Firefox's betas. Please read more about this important change in the Future of Tor Browser Alpha blog post.

If you are an at-risk user, require strong anonymity, or just want a reliably-working browser, please stick with the stable release channel.

Send us your feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know.

Full changelog

The full changelog since Tor Browser 16.0a5 is:

All Platforms
- Updated tor to 0.4.9.7
- Updated NoScript to 13.6.18.90101984
- Updated OpenSSL to 3.5.6
- Bug tor-browser#43857: Review in-source TODOs
- Bug tor-browser#44402: Re-enable ESLint rule mozilla/no-browser-refs-in-toolkit as an error
- Bug tor-browser#44749: Check search engines parameter replacements
- Bug tor-browser#44792: Rebase alpha onto 150.0a1
- Bug tor-browser#44796: Adjust TorProviderBuilder to report the provider state to consumers
- Bug tor-browser#44828: Remove browser module references from toolkit/modules/ActorManagerParent.sys.mjs
- Bug tor-browser#44841: TorDomainIsolator proxy filter returns null on exception instead of preserving SOCKS proxy
- Bug tor-browser#44865: Block chrome:///locale/ to content
- Bug tor-browser#44868: Backport 138c33ea964b2e0a4875aadc39d8a948e0c2aace to 150 to fix Windows builds
- Bug tor-browser#44870: Remove legacy branch from gitlab templates
- Bug tor-browser#44895: Undo the patch for #44772
- Bug tor-browser-build#41775: Update list of Snowflake STUN servers in default bridge line, 2026 edition
- Bug tor-browser-build#41778: Remove base-browser from protected-branches.py
- Bug tor-browser-build#41780: Create sha256sums-unsigned-build.txt in artifacts/$platform directories
Windows + macOS + Linux
- Updated Firefox to 150.0a1
- Bug tor-browser#43824: Switch resource:// modules to use moz-src:
- Bug tor-browser#44288: New identity fails to block loading a custom home page
- Bug tor-browser#44458: Fix the "Connect" and ".onion available" button height
- Bug tor-browser#44560: Customize the flags for alternate 'Application Data' directories
- Bug tor-browser#44630: Use settings config to hide settings, rather than data-hidden-from-search or commenting out
- Bug tor-browser#44648: Unexpected changes to SearchService.sys.mjs
- Bug tor-browser#44685: Use border radius for letterboxing
- Bug tor-browser#44798: Don't load about:torconnect into iframes
- Bug tor-browser#44829: Hide the settings privacy card
- Bug tor-browser#44832: Hide the Firefox mascot in about:neterror
- Bug tor-browser#44846: about:torconnect redirect doesn't work with the new neterror page
- Bug tor-browser#44847: Drop letterboxing sidebar rounded corner logic
- Bug tor-browser#44902: Error in privacy preference initialisation due to missing dataCollectionViewProfilesMultiProfileBackupWarning
- Bug tor-browser-build#31860: Start using LTO for firefox project
Windows
- Bug tor-browser#44862: Fontvis is missing Segoe MDL2 Assets
- Bug tor-browser#44868: Backport 138c33ea964b2e0a4875aadc39d8a948e0c2aace to 150 to fix Windows builds
macOS
- Bug tor-browser#44850: Wrong path for bootstrapped tor daemon on macOS
- Bug tor-browser-build#41476: Since 13.5-legacy is not longer supported, remove tools/signing/wrappers/sign-rcodesign
Linux
- Bug tor-browser#44361: Notify Linux i686 users that they won't receive updates anymore
- Bug tor-browser#44521: Disable widget.wayland.fractional-scale.enabled
Android
- Updated GeckoView to 150.0a1
- Bug tor-browser#44615: Remove ability to "Rate/Review in Google Play" in app
- Bug tor-browser#44827: Always enable noscript for android
- Bug tor-browser#44842: Replace instances of SwitchPreference with SwitchPreferenceCompat
- Bug tor-browser#44848: Do not overwrite Android toolchains on default mozconfigs
- Bug tor-browser#44880: Fix edgeToEdge display issue presented in 150 android rebase
- Bug tor-browser#44925: Fix bootstrap screen color styling for light mode presented in one of the rebases between 140 and 150
- Bug tor-browser#44935: Remove incorrectly shown "open in app" notification dot on settings button
Build System
- All Platforms
  - Bug tor-browser-build#41591: Remove support for old mar filenames when 13.5 legacy branch is EOL
  - Bug tor-browser-build#41764: Update toolchains for Firefox 150
  - Bug tor-browser-build#41767: Add jwilde to allowed signer for browser projects
  - Bug tor-browser-build#41778: Remove base-browser from protected-branches.py
  - Bug tor-browser-build#41780: Create sha256sums-unsigned-build.txt in artifacts/$platform directories
  - Bug tor-browser-build#41786: Add comment to rbm.local.conf.example warning about potential recursive loops in tmp_dir definition
  - Bug rbm#40106: Improve error message in case of recursive definition
- Windows + macOS + Linux
  - Bug tor-browser-build#41759: Remove references to legacy release in tor-browser-build
- Windows + Linux + Android
  - Bug tor-browser-build#41770: Update Go to 1.26.x
  - Updated Go to 1.26.2
- Windows
  - Bug tor-browser#44853: Update target in mozconfig-windows-x86_64 and mozconfig-windows-i686
- macOS
  - Bug tor-browser-build#41773: Change the position of -mindepth when creating the dmg
- Linux
  - Bug tor-browser#44555: Remove mozconfig-linux-i686
- Android
  - Bug tor-browser#44848: Do not overwrite Android toolchains on default mozconfigs

New Release: Tor Browser 15.0.12

2026-05-07T00:00:00Z

Tor Browser 15.0.12 is now available from the Tor Browser download page and also from our distribution directory.

This version includes important security updates to Firefox.

Send us your feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know.

Full changelog

The full changelog since Tor Browser 15.0.11 is:

All Platforms
- Updated tor to 0.4.9.7
- Bug tor-browser#44940: Rebase Tor Browser stable onto 140.10.2esr
Windows + macOS + Linux
- Updated Firefox to 140.10.2esr
- Bug tor-browser#44746: Funding the Commons Implementation (Desktop)
Android
- Updated GeckoView to 140.10.2esr
- Bug tor-browser#44747: Funding the Commons Implementation (Android)
Build System
- All Platforms
  - Bug tor-browser-build#41781: Fix clean section in rbm.local.conf.example

3 Days of Fun with Tor

2026-05-06T00:00:00Z

After organizing a successful first community gathering last year in Denmark, we were eager to find out: Could we get another productive, community-organized meeting off the ground taking into account what we've learned so far?

Preparations

We decided to do the next community gathering organized by us at the same location we used last year: Hylkedam, in Denmark. We knew it worked well, was sufficiently cheap, and we could likely cut down the overall planning overhead given our past experience there. And, indeed, planning was minimal, reusing much of the "playbook" we developed for our first meeting last year. We spent most of our preparation time on revamping our meeting website. We have a shiny new onionized space now, including a public mailing list!

3 days of fun with Tor

We gathered on the weekend of March 13 - 15 at Hylkedam. Overall we were a little less people this time (around 12) but had, on the plus side, participants with backgrounds not being present at our first Tor community gathering: we got the research angle covered this time (with focus on anti-censorship) and had people from the Reproducible Builds project attending. The latter allowed us to think about potentially doing community gatherings together, which would make collaboration and sharing of ideas easier between our projects. Talking about research on the other hand has been very inspiring as we could see what is currently happening in the research world and help shaping particular project plans by explaining related tools and already existing projects and needs within the Tor eco system.

Apart from the new contributions we were happy as well to see that various work started at the previous gathering got picked up and pushed forward again, showing the overall commitment of our volunteers in the community. Notably, we saw further improvements to the network social graph proof of concept project and the relay operator Grafana dashboard. We also continued the discussion around consensus-transparency.

We had the usual structure during our meeting days, following the established cycle of: opening session -> structured sessions -> unstructured sessions -> closing circle, which, again, worked pretty well. Unstructured sessions included general free hacking time and room for getting ad hoc together, thinking through or working on a topic that might have come up during the more structured sessions previously or is just not ready for "prime time" yet. We think that this time without a moderator and a clear session time limit is an essential part of making the whole meeting productive, as it gives the participants the freedom to work on random things they are interested in and might get excited about.

For the structured sessions we made sure we had note takers again, so someone not being able to attend can get up to speed afterwards. We had a set of different topics again, ranging from anti-censorship related sessions to an update on upcoming changes for relay operators and a session dedicated to how the community can get organized itself, so we would have similar gatherings or an 'onion festival' in the future. Check out the session notes on our website, in case you are interested!

What's next?

We plan to have more Tor community meetings in the future. As already said: they don't have to be at Hylkedam (we'd like to see other venues as well!), nor does it have to be the same group of people sharing the organization workload. So, if you are excited about what you read in this blog post and are experiencing a serious case of FOMO or want to help organize future community gatherings, get in touch! Our mailing list[3] is a good starting point for that.

The same goes for providing feedback about this format and how we can make such events more inviting and inclusive in the future. Want to be invited, too? Let us know as well!

community

New Release: Tails 7.7.2

2026-05-04T00:00:00Z

This release is an emergency release to fix a critical security vulnerability in the Linux kernel.

Changes and updates

Update the Linux kernel to 6.12.85, which fixes Copy Fail, a vulnerability that could allow an application in Tails to gain administration privileges.

For example, if an attacker was able to exploit other unknown security vulnerabilities in an application included in Tails, they might then use Copy Fail to take full control of your Tails and deanonymize you.

We are not aware of this vulnerability being used in practice until now.

Fixed problems

For more details, read our changelog.

Get Tails 7.7.2

To upgrade your Tails USB stick and keep your Persistent Storage

Automatic upgrades are available from Tails 7.0 or later to 7.7.2.
If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade.

To install Tails 7.7.2 on a new USB stick

Follow our installation instructions.

The Persistent Storage on the USB stick will be lost if you install instead of upgrading.

To download only

If you don't need installation or upgrade instructions, you can download Tails 7.7.2 directly:

Support and feedback

For support and feedback, visit the Support section on the Tails website.

Tor Project Statement on the Abrupt Cancellation of RightsCon 2026

2026-04-30T00:00:00Z

The Tor Project is deeply saddened by the last-minute cancellation of RightsCon 2026 in Lusaka, Zambia, and online. The right to assemble, associate, and speak freely must not be conditioned on political approval. Convenings like RightsCon are essential precisely because they create space for difficult, urgent, and necessary conversation about power, technology, rights, and accountability.

Tor's work is rooted in the belief that everyone should be able to speak freely, safely, and privately. We build tools that help people connect, communicate, organize, and seek information; especially those facing censorship, surveillance, repression, discrimination, and other forms of vulnerability. The disruption of a space dedicated to advancing these shared goals represents a serious gutpunch to the global human rights community.

While the cancellation may have been the only responsible path to prevent further harm to the community, the circumstances that made it necessary are unacceptable. This moment underscores why the fight against censorship, surveillance, and restrictions on civic participation remains urgent.

We share the deep concerns expressed by those directly affected: participants who were already traveling or preparing to travel, speakers and organizers who invested significant labor into this gathering, communities who were counting on these conversations, and local partners and small businesses who now face the consequences of a cancellation imposed over night.

We stand in solidarity with the RightsCon and Access Now teams, who have worked to protect the safety and integrity of the community under extremely difficult circumstances. We also stand firmly with local organizers, digital rights defenders, and civil society actors in Zambia and across the region, who are left to absorb the backlash of a broader and longstanding pattern of repression against civil society.

For Tor, RightsCon has been especially important because it allows us to connect directly with the people and organizations who use, teach, and share our tools with their communities. Our organization has participated in RightsCon since its first edition in 2011. Over the years, it has become a central gathering place for our broader community: a space where small open source hacker nonprofits could collaborate with more established, mainstream human rights organizations.

Tor remains committed to advancing human rights online AND offline, supporting vulnerable internet users globally, and building technologies that help people break through censorship and reclaim their right to communicate freely. We will continue to work alongside the digital rights community in solidarity.