Tor Challenge 2014

We are excited to announce the EFF has just launched the second Tor Challenge!

This challenge is somewhat different from the previous edition, as there are now incentives tied to running relays for an extended period of time. The goal is to educate and encourage lots of people to setup relays, and continue to contribute throughout the year.

EFF will be giving out a "limited-edition" sticker to relay operators who keep their relay running for at least 12 months. On top of that, people running a 1MB/s+ relay for 12 months will also receive a Tor t-shirt!

The more high-bandwidth relays we have, the better off the network is as a whole and the more people we will be able to help stay safe and secure online; so please join the EFF & the Tor Project for the 2014 Tor Challenge! Also, help us spread the word about this challenge by sharing this with others!


June 05, 2014


I'm running some relays for a while now. Is there a way to get the shirt without entering myself into a database?

Another answer is to show up at one of our dev meetings and give us a cash donation. But we're not really set up well for that.

Worse, it isn't even our database -- we outsource the "please print a tshirt and send it to this nice person" process to a print company. (Ok, I should clarify here, I am referring to Tor's general "tshirt for relay" offer -- . I have no idea what EFF's plan is for the shirts they'll send out in a year.)

Maybe you could use a PO Box, address of a friend, or other more traditional approaches?

Thanks for running relays!


June 06, 2014


just wanted to mention that the isp bahnhof in sweden are great since they take peoples privacy very seriously.
unfortunately they are not all aviable everywhere in the country.
however they have never dissrupted any tor connection anywhere,
atleast not any known of. also, prq might be trusted, but are being watched
by the feds (well, who isn't nowdays) lol.


June 06, 2014


Please guys make a post about which email service can be used with Tor Browser.

Many of them can be used with Tor Browser -- gmail, riseup, yahoo, etc.

If you want one that's safe to use... "trust some third-party company with your data" is a losing plan.

I run my own mailserver, but that solution doesn't scale either.

Sorry, this is a poorly solved problem for the world. Somebody should work on it! But "Ok, I will run a webmail service and this one will be safe" is not the way to work on it.

Continued with Javascript disabled and accessed my Gmail account in plain HTML view. I did not use TBB to initially set up my Gmail account so I can't tell you if using TBB to do account set up will work.

Exactly, I tried all these known email services (hotmail / gmail / yahoo) and some that I didn't know until now like Hushmail (which sadly is not free) without success. I need to setup a completely anonymous and "safe" email account and if I sign up without TBB then it is just an illusion of anonymity and safety.

To register a mail account on Riseup you should be invited by two different members. Do you have any spare invitation code to share with me please?

I have already requested an email account but it may take a long time (due to the volume of the requests) or it may not approved at all.

Well i belive that if your going to use a well known "Mailing Services" Branch, then I would pick Hotmail, because Microsoft is fighting against the NSA to secure its assets and protect the American citizens as we should have our privacy. Any can be considered "safe" but i would recommend something along Google Or Microsoft, because they are fighting the NSA for its privacy, well atleast making it harder and more expensive to "aquire" Our information... You can read more about it on this article"…"

If you are leery of U.S. based email services, try Yandex Mail. Yandex is Russian company and yes, Russian government might read your email. As long as you are no more than low level irritant and do not live in Russia or their near abroad, do not worry. HTTPS is default setting in Yandex Mail.

Thanks buddy! It seems that you solved my problem, I'm the one who asked the question in the first place. I signed up with Yandex Mail and it seems to work for now. I hope they do not block my account as in Hotmail.


June 06, 2014


the IP addresses of some Obfs bridges resolve to the domain names plainly containing the word "tor". Is not this an oxymoron? I thought the Plugged Transport bridges are supposed to appear as something else.

How can these bridges help us circumvent censorship and surveillance, if they stand out with a screaming domain name? They can be blocked or monitored easily, regardless of the crafty plugin.

Currently you hand out only the IPs of the bridges, and most users will simply take them and not start resolving the domain names. It sounds like a big problem. And all of those fancy Obfs Transports then become meaningless - on the opposite, they are now honey pots...

Is there a way to stop this deception? Disallow some bridge domain names in Tor if the bridge runs Obfs? Warn operators? Warn users - show them the domain name with the IP?

"They will do a reverse-resolve on the IP address and see if the letters t, o, and r appear in the hostname they get back, and if so they'll block it" isn't really high on the list of worries around bridges.

You might enjoy…

As for whether pluggable transport bridges are supposed to appear as "something" else, it varies by transport. The obfsproxy flows are supposed to end up in the "none of the above" category by a protocol classifier. The flashproxy flows are supposed to look like websocket with Tor underneath. There's a lot of variation, and that's good.

So the very short answer is "no, the fact that some volunteer bridge addresses set their reverse-resolve hostname to something Tor related is not a big problem."

The obfsproxy flows are supposed to end up in the "none of the above" category by a protocol classifier.

Obfs proxy specifically is designed to conceal Tor. But an Obfs bridge that has a domain name revealing Tor (or sending any other indicator) is exactly undoing the Obfs effort. The users, guided by you, usually do not know about it.

This may be a mild problem, and it may be hard to prevent, but the result is the same - it is still is a deceptive trap. And if the operator is doing it on purpose, it's a bigger problem.

Why not attempting to show the bridge's domain name next to the IP address? This may hinder the trickster operators.

I don't think these are "trickster" operators. I think they genuinely don't see what the big deal is. And I don't think it's a big deal either.

Having a domain name for the obfs address that has the letters t, o, and r in it does not "exactly undo" the Obfsproxy features. It still prevents automated DPI for patterns in Tor flow payloads.

The much broader problem is that we don't have enough obfsproxy bridge addresses, and they don't rotate often enough, relative to the enumeration attacks that China can sustain on the bridgedb service. I talk about this issue much more in:


June 09, 2014


I'm still running all my relays/bridges from the last one....though two don't see much traffic, might need to find a new home for them.


June 13, 2014


So sad my isp is only able to provide a max of 300kps. I'd love to be a more participatory user but there you go... Werry grateful for y'alls enthusiasms though...


June 14, 2014


Read recently on the internet that China was blocking everything Google related. Presumably because of the Tiananmen Square incident anniversary but no one seemed to know if the Google block was temporary or permanent. I don't know if the Google block affects the meek Pluggable Transport in China.


July 04, 2014


Hi phoul can u give me your gmail address and I have a question to talk to you .PT related.


July 06, 2014


Three questions about challenge:
1) I can run relay or bridge. Relays are visible (of course Atlas for example), bridges - not. How do you check bridges parameters - uptime, bandwidth etc.
2) to get t-shirt I should gave 1MB bandwidth. It means 1MB=8Mbit or 1Mb=128kB/s? Just for sure.
3) To get t-shirt&sticker I must give my real adress. It is secure to me?

1) can look up a bridge by its hash-of-fingerprint, so people can learn details about the bridge without learning its address or actual fingerprint.

2) 1MB = 8Mbit

3) "secure to you" is a broad and relative concept. Maybe, maybe not? Don't give your address, or don't give a sensitive address, if you're worried.