Tor's First Crowdfunding Campaign

by ailanthus | January 21, 2016

When we launched this first crowd funding campaign, we weren’t sure what would happen. We knew we wanted to diversify our funding sources; crowd funding gives us flexibility to do what we think is most important, when we want to do it. It allows us to fund the development of powerful new privacy tools. Or make the ones we have stronger and more resilient. Or pay for things we need like a funded help desk or an Arabic version of our web site.

But we didn’t know if people who like Tor would actually invest in our independence.

Now we do.

Together, our community has contributed $205,874 from 5,265 people to support Tor in this first crowdfunding campaign. We are so excited.

What we’ve seen, we think, is our community in action—our whole community finding ways to support us—by making a donation, or by sending us a bug bounty as GitHub hackers did. By making a matching donation, or just pinging their friends to help out.

Following our theme "This Is What a Tor Supporter Looks Like," you sent in photos of yourselves in Tor t-shirts doing back bends or teaching your daughters how to use Tor browser, or covering your face to preserve your anonymity but trumpet your support for Tor.

You sent fundraising notes to giant email lists. You tweeted screenshots of your donations. You bragged about your Tor relays (thank you) to inspire others. Some of you pointed out that Tor has saved your life.

The international Tor community rose up to support Tor’s independence in every way it could think of. And independence is power. Power to defend the rights of human rights activists. Power to defend the privacy of all of us.

Even though we’re a privacy organization, we found out what a Tor supporter looks like. It's someone who takes action to support their right to privacy.

Thank you.

Our deepest thanks to Tor’s wonderful champions, who put on the T-shirt first and took the plunge to support Tor in our first-ever campaign:

Laura Poitras

Roger Dingledine

Amanda Palmer and baby Anthony

Nick Merrill

Andy Bichlbaum

Molly Crabapple

Rabbi Rob and Lauren Thomas

Shari Steele

Cory Doctorow

Ben Wizner

Daniel Ellsberg and Patricia Marx Ellsberg

Alison Macrina

Edward Snowden

Giordano Nanni

Susan Landau

Ethan Zuckerman

Jacob Appelbaum

By Kate Krauss, for Tor's fundraising team:

Isabela Bagueros, Juris Vetra, Leiah Jansen, Mike Perry, Shari Steele, Sue Gardner, Katherine Bergeron, Nima Fatemi, Sebastian Hahn, Roger Dingledine, Nick Mathewson, Ben Moskowitz, Jacob Appelbaum, Katina Bishop, Colin Childs, and Kate Krauss.


Please note that the comment area below has been archived.

January 21, 2016


I attempted to donate to Tor via your bitcoin donation page (using Tor). First i got a server timeout page when trying to access the Tor donation page, i refreshed and it appeared, i was given the default option of donating via paypal (no thanks) and went to see what these "other" options were, saw the Bitcoin donation form, upon clicking the bitcoin button i was redirected to cloudflare's obnoxious MiTM captcha page, then after completing that i was redirected to bitpay and was served a 404 - Page not found.

Come. The. F. On.

Yes indeed. This is an example of something we'd like to clean up for future funding campaigns. This one was a great experiment, and also it turned out really well, but there is plenty of room for making things smoother next time.

Another big one was that sometimes Paypal would just give you a blank white page, if you were coming over a few particular Tor exit relays. You could change your circuit and it would work, but a) you have to know to do that, and b) it's super easy to decide to just stop there. I'd like to have more options than just Paypal, or heck, eventually just have our own payment receiving mechanism.

January 22, 2016

In reply to arma


Why not just provide a Bitcoin address in plaintext, instead of all the extra hoops? I was unable to donate at all with Javascript disabled and the project's choice to use a Bitcoin processor that uses Cloudflare.

January 22, 2016

In reply to arma


Thank you, hadn't realized that part about the audit.

I'm glad the drive overall was a success, and continue to use Amazon Smile to donate to the Tor project that way.

January 23, 2016

In reply to arma


A good example, by the way, of why it is so important that Tor supporters be somewhat aware of the political/legal realities of trying to create a user-supported NGO on US soil. Many problems are created by USG, not by what some insist on trying to interpret as TP ineptitude (which is usually absurd).

January 22, 2016


Been trying to access a torrent site (pirate bay) included to download a 'linux distro' but can't get passed the evil 'Cloudfare'! What on earth possessed the pirate bay to host on this evil entity!?

Oh yeah, and torrent sites are blocked at the IPS level so not like there is any choice... ;)

January 22, 2016


I, too, had problems donating bitcoin. Through some relentless attempts, I finally managed to give you some money. But the payment processor has anti-Tor technology in place that rather ironically prevented many people, I think, from donating to Tor while using Tor.

Next time around, it would be wonderful if the whole setup, soup to nuts, was set up in a way that would not frustrate users of Tor. Better yet, accept payments through a hidden service. It would be neat to see a breakdown of how much money got donated through a hidden service, how much got donated from an IP that was a known exit node at the time, etc.

I agree -- it would be wonderful to set up a payment system that is Tor-friendly rather than Tor-unfriendly.

I'm actually not sure how easy this will be -- we've seen instance after instance of the payment companies doing exactly the opposite. One option would be to take the credit card numbers, etc ourselves, and not use third parties that end up doing silly things when they don't know an IP address.

All of this said, the "whole setup, soup to nuts" is exactly one of the things that Shari is hoping to improve for the next campaign. And having her want to do that is exactly one of the reasons why we're so excited to have her as our new exec dir. So we are heading in the right direction for sure!

January 23, 2016

In reply to arma


> it would be wonderful to set up a payment system that is Tor-friendly rather than Tor-unfriendly.

This is indeed another one of those missing items of critical infrastructure which really needs to happen, with TP encouragement.

It is also a good example of the kind of thing which would have so many applications (and be so stoutly resisted by the powerful governments and megabanks which hate individual freedom/wealth for ordinary folk) that it would better be done as a separate project.

I agree with you except for one point -- I think it would be much easier to set up a Tor-friendly way to get money to the Tor Project, than it would be to set up a Tor-friendly way to get money to anybody. And this is for exactly the reasons you state -- it would be much less threatening to the global money mafia.

January 25, 2016

In reply to arma


Sound promising. But what will be the practical requirements for the system you envision? If there are hidden assumptions which exclude anonymously converting cash (in various currencies) into international Tor donations, I fear many potential anonymous contributors may be excluded.

January 25, 2016

In reply to arma


@ arma:

Can you address the rumors that FVEY and the global money mafia (including the usual suspects among those banks considered "too big to fail") are very excited about the prospect of associating blockchains with everything (webpages, internet transactions, personal devices, government services, public and private database records), in order to build even more intrusive real-time identity/geolocation-aware dragnet surveillance systems?

Blockchains appear to hold promise for giving back some measure of control over our own "data exhaust", but I am concerned that we may not be giving enough thought to how Google/Citibank/NSA could subvert them for evil purposes. Bear in mind that James Comey and his Chinese/Russian/FVEY counterparts will be screaming for backdoors in blockchains, while NSA will no doubt attempt to "influence" which hash algorithms are adopted by standards organizations.

I am concerned that many cypherpunks may not realize the extent to which the financial elite and governments are determined to wrest back control of future implementations of blockchains from the individual citizen.

From a recent high profile report urging ubiquitous blockchains, which accentuates the (not entirely disingenuous) positive possibilities:

Distributed Ledger Technology: beyond block chains
Mark Walport
Chief Scientific Adviser to HM Government
Dec 2015

> The key message is that, by fully understanding the technology, government and the private sector can choose the design that best fits a particular purpose, balancing security and central control with the convenience and opportunity of sharing data between institutions and individuals.
> ...
> The challenge is to strike the balance between safeguarding the interests of participants in the system and the broader interests of society whilst avoiding the stifling of innovation by excessively rigid structures.

I think the way Walport frames the issues are about as good as we can expect, but I worry that the unofficial definition of "stakeholders" in the US (where TP is based) tends to mean "the ruling elite", and "protecting the broader interests of society" tends to mean "protecting the personal interests of the ruling elite".

In the UK and US it is increasingly true that a sizable fraction of the population (I think well over half) are receiving some kind of government benefits. So as usual the first targets of the lastest dragnet surveillance innovations will be the poorer people. But they'll soon come for the middle class too. These same governments are very interested in replacing the dollar and the Euro with NSA-designed cryptocurrencies which could be used by the intelligence agencies to track in real time every economic transaction of every person.

Since most future Tor supporters are drawn from the ranks of the 99%, this could quickly become a very serious threat. Especially bearing in mind the fact that China is rushing to openly introduce personal "citizenship scores" similar to those FVEY is using in secret.

I again urge Shari to make it a top priority that TP and well as ACLU and EFF are on the USG list of "stakeholders" as the USG in particular asks the question it always asks about everything which seems beneficial on the surface: "how can we exploit this to further our national security and economic policies?"

GCHQ, HMRC, CESG, DWP, Bank of England, and Barclays are among the entities which provided input for the cited whitepaper.

Barclay's has a "VP for Blockchain".

The level of interest in the US-based megabanks is also very high.

An analogous USG whitepaper is said to be in the works, and TP should make it a priority to get a seat at the table (which will no doubt mean rubbing shoulders with NSA people, but you are used to that).

"...the unofficial definition of 'stakeholders' in the US (where TP is based) tends to mean 'the ruling elite', and 'protecting the broader interests of society' tends to mean 'protecting the personal interests of the ruling elite'."

That's very Chomskyesque, but stakeholders is generally accepted to mean affected people.

February 11, 2016

In reply to arma


Isn't it U.S. federal law that every provider of financial services "know their customer" and is able to positively identify them?

I have a stupid question about the Electrum client in Tails 2.0. Read the documentation twice and still have no idea whether or not Electrum is somehow supposed to enable me to use Tails running on some device to actually generate 0.001 bitcoins which I can then use to donate to Tor or Tails Projects, or whether I must use some other way to convert local currency into bitcoins before I can try to use Electrum.

Does anyone know the answer? I hope my question is clear. I have never used electronic currency.

January 22, 2016


The Truth About The Tor Project.

Right, fsck it, I don't have any other medium to disclose this so I am chucking it into the ether.

There is such an obvious Tor privacy attack going on an no-one is talking about it. This attack on Tor is facilitated part by the pushers of the Tor browser bundle, and part by CloudFlare.

Any Tor user knows that in the last month, Tor has become unusable on 99% of CloudFlare secured websites. Users are presented with an impossible captcha, or even when they are presented with a solvable one, it is interpreted as incorrect. When an audio challenge is given, one number is deliberately unintelligible, or in the event of a solvable audio captcha, you are still taken to another captcha.

The help box on the Captcha often says "to stop seeing these requests, enable Javascript". So for you to access most quality/normal content, you now need to enable Javascript. Also to access almost anything that could be DDoS'ed or Spamed you need to solve a captcha, and thus, to use most of the internet requires you to be running Javascript if you are a Tor user. Remember CloudFlare was the go to response for almost any free-speech tor platform that has felt the brunt of DDoS or spam. Combine this with the fact that the Tor browser bundle now comes with NoScript DISABLED globally (this wasn't always the case), so JavaScript is default on.

The problem with this, is that javascript facilitates STUN requests ( How do people not see this?!. With 30 lines of javascript I can decloak your real IP address (and your internal IP address) and it is totally invisible to you.

The NSA/GCHQ don't fucking need browser exploits or 0days to decloak people anymore, they have just used their leverage with CloudFlare to make most websites unusable to Tor users unless they put themselves at risks of Tor requests. CloudFlare also openly admit performing SSL MITM (Man-In-The-Middle) to function as a caching proxy. So this one company forces you to become vulnerable to STUN requests, and decrypts all the content of your communications. Does this not ring alarm bells?.

How can you not see this?! How can the Tor community not see this?! Why is no one talking about this?!

Please Retweet This.


A) "Combine this with the fact that the Tor browser bundle now comes with NoScript DISABLED globally (this wasn't always the case)" -- no, sorry, you're mistaken. It has always been the case. Tor Browser uses NoScript as a defense-in-depth way to disable plugins like Flash:
(That said, with the addition of the "security slider", some of the higher security settings disable more or all of JavaScript. This is still true now.)

B) Your webrtc-ips example doesn't work against Tor Browser, because it explicitly removes (not just disables, but actually removes) that functionality for exactly the reason you describe. See

C) If you do have attacks that work to deanonymize Tor Browser users, whether using JavaScript or css or libpng or whatever, we'd love to hear about them! In fact, there is an upcoming bug bounty program to pay people for exactly these sorts of finds. You can hear more about it in our 32c3 talk this year:

D) You are absolutely right that Cloudflare is a pain for Tor users these days. They say they care, but at the same time they won't implement even simple fixes to make things better for most users most of the time. This is very sad. We could use your help in encouraging them to improve things. See also…
in case you want a paid fellowship to work on the problem.

I am frustrated too, but I can't understand how anyone could possibly sincerely believe that TP is trying to sabotage the user experience of Tor users [sic].

Based upon my own experience as a regular user of Tor, I would imagine that it is probably true that just about every regular Tor user has encountered Cloudfare captchas more frequently in recent months, but I guess they suffer in silence for the same reason I do: we follow this blog and the archived tor-talk mailing list, so we know that the topic has been raised several times, and the answer has always been that TP is doing all it can, which is pretty much limited to

o emailing administrators and asking them to try to find a more Tor-friendly solution to whatever problem they are experiencing at their website which induced them to hire CloudFare,

o emailing CloudFare and asking them to avoid excluding Tor users from solving their captchas.

So we realize there is no point in asking the same question which has been asked before.

Ultimately, I think the solution is the same as the solution to many other problems which TP currently confronts: grow the user base by leaps and bounds. When a large fraction of Internet users use Tor often, Cloudfare will not be able to ignore the needs of Tor users.

The Comeyites, the Putinoids, the fifty centers, and other enemies of freedom will do anything they can to prevent this from happening, but we all will just have to overcome them by irresistible popular will.

"...enemies of freedom will do anything they can to prevent this from happening, but we all will just have to overcome them by irresistible popular will."

These enemies of freedom are a growing majority of all people.

Just don't use their services.. Their usage of CloudFlare or reCAPTCHA (the unsolvable captcha is reCAPTCHA, it is unsolvable in any other place too) or 'you must enable JavaScript in order to use this website' or 'please validate your mobile phone' or 'you must pay some amount of money to us to be able to sign up via Tor' means that they don't welcome anonymous users and that they are enemies of anonimity. Just don't use their services because it's dangerous to use the services controlled by an enemy.

Perfect example of this is the use of Tor Stack Exchange or lack of use. As usefull the site would be to Tor users with questions; the only way would be to turn on Javascript. It even says that in a big red bar on their splash page. The site is even burned into the bookmarks of Torbrowser....kinda ironic. Sometimes the captchas appear depending on the route you take to the site, sometimes they don't. Regardless, a perfect example of something useful, but could also be exploitable. I don't trust anywebsite these days. However, it would be callous to believe that Tor doesn't care.

@ Shari, Roger:

I'd spend some time trying to answer questions at a site like StackExchange, but it is impossible to use StackExchange without doing things which I consider very unsafe. So people are indeed being prevented from volunteering their time to help out by the anonymity problems with the mailing lists and StackExchange.

> I don't trust any website these days

It is our misfortune that we live at the dawn of the Age of Paranoia.

Yes indeed! As a proof of concept to see if the interest is there, this first funding drive was a wild success.

Of course, other organizations like EFF have much larger budgets, and raise a whole heck of a lot more funding this way. EFF brought in something like $13M last year (not all through small donations of course).

On the third hand, comparing ourselves to EFF doesn't necessarily make sense. We're a different organization, with a different angle on how to save the world. I mention them because their funding model shows that it's been done before.

And finally, lest you accuse me of not recognizing your sarcasm/cynicism, I'll send you to two other blog posts to read:…

> Pretty generous salaries for a "non-profit".

Actually, no.

If you are concerned with CEO salaries generally as a reflection of the general phenomenon of income inequality throughout the world, I share that concern, and urge you to vote for national and local political candidates who make it a priority to try to ameliorate that problem. (In the US that would be Sen. Sanders.)

But if you were stating that you think Shari is overpaid, above and beyound the wider issue of CEO salaries generally, I would ask you to read carefully the comments on the following post, especially the three part (incomplete!) outline of challenges facing the new Executive Director:

Doesn't sound at all an easy job, does it? Very few people can take on a job this hard, and TP is damn lucky to have found someone. Especially since dramatically changing its funding model is possibly the most important change TP needs to make over the next few years, and Shari Steele is perfectly qualified to do that. It's going to happen, and it's going to be great!

"dramatically changing its funding model is possibly the most important change TP needs to make over the next few years"

I think TP should apply for any government grants they can get.

January 22, 2016


I donated but never understood how to redeem a perk. I thought i would receive an email with some info. I even emailed to ask about it, twice, and did not receive a response.

Thank you for your donation!

We are still going through the backlog of donation emails, to mail people to thank them, to offer them the shirts/stickers/hoodies, etc.

Having a more smoothly working infrastructure for handling donations is one of the big steps we'd like to take before we do a second campaign.

Please be patient, and hopefully you'll get your responses soon.

January 22, 2016


A onion site for bitcoin donations will be a great improvement of the donation process. Also add exite nodes to the onion network will be beautiful.

> I'm pretty sure that governments are more worried about these legitimate people than those pedos using tor.

Very true, sad to say.

Just one example of a horrid phenomenon which will become more and more common all over the world, in which anyone who opposes injustice will be persecuted by governments and other powerful entities:…
The day Zhao Wei disappeared: how a young law graduate was caught in China's human rights dragnet
Tom Phillips
25 Jan 2016

Another very clear trend: following NSAs lead, governments and other actors are increasingly inclined to avoid "fact checking" their death-warrant-by-algorithm, so more and more uninvolved persons will be become a "collateral damage" statistic.

January 23, 2016


@ all my fellow Tor users who donated:

Many thanks for helping to make the first fundraising drive a success!

I think the amount collected on the very first try shows that as Tor becomes more widely adopted the Project will indeed be able to move from a USG-academic/defense-research project funding model to the kind of user-supported funding model which is more typical of other NGOs in the civil rights/human rights arena such as EFF, Amnesty International, HRW, RSF, MSF, etc.

@ Tor fundraising team:

Thanks so much for all your working making this happen!

Good to see at least one tech news outlet reporting on the outcome of the funding drive:…
Tor Project raises over $200,000 in attempt to “diversify” its funding
Cyrus Farivar
22 Jan 2016

> As a result of its recent crowdfunding campaign, the Tor Project announced Thursday that it had raised over $200,000 from more than 5,000 individuals over nearly two months.

Anyone know if The Register reported on this?

> Don't know - The Register is hosted on 'Cloudfare' :D

As in CDN (Content Delivery Network)?

Too bad, sounds like we'd all rather give up reading an important source for UK tech News rather than risking Cloudfare's mysterious antics with javascript, apparent font enumeration fingerprinting, and captcha's which we allegedly repeatedly fail.

"Don't know ...", "Give up ..."? Sigh.

A REMINDER to all Torists despairing of Cloudflare on how to circumvent Cloudflare in the meantime:

Use the StartPage search engine (paste the literal URL in for a direct hit), and click on 'Proxy'. Almost always works, an occassional "Error 403: Forbidden" can be overcome by retrying some minutes later. There might be loss of functionality (like cross-site javascript links*) because StartPage proxy strips out javascript, but you got reCAPTCHA'd by Cloudflare because you disabled javascript anyway, right?

In answer to whether El Reg reported on the Tor crowdfunding outcome: they didn't. Their last on that was 25th Nov 2015. Practice now with StartPage proxy!:


Happy to impart knowledge useful in acts of Torism. (Am I on a government watchlist now?)

* What's wrong with noscript refs, huh?

> In answer to whether El Reg reported on the Tor crowdfunding outcome: they didn't. Their last on that was 25th Nov 2015.

Strange. I wonder if HMG is pressuring the editors not to praise the security merits of Tor Browser.

January 23, 2016


Time to start thinking about the *next* funding drive.

Here's one idea: you know who has no freaking privacy whatsoever? US military enlisted service people, that's who!

Does TP have enough fearless supporters (esp. former military) in places like Norfolk, San Diego, Ramstein, to set up tables outside, er, off-base entertainment establishments?

What about setting up tables on the National Mall (once the snow clears)? Because congressional employees need Tor too (point to the CIA spying revealed by that absurdly unlikely whistleblower, Sen. Feinstein).

What about New York City Hall? Or the Liberty Tower?

What about reaching out to US university colleagues to get in touch with student groups which might be interested in "Tor tabling" on their campus?

(To prevent possible misunderstanding: I see all the difference in the world between taking money from the USN and taking money from individual Tor supporters who happen to be sailors in the USN.)

I can understand why you are upset, but anger alone won't solve any of the challenging global problems faced by human society at the dawn of the 21st century, which were created by three generations of misgovernment and cynical self-serving economic policies pursued by the ruling elite, mostly US but also China, Russia, Saudi, EU, etc.

Unreasoning rage makes authoritarians electable in countries like USA, Turkey, Poland--- which poses a problem for the entire world.

The answer is not to get mad, but to get smart. Talk to people, brainstorm possible responses, identify those which might prove practical and effective, and then tell TP what you think will help and why.

> Cloudflare==nsa

You appear to claim that Cloudfare can be identified with NSA. That agency does have a longstanding practice of attempting to "shape" to world to suit its own interests, in utter disregard of every other consideration (e.g. human rights, the Constitution, wider political considerations), as is amply confirmed in the Snowden leaks (and by previous whistleblowers). But your claim goes well beyond that. Do you have any evidence?

You ask:

> are you going to "KILL" nsa?

Whom are you addressing? Tor Project? Human rights campaigners?

By "kill" do you mean "cease to operate"? Or do you mean killing actual people?

Human rights campaigners and privacy rights activists are working to cause NSA/CIA and other USG-sponsored terrorism agencies to cease to operate, for example by defunding these agencies, declaring them illegal terrorist organizations, etc., and we are working to ensure that those persons who have committed war crimes (air strikes on MSF hospitals, "signature" drone strikes, "kinetic effects" targeting children, and a long long list of other horrors) are brought to justice in special tribunals which charge the worst of the worst with war crimes. We especially seek to ensure the imprisonment of the higher ranks, but we also seek the arrest of lower level functionaries, with the goal of inducing them to provide evidence against their superiors in return for a reduced sentence.

We also seek to bring to justice all other persons involved in the planning and execution of war crimes, such as persons involved in Russian air strikes targeting defenseless civilians in Syria, or Saudi air strikes targeting MSF ambulance drivers in Yemen (for example).

We believe we are making significant progress towards these goals, for example by compiling extensive evidence that specific persons have committed specific war crimes. Prosecuting genocide tends to be a long drawn out process, but we are determined to persevere until everyone who has participated in war crimes is brought to justice.

War Crimes tribunals are fully functioning courts which operate openly under strict rules of evidence and follow rules of procedure, and they provide skilled defense lawyers to defendants. The contrast with NSA/CIA assassinations, where an NSA/CIA algorithm acts as judge, jury and executioner under conditions "above Top Secret", could not be greater.

Does that answer your question?

>> Cloudflare==nsa
>You appear to claim that Cloudfare can be identified with NSA. That agency

Please sit and wait for another whistleblower if you don't have opinion of your own. Or you can try to think of Cloudflare and nsa intentions to get access to encrypted connections. Google Apple Microsoft are "officially" compromized. Common people have become less naive and want https connections. And oops... have a look nsa has a solution - Cloudflare (and of course investors - Google Microsoft ). Lets 'advise' website owners to use Cloudflare service(bamn). Common internet user sees https mark and believs he connects to the right server which has certificate and the private(!) key. But that mark is fake now. How to trust 'secure' https connection when it can be falsified by Cloudflare?

You see the problem are not captchas they are just for ad purpose. Wait a minute, maybe you think it is Saudi not nsa?

>You ask:
>> are you going to "KILL" nsa?
>Whom are you addressing? Tor Project? Human rights campaigners?

Can;t you read?
anonimous1>>>Every time I use Tor I want to KILL everyone who works for Cloudflare.
anonimous2>>are you going to "KILL" nsa? Cloudflare==nsa.
anonimous3>Whom are you addressing to? Tor Project? Human rights campaigners?

Thus any sane person can see the flow of comments. Time to educate yourself? Please try to read it again and do not slant the comments.

Are you sure that Cloudflare is the subject for "War Crimes tribunals"??
If you want to tell us about "War Crimes tribunals" you can start another thread. Or a more advanced solution is to create an official "War Crimes tribunals" onion site with a blog and give us the reference. It is quite simple btw.

I believe you will "bring to justice" noone. It is just imposible in modern "new order" - opposite to those days of 1945-1946. As for the russian kgb state... nostradamus warned about disaster from north.

And i don't have questions btw. I wonder whom you are answering to you think...

January 25, 2016


That's an average donation of 40 $, increasing the number
of donors and the average donation is the goal for the future.
With the richest nations having the bigger users base it would
be great to have those campaigns addressing a wider audience
than the global "english" world.
Ask your spanish, french, japanese, ... friends to be part of "what a tor
supporter looks like" for example, not so much a language problem
but to include or reflect more on the diversity of the world.

There is enormous public outrage in Spain over the "vomit law" and other repressive measures, which have already been used by the government to target a key TP partner, Riseup Networks.

So I agree that TP should consider prioritize working with our allies in Spain to create a Spanish language fund-drive based upon the premise that Tor can help defend protesters against the governments sharp turn back towards fascism.

January 25, 2016


While I'm glad to see your crowdfunding campaign go well I agree that cloudflare is an enormous threat that is greatly underestimated.
Many sites now use their services and not only let them decide who is to be filtered out but also give them unlimited access to their traffic. As said, https over cloudflare is nothing else than a MITM attack in which you voluntarily hand out your key to the attacker. And I am pretty sure many of their customers are not aware that they let cloudflare read all their encrypted traffic.

But even without cloudflare, tor has a fundamental problem. It is extremely easy for any site to lock out tor users as the exit nodes list is public. You have made great achievements in protocol obfuscation to make entry guards reachable, but what's the use when most sites block the exit nodes? Thanks to cloudflare we can't even view a lot of websites, let alone post something. Just try to create an email account using tor. Next to impossible nowadays. Even many forums deny account creation with a tor IP.

And the policy of asking companies to unblock tor is both naive and weak. Worked great with wikipedia, didn't it? You could as well ask the chinese government to unblock tor. It would be quite insane from their point of view.

Let's be honest, there are plenty of people who are using tor for vandalism, spamming and the distribution of illegal content. The exit nodes aren't blocked for nothing. And companies like cloudflare, as well as every responsible site admin can and will never ignore this fact and treat tor exits like normal IPs.
Cloudflare's customers expect them to identify and block malicious traffic. And whether we like it or not, the amount of 'good' users lost by blocking all of tor is negligible compared to the threat mitigated by doing so. I was actually surprised they eased tor access for a while last fall. Even posting was possible on some sites for a while. Guess that didn't work out for them too well.

Fact is, tor devs will have to actively deal with this problem at some point or tor will become unusable except for hidden services.

If you think that pretty words and patience are the solution you live in a dream world. I mean, if it was that easy we would not be needing tor in the first place.

"Responsible site admins" should focus on blocking malicious traffic regardless of the source, not cutting off millions of users based on a few bad actors. A dedicated attacker isn't going to stop just because exit nodes are blocked. Like arma says above:
"You are absolutely right that Cloudflare is a pain for Tor users these days. They say they care, but at the same time they won't implement even simple fixes to make things better for most users most of the time."
To me, this smells like behind the scenes NSA involvement like with RSA or what they attempted with Nacchio of Qwest. Why else would a commercial entity like Cloudflare seemingly go out of their way to generate bad will and frustrate users, many of whom work in the IT industry and are potential clients?

You've persuaded at least one ordinary user that TP can't wait to start serious work on finding an effective response to CloudFare censorship.

One easy first step would be a blog post from a TP staffer explaining the two key points in your post

o users who attempt to agree to CloudFare Captchas are actually "agreeing to" MITM in case of an encrypted connection to an https website

o whether the connection to the destination is encrypted or not, CloudFare sees all traffic (webpages visited, logons, downloads)

and adding some more:

o US, EU, and other "blocks" are holding frantic high level discussions about government mandated censorship by ISPs and popular websites such as Facebook of supposed "propaganda" by IS (and other adversaries), or by internal dissidents, and we appear to know little about CloudFare's role in such policies.

o role of content delivery networks (CDNs)

o ties with issues surrounding the apparently NSA engineered backdoor(s) in the Juniper routers used by many firms which sell CDN services to websites

o customer service will become impossible to obtain if you signed up over Tor.

Ultimately I think the only long-term solution is the same as the solution to most of the other political/financial threats faced by TP: "mainstreaming" and growing Tor use by ordinary citizens all over the world. This would presumably help solve our problems with CloudFare by providing an economic incentive to CloudFare (and its customers) to not block all Tor users (who do not agree to MITM) "just because". Of course, we need to be careful to help websites avoid temptation to grant government agencies or third parties free access to their internal networks in order simply to avoid MITM.

Top French cop meeting US officials over terrorist use of social media
Katie Bo Williams
26 Jan 2016

> French Interior Minister Bernard Cazeneuve said Tuesday that he will meet with top U.S. officials in February to discuss how best to stymie terrorist activity on social media, according to The Wall Street Journal. He will also meet with U.S. tech firms to “update our level of cooperation” — a substantial change in tone from a year ago, when he warned that “we won’t succeed in our fight against terrorism unless Internet actors start taking responsibility.”

It's important to understand here that the government of Spain explicitly regards street protesters as "terrorists" who pose the same or greater level of threat as supposed IS terrorists scheming to carry out terrorist acts in Spain. (Not an entirely imaginary threat, to be sure, but it seems clear the government is more worried about massive anti-austerity protests).…
Oversight investigating possible backdoor in government networks
Cory Bennett
26 Jan 2016

> The House Oversight Committee is investigating the government’s use of a vulnerable technology that some fear could have allowed foreign governments to snoop on encrypted U.S. communications.…
Moment of truth: Feds must say if they used backdoored Juniper firewalls
Dan Goodin
26 Jan 2016

> Congressional oversight leaders are requiring most federal agencies to audit their networks to see if they use Juniper-manufactured firewalls that for four years contained an unauthorized backdoor for eavesdropping on encrypted communications.…
How Amazon customer service was the weak link that spilled my data
Even when doing everything right, an Amazon account is all it takes to get breached.
Eric Springer
26 Jan 2016

> After being the victim of these attacks for months, all I'm left with are a few recommendations to offer these services going forward
> ...
> Show support agents the IP address of the person connecting. Is it a usual one? Is it a VPN/tor address? Warm agents to be suspicious.

Clownflare is NS(pider)A controlled company just like gugle. And you can imagine how collected data can force website owners to move to said company which will own even there private ssl keys... just look at governments.
But anyway there is no intention to lock even such a small problem as force the enemy to USE tor to access for tor nodes list...

January 25, 2016


Hi, what happened to Tor Weekly? Really enjoyed those weekly articles on the blog.

Also, what happened to the user "phobos"?

January 25, 2016


I'm late to the party. Should I donate now via European Bank Transfer (and support the Renewable Freedom Foundation?) or should I wait for the next round and donate via Paypal?

Whichever you like. Why not both? :)

I talked to Moritz (who controls the RFF account) at 32c3, and we agreed that having that funding go towards dev meeting costs is a great plan. That way he doesn't get into the complicated "European non-profit giving money to American non-profit" situation, but it's also going directly towards a cost that otherwise we would be paying. Win-win.

Thanks for still wanting to donate!

January 26, 2016


I hate to say it, but if services are using "cloudfare" to do the dirty job
instead of them doing it, it means to me that those services are
not even worth using or services i can't trust.
If a service cannot mitigate "threats" but by blocking tor nodes, why this
service is even online ? It's not a service, it's a empty shell like most
of the web trend to become nowadays.

January 26, 2016


Thanks for being awesome and not letting web surveillance go unopposed!

Not sure if I made it in time for the big count, but the average contribution of $40 shows that no matter what you can give, it will be amplified in force.

Please don't send me a T-shirt.

February 02, 2016


Why don't you start a project to avoid the distribution of child sexual exploitation material via the tor browser??! Beside "Families" and "Buisness" a lot of pedophiles use the tor browser to share the worst of the worst images and videos! What a shame to promote just the light side of tor even if the dark side is obvious! Are you acting on that???! Are your eyes blind caused by too much onions???!

February 02, 2016


Should TP be doing more to help people set up HS properly?…
Default settings in Apache may decloak Tor hidden services
World's most widely used Web server often displays geographic locations of Tor sites.
Dan Goodin
1 Feb 2016

> Websites that rely on the Tor anonymity service to cloak their server address may be leaking their geographic location and other sensitive information thanks to a setting that's turned on by default in many releases of Apache, the world's most widely used Web server.

February 03, 2016

In reply to arma


OK, thanks.

About the donated services: Cymru Research provides the TP website and torcheck, correct?

Online documents suggest Cymru Research (whose founder/CEO sits on TP Board of Directors and was featured in the funding drive) is a nonprofit whose income (comparable to TP) is entirely from grants (not otherwise specified). They are involved in USG cyberdefense and apparently work very closely with certain agencies whose priorities may not closely match those of TP. I again ask for clarification.

To prevent possible misunderstanding: I read the latest white paper coauthored by Bruce Schneier and Susan Landau (also featured in the funding drive), and it did not escape my notice that they worked with people like former NCTC Director Matthew Olsen, who is now the CEO of IronNet Security, which apparently makes him the current boss of former NSA/CSS Director Gen. Keith Alexander. (Other former NSA Directors have come out against "backdoors", and even the current Director, Adm. Rogers, may have reversed his previous position to oppose them.)

In this case I think I know enough about the political situation to understand why even after Snowden's leaks, privacy advocates still sometimes work with the bad guys. Eg. if we can eliminate FBI, by all means work with NSA, our ally in that fight. If we can eliminate NSA, by all means work with Google. But in contrast, Cymru Research seems to be very secretive and this worries me, particularly since it seems that two of their employees spent several months working FANX Annex.

All I want is some explanation. Were they working with the IAD people to protect HHS servers? Or with people trying to break Tor?

See the "Problem Set" just published by Cory D for more information on Tor traffic tflow being offered for testing metadata analysis software to FVEY partners, including outside consultants.

February 05, 2016

In reply to arma


About Riseup Networks: just want to make sure you know that Riseup's email server has been targeted by Hacking Team. One documented example is a request for an HT "exploit" made by someone apparently associated with the Czech police (or intelligence?) who apparently wanted to break into the email server. Not saying you should not use Riseup; quite the opposite, TP should work even more closely with Riseup and Citizen Labs to document this kind of abuse.

February 17, 2016

Extremely severe bug leaves dizzying number of software and devices vulnerable
Since 2008, vulnerability has left apps and hardware open to remote hijacking.
Dan Goodin
16 Feb 2016

> Researchers have discovered a potentially catastrophic flaw in one of the Internet's core building blocks that leaves hundreds or thousands of apps and hardware devices vulnerable to attacks that can take complete control over them.
> The vulnerability was introduced in 2008 in GNU C Library, a collection of open source code that powers thousands of standalone applications and most distributions of Linux, including those distributed with routers and other types of hardware. A function known as getaddrinfo() that performs domain-name lookups contains a buffer overflow bug that allows attackers to remotely execute malicious code. It can be exploited when vulnerable devices or apps make queries to attacker-controlled domain names or domain name servers or when they're exposed to man-in-the-middle attacks where the adversary has the ability to monitor and manipulate data passing between a vulnerable device and the open Internet. All versions of glibc after 2.9 are vulnerable.
> It will take time for engineers and researchers to analyze this latest bug, but at first blush, it appears it poses the biggest threat to routers and Internet-of-things devices that use glibc. Those devices rarely contain the types of No-eXecute and ASLR mitigations that come standard on most production servers, making code-execution exploits much easier to develop. What's more, hardware is rarely updated, making it unlikely vulnerable devices will ever be patched. The good news, as people have pointed out on social media and in Ars comments, is that many home routers use glibc alternatives that have yet to be reported as vulnerable. It could take weeks for a complete list of vulnerable devices to become available.…
Glibc: Major bug threatens thousands of Linux apps and IoT devices
Open source? More like open season for hackers
Seven-year-old bug threatens Linux apps and smart devices built on open source code
Roland Moore-Colyer
17 Feb 2016

> A SEVERE BUG in a widely used open source library has left hundreds of thousands of Linux apps and hardware open to hackers and malware...The flaw is in a function known as getaddrinfo() when used by apps and hardware such as routers based on glibc code to communicate with IP addresses using domain name servers (DNS).
Google and Red Hat Found a Dangerous, Widespread Bug
David Meyer
17 Feb 2016

> Engineers at Google and Red Hat independently found an egregious bug in very widely-distributed computer code library known as “glibc”. The bug, which dates back to 2008, affects hundreds of thousands of devices and programs that use software derived from the GNU free-software project. The products, which range from servers to routers to Internet-of-things devices, are vulnerable when they try to use a certain function to translate web addresses into their underlying, numerical IP addresses. If an attacker controls the web server or domain name the victim is trying to communicate with, or if someone is intercepting the communications between the victim’s device and the server or domain name, it’s possible to make the victim’s computer crash — or, with some effort, to even insert malicious code in that machine.…
CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow
Fermin J. Serna, Staff Security Engineer and Kevin Stadmeyer, Technical Program Manager
16 Feb 2016

> Our initial investigations showed that the issue affected all the versions of glibc since 2.9. You should definitely update if you are on an older version though. If the vulnerability is detected, machine owners may wish to take steps to mitigate the risk of an attack.
> The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack.
> When the thisanssizp pointer variable on line 1257 is updated, thisanssizp = anssizp2, i.e assigned a new address, this change causes the thisanssizp pointer variable used in the recvfrom function on line 1282 to use the wrong size if a new buffer is created after the thisanssizp address has been changed at line 1257....The recvfrom function will
not crash, but any further accesses to the buffer where the bytes read was 0 from the recvfrom function will crash the program.…
The CVE-2015-7547 glibc getaddrinfo() vulnerability, and you.
Nick Mathewson nickm at
16 Feb 2016

> summary: New glibc bug. If you use glibc, install your vendor's
patches as they become available. Tor is not an easy target for this
attack, but you should upgrade anyway.

Question: thanks to Nick M for clarifying wrt tor client itself, but is Tails 2.0.1 vulnerable? As far as I could tell in a quick look, Tails does not use glibc itself, but I have the impression that the vulnerability has existed unfixed for so long that it might propagate to seemingly quite different packages such as python or perl.

Dan Goodin ends his article by asking:

> It remains unclear why or how glibc maintainers allowed a bug of this magnitude to be introduced into their code, remain undiscovered for seven years, and then go unfixed for seven months following its report. By Google's account, the bug was independently uncovered by at least two and possibly three separate groups who all worked to have it fixed. It wouldn't be surprising if over the years the vulnerability was uncovered by additional people and possibly exploited against unsuspecting targets.

I think that's a good question. If I am not mistaken, the problem was public information for seven months, during which time the maintainers apparently did nothing to fix it. I am not a coder, but have the impression that the problem would have been easy to fix.

Another question: most ordinary Tor users must rely on SOHO routers to get on the Internet in the first place. Many of these appear to use hardwired default name servers. Before Debian 8 I knew a clumsy and possibly dangerous way to make /etc/resolv.conf point to a name server I hoped I could trust to promptly install security critical patches, but systemd has confounded all my attempts to do this under Debian 8. Tails 2.0 and later use systemd also. Why does Debian make it so difficult to find an explanation of how to point to a DNS resolver you trust (wisely or not)? If Nick knows how, can he share an explanation? I imagine the instructions would be short.

February 18, 2016


The PR offensive by our enemies in Cryptowars II continues with a new coordinated offensive. Both Admiral Michael Rogers (NSA Director) and John Brennan (CIA Director) are once again blaming their agencies's multiple recurrent failures on, you guessed it, "encryption":…
NSA’s director says Paris attacks “would not have happened” without crypto
Tells Yahoo News encryption prevented "insights" that could have raised alarms.
Sean Gallagher
18 Feb 2016

> In an interview with Yahoo News chief investigative correspondent Michael Isikoff published today, National Security Agency Director Michael Rogers declared that the terrorists involved in last November's attacks in Paris used at least some encrypted communications to plan their actions, preventing NSA from being able to warn French officials in advance. Because of encrypted communications, he said, "we did not generate the insights ahead of time. Clearly, had we known, Paris would not have happened."
CIA Head John Brennan Says CIA Failed To Prevent Terrorist Attacks Because Of Encrypted Communications
from the now-he's-just-fucking-with-everyone dept
15 Feb 2016

> As has been noted here in several posts, the terrorist attacks in Paris had nothing to do with encryption (or the Snowden leaks), although many government officials (and the French government itself) were quick to demonize both.
> The facts:
> The Paris attackers communicated mostly through unencrypted SMS.
> That the attacks were carried out successfully appeared to be the result of an intelligence failure, rather than the terrorists "going dark."
> Evidence shows terrorists' communications methods have gone largely unaltered despite the Snowden leaks, meaning intelligence agencies still have the access to communications they've had for years.
> Never mind all that, says John Brennan. It may have been an intelligence failure -- but only because encryption got in the way.

February 18, 2016


@ Shari:

Want to make sure you know about this and are formulating a response to a possible similar order directed at Tor Project which might be handed down any day:

A judge has ordered Apple to create a device or software which would enable agents to bypass built in security features in order to "brute force" unlocking by very rapidly presenting possible passphrases without invoking the feature which causes the phone to wipe itself when ten incorrect guesses are entered in rapid succession:…
Why Tim Cook is right to call court-ordered iPhone hack a “backdoor”
Custom version of iOS could undo years of work Apple put into securing iPhones.
Dan Goodin
17 Feb 2016

> It would remove normal iOS functions Apple created to intentionally increase the amount of time it takes to repeatedly enter passcodes, and it would allow an unlimited number of guesses to be made without destroying any data. The Apple-produced software must also allow the FBI to submit PIN code guesses through the phone's physical device port or through Bluetooth or Wi-Fi connections, a requirement that would allow investigators to use speedy computer scripts rather than manually enter each PIN candidate. Based on the wording of the order, the customized iOS version probably wouldn't be directly installed on the phone, but rather loaded into the phone's memory, in much the way OSes can be booted from a USB drive.
> ...
> It's always risky when judges with little or no technical background make legally binding orders compelling the design of software with so many specific requirements. How can US Magistrate Judge Sheri Pym know if it's even possible for Apple to design a version of iOS that will install on only a single, designated phone? And how is anyone supposed to know that such a measure can't be bypassed the way so many other software restrictions are hacked? The answer is she can't know, and neither can anyone else.
> Besides the potential for abuse, some critics argue that a court-ordered exploit sets a dangerous example on the international stage. "This move by the FBI could snowball around the world," Sen. Ron Wyden (D-Ore.) told The Guardian. "Why in the world would our government want to give repressive regimes in Russia and China a blueprint for forcing American companies to create a backdoor?" If countries know Apple already has created the software needed to bypass iPhone security, the temptation to order Apple to use it would be strong, critics say.…
Trump slams Apple for refusing to unlock San Bernardino phone
Katie Bo Williams
17 Feb 2016

> GOP presidential front-runner Donald Trump is insisting that Apple unlock the iPhone of one of the shooters in the San Bernardino, Calif., terrorist attack. "To think that Apple won't allow us to get into her cell phone," Trump said on "Fox and Friends" Wednesday morning. “Who do they think they are? No, we have to open it up."…
EFF to Support Apple in Encryption Battle
Kurt Opsahl
16 Feb 2016

> We are supporting Apple here because the government is doing more than simply asking for Apple’s assistance. For the first time, the government is requesting Apple write brand new code that eliminates key features of iPhone security—security features that protect us all. Essentially, the government is asking Apple to create a master key so that it can open a single phone. And once that master key is created, we're certain that our government will ask for it again and again, for other phones, and turn this power against any software or device that has the audacity to offer strong security.…
Apple Slams Order to Hack a Killer’s iPhone, Inflaming Encryption Debate
Jenna McLaughlin
17 Feb 2016

> Many top tech companies, from Adobe to Yahoo, have made statements not only in defense of strong encryption, but also opposed to the government mandating any sort of technological design that would weaken security.
> But few leapt at the chance to stand with Cook. And some corporate executives took critical stands. “I don’t think it is Silicon Valley’s decision to make about whether encryption is the right thing to do,” Randall Stephenson, CEO of AT&T told the Wall Street Journal. “I understand Tim Cook’s decision, but I don’t think it’s his decision to make.”…
Apple vs. the FBI
The company is taking an unlikely stand for consumers’ right to privacy. It may also be helping itself.
Will Oremus
17 Feb 2016
Feb. 17 2016 7:44 PM

> Apple is taking a stand. It’s a strong stand, and an inescapably political one. It’s standing up to the FBI, a federal district court judge, and, by extension, the United States government

Apple vows to resist FBI demand to crack iPhone linked to San Bernardino attacks
Ellen Nakashima
17 Feb 2016…
Judge Orders Apple to Help FBI Hack San Bernardino Shooter’s Phone
Elliot Hannon
16 Feb 2016
Apple CEO Tim Cook pens open letter to FBI: We will not build a backdoor into iPhone, not even to investigate terrorists
Once there, it would be as if the government had a "master key" that allowed it to enter any business or home
Scott Eric Kaufman
17 Feb 2016

Question: if USG effectively outlaws Tor by ordering TP to insert a backdoor or assist NSA/whomever in developing effective dragnet style cracking machines/software, what is our plan? TP appears to be vulnerable because it is a US nonprofit and many key Tor people are based in US. I really think TP needs to be prepared to evacuate key people/documents outside US territory.

I fear that ordinary Tor users all over the world may shortly be confronted with the unpleasant alternative: obey laws in your jurisdiction by not using any product or device which "the authorities" cannot trawl though at will, or no longer try to obey all laws in your jurisdiction. Or slightly less dire: to possibly disobey laws of other nations (NSA) in order to help other Tor users in the USA by (for example) providing unbackdoored Tor in EU software repositories.

February 18, 2016


@ Shari:

Want to make sure you know about an opportunity to provide input into how CISA information sharing is implemented by DHS:…

> While the agency has until June to complete the final privacy document, the bill directed the DHS to release the interim guidelines to give time for outside input.
> "We welcome feedback from privacy advocates and private sector participants," Johnson said.