The Tor Project: building decentralized privacy infrastructure & tools

Public Good Projects Discussion
1

Project Name

The Tor Project

Project Description and why it’s classified as a Public Good

The Tor Project is a 501(c)(3) nonprofit. Our mission is to advance human rights and freedoms by creating and deploying free and open source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

We develop free and open source software for privacy and freedom online, protecting people from tracking, surveillance, and censorship—the Tor network and Tor Browser. The Tor network is a decentralized privacy network designed to help people exercise their human right to privacy, freedom of speech, and access to information. Millions of people use the Tor network every day, most through Tor Browser, a privacy-hardened version of the open source web browser Firefox.

The Tor network, Tor Browser, and all other software, tools, and documentation produced by the Tor Project are free and open source. The Tor network and Tor Browser are designed to be used, built, and stewarded by a large community with different interests, needs, and perspectives. The Tor network is volunteer-run, with thousands of community members donating server capacity to create a piece of collaborative infrastructure that is free to use.

Main Project Funding Sources

The Tor Project receives funding from individuals, private foundations, government agencies, and corporations. You can see both our audited financial statements and our U.S. tax filings here: Tor Project | Reports.

Our funding typically comes in the form of project-specific grants and contracts. Project-specific grants are excellent for stability, but have limitations that make agile development and rapid response to changing internet censorship/surveillance very difficult. In order to better respond to some of the most difficult challenges in the internet censorship and privacy space, we need to raise more unrestricted funding.

As part of this effort to raise more unrestricted funds, we’ve built relationships and received funding from a variety of projects and people in the web3 space, including an NFT auction that was won by PleasrDAO, regular participation in Gitcoin Grant rounds, two grants from Zcash Community Grants, and many other donations from individuals and orgs.

Seeking project-specific funding or funding for general operations

In our request to be considered as a beneficiary of Octant funds, we are seeking general operation funding. The following examples are the kinds of projects made possible with general operating funding:

  • Fighting back in the censorship arms race. Right now, Turkmenistan is severely restricting and censoring the internet, including access to Tor. Helping people access the open internet in Turkmenistan requires a boost in resources that will help us increase bandwidth capacity for bridges that are working for people in Turkmenistan, translate Tor tools into Turkmen, and keep up with censorship analysis and to respond to discoveries by improving our censorship circumvention technologies.

  • Improving measurements of and insights into Tor network performance. Tor is an example of a mature decentralized service—proof that it’s possible to build a better internet. In order to demonstrate Tor’s importance and encourage even more support for this vision, we need to improve the way we can measure (in a privacy-preserving way) activity on the network.

  • Powering onion services, the gold standard in online privacy. Onion services allow people to provide and use services on the Internet, such as websites, securely, privately and without leaking any metadata. Plus, the traffic never leaves the decentralized Tor network. That means when you use an onion service, you don’t leave any footprints of your activity in your wake. With general operating funding, we can focus on important maintenance, additional denial of service attack protections, integrating congestion control and Conflux for Arti and onion services, and continuing to help news outlets, nonprofits, activists, and companies offer onion services to millions of people around the world.

Team Information, including backgrounds and roles

The Tor Project has a distributed team of full- and part-time staff, contractors, volunteers, researchers, and contributors who are experts in cryptography, encryption, anonymity, privacy, decentralization, internet freedom, censorship resistance, browser technology, community building, localization, user experience and design, and more. Learn about our people here: Tor Project | People.

Social Credibility (development progress, awards, notable GitHub commits, referrals)

Recognizing the benefit of Tor to digital rights, the Electronic Frontier Foundation (EFF) began funding our work on Tor in 2004. In 2006, the Tor Project, Inc., a 501(c)(3) nonprofit organization, was founded to maintain Tor’s development.

In 2007, the organization began developing bridges to the Tor network to address censorship, such as the need to get around government firewalls, in order for its users to access the open web.

Tor began gaining popularity among activists and tech-savvy users interested in privacy, but it was still difficult for less-technically savvy people to use, so starting in 2005, development of tools beyond just the Tor proxy began. Development of Tor Browser began in 2008.

With Tor Browser making the Tor network more accessible to everyday internet users and activists, Tor became an instrumental tool during the Arab Spring beginning in late 2010. It not only protected people’s identity online but also allowed them to access critical resources, social media, and websites which were blocked.

Since then, Tor has been important for many social and activist movements, including recently in Russia and Ukraine during the war and subsequent Russian censorship of news and social media. Tor has also been critical for Iranians as the government has restricted access to news and social media during the 2022-2023 protests against morality laws, police brutality, and the violation of human rights of women and girls.

In 2020, the Tor Project won the prestigious Levchin Prize for Real-World Cryptography, honoring Tor’s significant impact and innovation on the practice of cryptography and its use in real-world systems.

Today, our technology is widely understood as a key part of the toolkit for journalists, researchers, activists, and anybody targeted by surveillance or censorship. Tor is recommended by Freedom of the Press Foundation, Committee to Protect Journalists, and the Electronic Frontier Foundation. Important news rooms, including The New York Times, BBC, ProPublica, Deutsche Welle, Mada Masr, and Radio Free Asia entities use Tor to offer censorship-resistant versions of their websites.

Key accomplishments in the last year

  • Re-writing the Tor protocol in Rust (aka, Arti, “a Rust Tor implementation”): The current Tor implementation—written in C—bears the signs of age. We’re on year two of the project to write a Rust implementation of the Tor protocols built from the ground up for safety from bugs that are common in C, flexible embedding, easy maintenance, and good performance on a variety of devices. Fully modernizing the Tor protocol is a huge undertaking and we’re making tremendous strides. This project has so far been supported by the Zcash Community Grants fund. (More here: https://blog.torproject.org/announcing-arti/).

  • Improving protections against denial of service attacks on the Tor network: Last month we released a dynamic, reactive proof-of-work mechanism for onion services designed to prioritize verified network traffic as a deterrent against denial of service attacks. We believe that the introduction of a proof-of-work mechanism will disincentivize attackers by making large-scale attacks costly and impractical while giving priority to legitimate traffic. (More here: Introducing Proof-of-Work Defense for Onion Services | The Tor Project).

  • Partnership with Mullvad VPN to launch Mullvad Browser: Earlier this year, we released a brand-new tool called Mullvad Browser. In short: the Mullvad Browser is Tor Browser without the Tor Network – a browser that allows anyone to take advantage of all the browser privacy features the Tor Project has created. If people want to connect the browser with a VPN they trust, they can easily do so. Our goal was to give users the privacy protections of Tor Browser without Tor. We want to give people options and demonstrate to the world that through partnerships like these, you can create technology with these values in mind. (More here: https://blog.torproject.org/releasing-mullvad-browser/).

Social Media

You can find a full list of our social media channels here: The Tor Project's official accounts on social media - General Discussion - Tor Project Forum

Discord contact

Al Smith, username: @smith.a

PLEASE NOTE I am offline btwn October 4 and October 22 — during this time contact both Isabela (Executive Director) @isa_bela01 and Gaba (Project Manager) @gabelula on Discord.

Eligibility Criteria

  • Do you have a commitment to open-source (i.e. every open-source license accepted by the Open-Source Initiative) technology and sharing results publicly?
  • Have you provided transparency about how exactly funding will be used?
  • Are you advancing values of freedom and privacy (no surveillance and handling of personal data)?
  • Are you supporting decentralization in various fields (for example building Web3 projects)?
  • Have you provided social media channels to the extent that we can confirm social proof of your project?
4 Likes
2

Hello Octant community! You are invited to learn more about what the Tor Project has been up to at our upcoming event, the State of the Onion. The State of the Onion is an annual virtual event where we share updates from Tor Project’s teams and community, highlighting their work and the impact it has made in 2023.

  • Wednesday, Nov. 29 @ 17:00 UTC - State of the Onion with the Tor Project’s teams
  • Wednesday, Dec. 6 @ 17:00 UTC - State of the Onion with Tor’s community

Join us here for the live events, and be sure to click the “Notify Me” button to be reminded when the events start: www.youtube.com/watc
save-the-date-soto-2023
h?v=hdFL0kXu440

Read more about the event here: https://blog.torproject.org/event/state-of-the-onion-2023/

2 Likes
3

Hello Octant community!

Here’s an update on what we’ve been up to since the first Epoch.

Recent accomplishments

lead-videos
lead-videos940×529 99.7 KB

Introduced new Tor support materials and video tutorials in four languages

We’ve developed short, localized, and easy-to-digest explainer videos that guide users on how to access the Tor network, bypass censorship, and share files securely and anonymously. These videos are available in Arabic, Chinese, Swahili, and English. This new video series was designed to showcase the ease-of-use of our most popular tools and combat misconceptions about their everyday use:

Additionally, Tor Browser, Tor circumvention tools, Tor documentation and training materials, and OnionShare are now available in Arabic, Chinese, and Swahili.

lead-tb13
lead-tb13940×529 70 KB

Released Tor Browser 13.0

Over time, Tor Browser has come a long way and undergone several transformations to simplify its user interface and improve functionality. The recent Tor Browser 13.0 release features notable accessibility improvements, refreshed application icons, homepage features, and bigger new windows. This release also marks the removal of legacy code associated with the Torbutton—a step toward better integration and a seamless transition to the new Tor implementation written in Rust, Arti.

lead-arti
lead-arti940×529 34.5 KB

Released Arti 1.1.11

Arti is our ongoing project to create a next-generation Tor client in Rust. Our latest release, Arti 1.1.11, continues work on support for onion services in Arti. And we are so very close! We think that the odds are good that our next release will be the one in which they’re finally ready for testing by others. You can find a list of what we still need to do on the bugtracker.

lead-ai
lead-ai940×529 101 KB

Welcomed Amnesty International’s onion site

This month, Amnesty International, the international human rights non-profit, launched their website as a .onion site: amnestyl337aduwuvpf57irfl54ggtnuera45ygcxzuftwxjvvmpuzqd.onion. We’re happy to count them among the many human rights organizations that offer .onion versions of their sites in order to help users protect their privacy and bypass censorship.

Impact of funding from Octant Epoch 1

Very few of our projects are 100% funded by grants. That means we need unrestricted funding to be flexible in the face of censorship, to bridge funding gaps, and to make sure the organization remains steady. Support from the Octant allocations contributes to the success of all of these recent accomplishments. :grin:

Upcoming goals

  • In the next several months, likely Q1 and Q2 of 2024, we anticipate wrapping up the second phase of the Arti client’s development, which was funded by Zcash Community Grants (here’s a recent update on that progress). ZCG will have supported us taking a huge step to modernize Tor, and when were are done with this phase, our funding from Zcash Community Grants will be over. From there, we’ll move our entire Network team over to writing Arti and begin development of relay implementations in Arti. We’re getting closer and closer to Arti replacing the C implementation and your support is helping us get there.

  • We’re getting closer to our goal of sharing a beta testing version of the upcoming Tor VPN application! Stay tuned.

  • We’re rebuilding our donate.torproject.org page. This has been a pain point for a long time, and we look forward to making it easier to support the Tor Project.

  • We continue working on trainings and user research in the global south. We just launched the Privacy Resilience Grants call for proposals. Through this program, we aim to support organizations in MENA and East Africa that will work with their local communitys on Tor and digital security. These grants will also allow folks to run user research about Tor tools to help us improve the usability for their communities.

  • We started the process of deprecating Tor’s old bridge distribution system and plan to have everything moved to the new system by Q2 of 2024.

  • We have been working on improving censorship circumvention methods in China, Tibet, and Hong Kong. In the next several months we are also going to be focusing on responding to censorship events in Turkmenistan.

  • In the last year we have been talking directly with Tor relay operators to improve agreements in the community as well as ways to be sure the network remains healthy, and we will be continuing that effort in 2024.

Other funding

Individual donations

Right now the Tor Project is conducting our year-end fundraising campaign. This is when we raise the most money from indivudal donors each year and is important time for us to reach our budget goals. This year, a group of donors contributed to a matching pool of $75,000: Double your donation now! All gifts matched 1:1, up to $75,000 | The Tor Project. We have successfully reached that match!

Grants

Since September, we have:

  • Participated in Gitcoin Grants 19 (specifics tbd)

  • Applied for grants from some private foundations (responses pending)

More information

During this period we published our financial transparency report, which you can read here: Transparency, Openness, and Our 2021-2022 Financials | The Tor Project.

What to know more?

The Tor Project recently streamed our annual event, State of the Onion, where we shared what’s been happening over the last year with our tools and what we’re looking forward to accomplishing in the next year. You can watch the recording of the stream here: https://www.youtube.com/watch?v=hdFL0kXu440.

1 Like
4

Hi Al, really awesome update! Thanks for sharing and diving into the details with your update. I’m excited for what’s coming up in The Tor Project.

1 Like
5

Recent accomplishments

I’m very excited to share our updates from the last Epoch. We’ve been able to accomplish a lot with your support!

Launched election internet freedom monitoring project

censorshiplead
censorshiplead940×529 18.2 KB

This year, with more than 65 elections happening around the world, Internet freedom may be at risk. Some organizations have called it the Year of Democracy. Simultaneously, there is a rising concern that during these many electoral processes, governments in certain parts of the world will block access to the Internet in their countries. Governments may also censor media outlets, persecute and harass journalists, and block social media platforms and messaging apps.

In this context, the Tor Project has developed a project to monitor global elections, detect Internet censorship taking place during these elections, support Internet users so they can bypass this censorship by using Tor, and document these incidents.

So far, we’ve monitored elections in Pakistan, Belarus, and this weekend are monitoring the internet during elections in Russia.

  • Belarus: No internet censorship detected during the election

  • Pakistan: Site blocking, full internet outages, and blocking of VPNs detected

  • Russia: Happening now, March 15-17

→ Read more about defending internet freedom in 2024

Introduced Webtunnel, a new type of censorship circumvention mechanism

The Tor Project’s Anti-Censorship Team has officially announced the release of WebTunnel, a new type of Tor bridge designed to assist users in heavily censored regions to connect to the Tor network.

The development of different types of bridges are crucial for making Tor more resilient against censorship and stay ahead of adversaries in the highly dynamic and ever-changing censorship landscape. This is especially true as we’re going through the 2024 global election megacycle.

WebTunnel is a censorship-resistant pluggable transport designed to mimic encrypted web traffic (HTTPS) inspired by HTTPT. It works by wrapping the payload connection into a WebSocket-like HTTPS connection, appearing to network observers as an ordinary HTTPS (WebSocket) connection. So, for an onlooker without the knowledge of the hidden path, it just looks like a regular HTTP connection to a webpage server giving the impression that the user is simply browsing the web.

→ Read more about how Webtunnel empowers censorship circumvention

Launched Tor Postbox, a testimony hub featuring stories from Tor users worldwide!

image
image940×529 53.2 KB

Tor Postbox is a collection of anonymous user stories submitted by people who rely on Tor to protect their privacy and anonymity. We designed this resource to support individuals and organizations who are advocating to defend encryption and privacy-enhancing technology, as well as to better demonstrate Tor’s impact.

We encourage you to share their experiences with your network, friends and family, or as part of your work to promote the use of privacy-preserving technologies like Tor and help us defend strong online protections.

Here’s one example of the stories on the Postbox hub:

Encryption is privacy, as simple as that. Privacy should be the default, giving away information should be the exception. We should never wonder “do I have something to hide, do I have a reason to not give this information?” This way of thinking is extremely unhealthy. The only real question we should ask ourselves is “do I have a good reason to share this personal information?”

You can watch the Tor Postbox launch event, here: https://www.youtube.com/watch?v=-K8ki7zBArs, in this video you will hear from digital rights advocates, journalists and other online privacy experts as they share insights on outreach, advocacy, challenges in 2024, and their vision for the future of digital rights.

Launch event features:

  • Cecilia Maundu, OSS Community Mobilizer & Sustainability Coordinator, Internews

  • Mahsa Alimardani, Internet Researcher, ARTICLE19

  • Donncha Ó Cearbhaill, Head of Security Lab, Amnesty Tech

  • Andrew Fishman, Investigative Journalist, The Intercept Brasil

  • Pavel Zoneff, Director of Communications, Tor Project (moderator)

Recent releases

  • Tor Browser 13.0.11 (March 6): This is an emergency release which updates our the domain fronting configuration for the Snowflake pluggable transport and the moat connection to the rdsys backend used by the censorship circumvention system.

  • Arti 1.2.0 (March 4): With this release of Arti, trying out onion services should be a smoother experience. We have fixed a number of bugs and security issues, and have made the onion-service-service feature non-experimental.

  • Tor Browser 13.0.10 (Feb 20): This release updates Firefox to 115.8.0esr, OpenSSL to 3.0.13, zlib to 1.3.1, and Snowflake to 2.9.0. It also includes various bug fixes.

  • Arti 1.1.13 (Feb 5): This release fixed some important bugs. We’ve also been doing a lot of work on storage of persistent state, and cryptographic keys, to support proper expiry of obsolete keys, and deletion of state for no-longer-required onion services.

  • Tor Browser 13.0.9 (Jan 22): This release updates Firefox to 115.7.0esr and Snowflake to 2.8.1. It also includes various bug fixes.

  • Arti 1.1.12 (Jan 9): With this release, it’s finally possible to run onion services for testing and experimentation. There are a lot of rough edges and missing security features, so we don’t (yet) recommend Arti onion services for production use, or for any purpose that requires privacy.

Impact of funding from Octant Epoch 2

Very few of our projects are 100% funded by grants. That means we need unrestricted funding to be flexible in the face of censorship, to bridge funding gaps, and to make sure the organization remains steady.

:partying_face: In particular, Octant allocations have helped make possible our work to monitor and respond to internet censorship during elections—which is currently not funded by any grant. :tada:

Upcoming goals

These goals published during the Epoch 1 update remain relevant.

  • In the next several months, likely Q1 and Q2 of 2024, we anticipate wrapping up the second phase of the Arti client’s development, which was funded by Zcash Community Grants (here’s a recent update on that progress). ZCG will have supported us taking a huge step to modernize Tor, and when were are done with this phase, our funding from Zcash Community Grants will be over. From there, we’ll move our entire Network team over to writing Arti and begin development of relay implementations in Arti. We’re getting closer and closer to Arti replacing the C implementation and your support is helping us get there. → This Epoch, we completed our first milestone!

  • We’re getting closer to our goal of sharing a beta testing version of the upcoming Tor VPN application! Stay tuned.

  • We’re rebuilding our donate.torproject.org page. This has been a pain point for a long time, and we look forward to making it easier to support the Tor Project. → We’ve made a lot of progress this Epoch and can’t wait for it to be live!

  • We continue working on trainings and user research in the global south. We just launched the Privacy Resilience Grants call for proposals. Through this program, we aim to support organizations in MENA and East Africa that will work with their local communitys on Tor and digital security. These grants will also allow folks to run user research about Tor tools to help us improve the usability for their communities.

  • We started the process of deprecating Tor’s old bridge distribution system and plan to have everything moved to the new system by Q2 of 2024. → Our first milestones were completed during this Epoch, and we’re making great progress!

  • We have been working on improving censorship circumvention methods in China, Tibet, and Hong Kong. In the next several months we are also going to be focusing on responding to censorship events in Turkmenistan. → See the Webtunnel release above!

  • In the last year we have been talking directly with Tor relay operators to improve agreements in the community as well as ways to be sure the network remains healthy, and we will be continuing that effort in 2024.

Other funding

Individual donations

During Epoch 1, the Tor Project our year-end fundraising campaign. This is when we raise the most money from individual donors each year and is important time for us to reach our budget goals. You can read a analysis of this campaign and how we will spend the money raised during this time on our blog.

Grants

  • No new awarded grants this period
  • Many grants in the pipeline for applications
1 Like
6

Participation in Epoch 4

We were disappointed not to reach the threshold for Epoch 3 funding, but excited for the many opportunities it made possible for other projects! We’re still very happy to participate in Octant and its community and looking forward to the many evolution of the process—with impact at the heart of it all.

The Tor Project achievements since the previous Octant Epoch

  • Hosted a Tor community day in Lisbon, Portgual at the Universidade NOVA de Lisbon, which was an opportunity for community members and the public to connect and discuss all things related to Tor.

  • Released the final results of a code audit for our censorship circumvention tools. Since 2021, the Tor Project has been working on a project entitled “Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & Tibet,” which aimed at improving the use of Tor in the China region. In January 2024 we contracted Cure53 to audit all the code that was changed or created during this project. The security audit helps uncover vulnerabilities produced through these changes in the software. We are happy to report that all the vulnerabilities that were uncovered have already been mitigated.

  • Spoke about public goods and Tor at Funding the Commons in Berkeley, California. We shared the reflections of a public goods project that has received flexible funding from projects like Gitcoin and Octant, and how those funds have had a huge impact on solving real-world problems.

Updates on previously published goals

  • We’re getting even closer to our goal of sharing a beta testing version of the upcoming Tor VPN application! Stay tuned.

  • We’re rebuilding our donate.torproject.org page. This has been a pain point for a long time, and we look forward to making it easier to support the Tor Project. → We’re now anticipating a public launch in August!

  • We continue working on trainings and user research in the global south. We just launched the Privacy Resilience Grants call for proposals. Through this program, we aim to support organizations in MENA and East Africa that will work with their local communities on Tor and digital security. These grants will also allow folks to run user research about Tor tools to help us improve the usability for their communities. → Grantees were chosen and we’ve begun the process of onboarding incoming Tor trainers.

  • We started the process of deprecating Tor’s old bridge distribution system and plan to have everything moved to the new system by Q2 of 2024. → We’re almost ready to deploy this system!

  • We have been working on improving censorship circumvention methods in China, Tibet, and Hong Kong. In the next several months we are also going to be focusing on responding to censorship events in Turkmenistan. → See update about code audit for censorship circumvention tools above!

  • In the last year we have been talking directly with Tor relay operators to improve agreements in the community as well as ways to be sure the network remains healthy, and we will be continuing that effort in 2024. → We held a variety of important conversations with relay operators in Lisbon in May, 2024, the outcome of which advances our goals of establishing community-built agreements and codes of conduct.

Impact of funding from Octant Epoch 3

We did not receive funding from this round.

Thanks for considering Tor for Epoch 4! :purple_heart: :onion:

1 Like
7

The Tor Project Epoch 4 Updates

  • Total Funds Received from Octant so far: 80.9696 ETH
  • Funds Spent: 80.9696 ETH
  • Detailed Utilization: We have claimed Octant funds on three occasions Nov 02, 2023, Jan 31, 2024, and Jul 29, 2024 and have spent those funds on personnel (e.g., salaries and benefits) + infrastructure (e.g., servers)

Milestones and Deliverables

The following Milestones are long-term goals of the Tor Project. The unrestricted funding of Octant goes towards work on these Milestones. None of these milestones have been completed during this period, but they are a good way to track incremental progress of our work and the best way to adapt to this new form of reporting retroactively.

For future Epochs, we have proposed goals that are more granular.

  • Milestone 1: Improve the health of the Tor network

    • Description: Continuing our work over the last several years, we are working to better defend the network against denial of service attacks, build community with relay operators, and make scalability improvements to the network.
    • Immediate Outcome: All users have a safe, stable experience on the Tor network.
    • Funding Used: See note below.

  • Milestone 2: Write an implementation of Tor in Rust (“Arti”)

    • Description: The current Tor implementation bears the signs of age. We’re on year two of the project to write a Rust implementation of the Tor protocols called “Arti,” built from the ground up for flexible embedding, easy maintenance, and good performance.
    • Immediate Outcome: Tor is faster, safer, and easier to embed in third-party products and services.
    • Funding Used: See note below.

  • Milestone 3: Build community through training & user support

    • Description: We’ve integrated UX research, feedback collection, & digital security training into a combined program through which we reach a diverse audience of human rights defenders in the Global South in countries where censorship and surveillance threaten their work.
    • Immediate Outcome: Users who need Tor for safety, security, and privacy in adverse conditions have the support they need from the Tor Project.
    • Funding Used: See note below.

  • Milestone 4: Track censorship and improve circumvention

    • Description: Tor is widely used for censorship circumvention. Many repressive governments block access to Tor. We track that censorship, work to improve existing mechanisms of circumvention, and make adjustments to those circumvention tools when censorship methods change.
    • Immediate Outcome: Users in places where the Tor network is censored as less negatively impacted by this censorship.
    • Funding Used: See note below.

  • Milestone 5: Increase Tor availability where it’s needed most

    • Description: Part of making Tor easy to use is localizing our tools in languages spoken where censorship is severe. We prioritize localizing our tools and creating relevant support, outreach, and marketing materials in those languages.
    • Immediate Outcome: Everybody who needs Tor can use our tools in the languages that are most relevant to them.
    • Funding Used: See note below.

Note regarding “funding used:” as an organization with ~15 ongoing grants and 60+ staff who work on projects in an overlapping way, tracking which precise piece of Octant’s unrestricted funding was spent on each of these milestones would be impractical; therefore, we do not have the “amount spent” per milestone figure. If this is considered required reporting in the future, we would need to establish that before the funds are distributed, not retroactively.

Challenges

  • Previous Challenges: Need for unrestricted funding.
    • Description: The Tor Project’s funding typically comes in the form of project-specific grants and contracts. Project-specific grants are excellent for stability, but have limitations that make agile development and rapid response to changing internet censorship/surveillance very difficult. In order to better respond to some of the most difficult problems in the internet censorship and privacy space, we need to raise more unrestricted funding.
    • Updates: We’ve had some good success in the last year engaging new donors and grantmakers who make unrestricted donations. We have also hired two new staff. (See bottom section of the report.)
    • Resolution: Despite progress, this is an ongoing challenge.
    • Lessons Learned: Educating donor communities about the importance of unrestricted gifts is key! Folks are eager to help and want to know how their donations can make a difference to an organization. We’ve seen that this approach is helping grantmakers and individuals understand how to make impactful unrestricted donations.

Outputs and Outcomes

Outputs

(Note, we did not receive funding from Epoch 3, so the following are Outputs since Epoch 2 ended.)

  • Output 1: Tor Browser 13.0.15 through Tor Browser 13.5.2 released.
  • Output 2: Arti 1.2.3 through Arti 1.2.6 released.
  • Output 3: Gave talk at DEF CON 32 about Measuring the Tor network + held Tor booth

Short-term Outcomes:

  • Outcome 1: Tor Browser for Android users can navigate Tor network connection settings more easily. This comes as a result of changes we’ve released for Tor Browser for Android’s connection experience. The secondary outcome of this change is that we are now well positioned to improve the automatic censorship circumvention options in Tor Browser for Android.

  • Outcome 2: Tor Browser for desktop users can customize the experience of certain privacy settings more easily. This comes as a result of the Tor Browser for desktop’s improved letterboxing and associated settings.

  • Outcome 3: Tor Browser users can more easily circumvent censorship with bridges. This comes as a result of a series of refinements coming to Connection Settings that make it easier to find working bridges and manage multiple bridges within the browser.

  • Outcome 4: Tor Browser users can more easily understand onion site errors. This is the result of implementing a simplified design of onion site errors.

  • Outcome 5: Users and developers using Arti to run an onion service are now able to harden their onion services against guard discovery attacks, making anything using Arti + onion services + Vanguards safer for users. This is a result of the release of Vanguards for Arti, a defense against guard discovery attacks targeting onion services and onion service clients. The C version of Tor already supported Vanguards, but we have now added it to the Rust version of Tor.

  • Outcome 6: Increased in connection to supporters, users, and relay operators in real life after connecting with the community at DEF CON.

Long-term Outcomes:

  • Outcome 1: Tor Browser users on mobile and desktop are able to exercise their human right to privacy with fewer usability challenges.

  • Outcome 2: Tor Browser users on mobile and desktop are able to exercise their human right to access information with less friction related to network-level censorship.

  • Outcome 3: Arti is closer to being a full replacement to the c version of Tor. Arti replacing the current implementation of Tor will make Tor faster, safer, easier to maintain, and easier to implement in third-party tools.

Metrics for Outcomes:

  • Tor Browser is downloaded ~75,000x per day
  • Top 10 countries by relay users at any given time:
    • United States 365698 (18.23 %)
    • Germany 227302 (11.33 %)
    • Finland 115458 (5.76 %)
    • Republic of Korea 104116 (5.19 %)
    • India 84035 (4.19 %)
    • Netherlands 65516 (3.27 %)
    • Indonesia 64056 (3.19 %)
    • United Kingdom 53536 (2.67 %)
    • France 50647 (2.53 %)
    • Canada 43025 (2.15 %)
  • Top 10 countries by bridge users at any given time::
    • Russia 46566 (39.29 %)
    • Iran 21387 (18.04 %)
    • United States 11655 (9.83 %)
    • Germany 4028 (3.40 %)
    • France 2639 (2.23 %)
    • China 2470 (2.08 %)
    • United Kingdom 2416 (2.04 %)
    • Netherlands 2231 (1.88 %)
    • India 1524 (1.29 %)
    • Poland 1315 (1.11 %)
  • 900+ user-submitted stories in Tor stories survey
    • “I’m using Tor for accessing the internet freely. I need it because in my country internet is censored. Tor is free and multi platform. Im using it on [my] Android phone, on my Macbook and Windows desktop everywhere… Tor does not have any alternatives and VPN services are not working properly in my country or are not free and I don’t have any payment methods for paying the cost of them.” – Anonymous Tor user
    • “The Internet certainly wouldn’t be as free without Tor.” – Anonymous Tor user
    • “I’m a political activist, part of a semi-criminalized minority… Only by using anonymizing means, among which Tor is key, can I get my message out. Tor allows me freedom to publish my message to the world without being personally persecuted for it.” – Anonymous Tor user

Plans for Potential Funds Raised in the Next Octant Allocation Window

Regarding funding needed: Right now, as an organization with ~15 ongoing grants and 60+ staff who work on projects in an overlapping way, most of the goals below are partially funded by one or more grants, and the gaps in funding are covered by unrestricted funding, like that raised through Octant allocations. In total, we have roughly $1.4M left to raise for the 2024-2025 fiscal year.

Improve the health of the Tor network

  • Goal 1:

    • Description: Implement approved proposals for code of conduct, policies and agreements for relay operators

    • Expected Outcome: Relay operators have clear community governance documents and agreements for participating in the network

    • Funding Need: See note below.

  • Goal 2:

    • Description: Update documentation on the threat model for the Tor network

    • Expected Outcome: Publicly available documentation for the threat model of the Tor network is published for all users and developers to reference

    • Funding Need: See note below.

- Goal 3

  • Description: Develop a tool to detect relays lying about their bandwidth capacity
  • Expected outcome: We can more easily detect relays lying about their bandwidth capacity, address if this is malicious behavior, and suggest removal from the network as necessary
  • Funding Need: See note below.

- Goal 4

  • Description: Deploy new metrics portal (https://metrics.torproject.org), which is used for downloading and visualizing data collected about the network
  • Expected outcome: The new metrics portal is out for testing with users
  • Funding Need: See note below.

- Goal 5

  • Description: Build mechanisms to annotate, understand, tag and follow relays to document their behavior and churn on the network
  • Expected outcome: A system that we can use to follow and understand relay behavior
  • Funding Need: See note below.

Write an implementation of Tor in Rust (“Arti”)

- Goal 6:

  • Description: Implement support for RPC in Arti
  • Expected outcome: Allow remote applications to control a remote Arti process via a non-Rust interface in addition to the public Arti Rust API
  • Funding Need: See note below.

Build community through training & user support

Goal 7:

  • Expected outcome: We have documented evidence of internet censorship and censorship against the Tor network during elections held this year
  • Funding Need: See note below.

Goal 8:

  • Description: Continue outreach with Tor communities
  • Expected outcome: We have held relay operator monthly meetups and attended Global Gathering, FIFAFrica, and CCC.
  • Funding Need: See note below.

Goal 9:

  • Description: Conduct digital safety training in MENA region
  • Expected outcome: Users in the MENA region have increased digital safety skills
  • Funding Need: See note below.

Track censorship and improve circumvention

Goal 10:

  • Description: Deprecate the legacy project bridgeDB, the system that currently handles distributing bridges to users
  • Expected outcome: The replacement version of the bridge distribution system, rdsys, is the new tool use for distributing bridges
  • Funding Need: See note below.

Goal 11:

  • Description: Add manifest V3 support for snowflake webextension
  • Expected outcome: The Snowflake webextension, which allows users to run a Snowflake bridge in their browser, continues working when Chrome drops support for manifest V2.
  • Funding Need: See note below.

Goal 12:

  • Description: Improve support for unreliable networks
  • Expected outcome: Expected outcome: Snowflake becomes more stable and faster in networks with high UDP packet loss like mainland China.
  • Funding Need: See note below.

Goal 13:

  • Description: Add support for and test Snowflake and obfs4 pluggable transports in OnionMasq. OnionMasq is an experimental tunnel interface for Arti.
  • Expected outcome: OnionMasq can use these pluggable transports and offer this kind of censorship circumvention in Arti
  • Funding Need: See note below.

Increase Tor availability and usability where it’s needed most

Goal 14:

  • Description: Hire a new User Research Coordinator (filling an existing role)
  • Expected outcome: We have made an offer to a User Research Coordinator who can pick up our planned user research work
  • Funding Need: See note below.

Goal 15:

  • Description: Onboard new Product Designer (filling an existing role)
  • Expected outcome: We have onboarded our new Product Designer who will be able to pick up our planned product design work
  • Funding Need: See note below.

Goal 16

  • Description: Localize user support documents in Farsi
  • Expected outcome: Users in Farsi-speaking countries will be able to use Tor tools more easily because our support documentation is available in their language
  • Funding Need: See note below.

Continue tool maintenance and fundraising

Goal 17:

  • Description: General Tor Browser maintenance work that ensures continuous improvement for security and user experience.
  • Expected outcome: Monthly security, maintenance, and bug fix updates, Tor Browser for Android code improvements for maintainability and parity with Tor Browser for desktop, Bug Bounty Program - tor.browser.org security feedback, OpenH264 Build Reproducibility
  • Funding Need: See note below.

Raise funds for the Tor Project

Goal 18:

  • Expected outcome: Donation web infrastructure that is easier to maintain and modify and is easier to use for donors
  • Funding Need: See note below.

Goal 19:

  • Expected outcome: Users will be able to search for and share content from the Tor Project blog
  • Funding Need: See note below.

Goal 20:

  • Description: Execution of the Tor Project’s annual fundraising campaign
  • Expected outcome: Raise approx. ~$600K+ from individual donors through a comprehensive annual fundraising effort
  • Funding Need: See note below.

Regarding funding needed: Right now, as an organization with ~15 ongoing grants and 60+ staff who work on projects in an overlapping way, most of the projects that contain the goals above are partially funded by one or multiple grants, and the gaps in funding are covered by unrestricted funding, like that raised through Octant allocations. In total, we have roughly $1.4M left to raise for the 2024-2025 fiscal year.

Other Funding

  • Grant Funding Received Since the Last Epoch:
  • Other Non-Grant Funding Sources:
    • Individual donations
    • Corporate donations and/or memberships

Future Plans for Financial Sustainability

In order to increase our unrestricted funding, we have increased our Fundraising team from two people to four people this year.

The first new position for the Tor Project, Individual Giving Manager, will be focused exclusively on cultivating the 6,000+ donors who give below $1000 every year. Before now, very little attention has been paid to this donor group outside of one fundraising campaign per year due to capacity limitations. With the Individual Giving Manager designing and executing a strategy focused on keeping these donors onboard and increasing their gifts over time, we’re increasing our investment in raising unrestricted funds.

The second position is that of Grant Writer, who will be responsible for increasing our grant writing capacity and allowing the Director of Fundraising to focus on other opportunities for unrestricted funding, including gifts from corporations, major donors, and private foundations that make unrestricted gifts.

Increased unrestricted funding from these fundraising efforts will take several years to come to fruition, so it’s important that we invest in them now.

2 Likes
8

@smith.a Thanks for the update and for all the hard work+time you put in to it!
Great to see how Octant funds have been used to support your key projects. A few things really stand out:

  • Tor Network Health: defending against denial-of-service attacks and improve scalability. I’m curious, do you feel like the defense against DoS will be a forever battle or is it possible to eventually mitigate this entirely?
  • Arti in Rust: exciting to see the development of Arti
  • Community Building: I love how you’re integrating UX research, user feedback, and digital security training to support human rights defenders.

Appreciate the update, keep up the awesome work, and thanks for everything the Tor team is doing to help protect online privacy :slight_smile:

9

Hi @mat7ias, great question and thanks for the feedback!

  • Tor Network Health: defending against denial-of-service attacks and improve scalability. I’m curious, do you feel like the defense against DoS will be a forever battle or is it possible to eventually mitigate this entirely?

From my perspective on a very high level, denial of service attacks are something almost every piece of internet infrastructure is working to defend against, and bad actors are advancing their tactics as quickly as mitigations can be put into place. We’re not alone in this fight!

Where we’re unique is that we don’t use mitigations that depend on de-anonymizing users. This is against the grain and requires implementing research-validated solutions that center anonymity.

In the last couple of years we’ve made some really great progress with the time and funds to dedicate to solving this problem, like implementing proof-of-work defenses for onion services. We knew pow was a viable solution to this problem for several years, but didn’t have the capacity to implement it. Unrestricted funds raised by a group of dedicated Tor supporters made this work possible.

So I think the answer to your question is that this may be an ongoing challenge, but being able to address tech debt and having the support to implement new features really reduces the negative impact such attacks can have now and in the future.

  • Arti in Rust: exciting to see the development of Arti

We’re really excited about this too. I can’t wait to see more and more apps / services integrate Arti and offer Tor protections to their users.

  • Community Building: I love how you’re integrating UX research, user feedback, and digital security training to support human rights defenders.

We’re seeing more and more success as we build on the community progress we’ve made so far. Check out this in-depth analysis by a third party research group on our research / feedback / training approach for more about the effectiveness and what we aim to improve in the future: https://blog.torproject.org/furthering-our-mission-in-the-global-south/

1 Like
10

Update on Epoch 5 goals

Improve the health of the Tor network

  • Goal 1: COMPLETE

  • Goal 2: COMPLETE

    • Description: Update documentation on the threat model for the Tor network
    • Expected Outcome: Publicly available documentation for the threat model of the Tor network is published for all users and developers to reference
    • Update Dec 2024: * During this period we completed the documentation for the threat model for the Tor network, including user-facing explanations for relay operators. It is published in Tor’s community portal: Tor Project | Threat Model

  • Goal 3: COMPLETE

    • Description: Develop a tool to detect relays lying about their bandwidth capacity

    • Expected outcome: We can more easily detect relays lying about their bandwidth capacity, address if this is malicious behavior, and suggest removal from the network as necessary

    • Update Dec 2024: We implemented a bandwidth inflation detection tool, that has helped us detect group of relays that were inflating their bandwidth.

  • Goal 4: IN PROGRESS

    • Description: Deploy new metrics portal (https://metrics.torproject.org), which is used for downloading and visualizing data collected about the network

    • Expected outcome: The new metrics portal is out for testing with users

    • Update Dec 2024: During this period, we initiated the design of the website structure and made significant progress on the development of the data pipeline. This pipeline will aggregate Tor network data to generate the graphs featured on the portal.

  • Goal 5: COMPLETE

    • Description: Build mechanisms to annotate, understand, tag and follow relays to document their behavior and churn on the network

    • Expected outcome: A system that we can use to follow and understand relay behavior

    • Update Dec 2024: We have implemented a web application designed to tag and annotate relays, providing a valuable tool for gaining insights into our relay community. This web app allows us to label relays with specific attributes and add detailed annotations, making it easier to track changes and understand our community.

Write an implementation of Tor in Rust (“Arti”)

  • Goal 6: COMPLETE

    • Description: Implement support for RPC in Arti

    • Expected outcome: Allow remote applications to control a remote Arti process via a non-Rust interface in addition to the public Arti Rust API

    • Update Dec 2024: The team has continued working on RPC support in Arti’s Rust layer. Testing of the interface using Python has started to ensure that external library developers can build applications that interacts with the RPC layer of Arti. We are continuously getting feedback internally and externally from other developers who are interested in using the RPC layer: Arti 1.3.1 is released: onion services, RPC, relay development, and more | The Tor Project

Build community through training & user support

Goal 9: IN PROCESS

  • Description: Conduct digital safety training in MENA region

  • Expected outcome: Users in the MENA region have increased digital safety skills

  • Update Dec 2024:

    • Tor Community Team organized a training session with Tahrir Institute of Middle East Policy (TIMEP).
    • Organized Tor training sessions and training of trainers with digital security trainers and human rights defenders in Senegal, Togo, Malawi, Gambia, Mozambique.
    • Tor Community Team launched the new round of Privacy Resilience Grants.

Track censorship and improve circumvention

Goal 10: COMPLETE

  • Description: Deprecate the legacy project bridgeDB, the system that currently handles distributing bridges to users

  • Expected outcome: The replacement version of the bridge distribution system, rdsys, is the new tool use for distributing bridges

  • Update Dec 2024:

Goal 11: COMPLETE

  • Description: Add manifest V3 support for snowflake webextension

  • Expected outcome: The Snowflake webextension, which allows users to run a Snowflake bridge in their browser, continues working when Chrome drops support for manifest V2.

  • Update Dec 2024:

    • Moving to a manifest V3 was a challenge as some of the APIs we relay on didn’t exist in V3. But we redesigned the Snowflake webextension to use the APIs available in manifest V3 (using a offscreen webpage to be able to keep the webrtc connection alive).

    • The migration has been a success, and all Chrome extensions have been migrated without users needing to do anything.

Goal 12: IN PROGRESS

Goal 13: COMPLETE

  • Description: Add support for and test Snowflake and obfs4 pluggable transports in OnionMasq. OnionMasq is an experimental tunnel interface for Arti.

  • Expected outcome: OnionMasq can use these pluggable transports and offer this kind of censorship circumvention in Arti

  • Update Dec 2024:

    • Support for obfs4 and Snowflake integration is done and working now, but the team continues to ensure that changes internally in OnionMasq does not break support of these Pluggable Transports. The team is currently working on building integration tests to ensure that these systems remains stable and functional over time.

Increase Tor availability and usability where it’s needed most

Goal 14: COMPLETE

  • Description: Hire a new User Research Coordinator (filling an existing role)

  • Expected outcome: We have made an offer to a User Research Coordinator who can pick up our planned user research work

  • Update Dec 2024: After a long hiring process, we hired a new User Research Coordinator that will start work this month (December 2024).

Goal 15: COMPLETE

  • Description: Onboard new Product Designer (filling an existing role)

  • Expected outcome: We have onboarded our new Product Designer who will be able to pick up our planned product design work

  • Update Dec 2024: We hired a Product Designer and successfully onborded her. She is dedicated to Tor Browser Desktop and Android design work.

Goal 16: COMPLETE

  • Description: Localize user support documents in Farsi

  • Expected outcome: Users in Farsi-speaking countries will be able to use Tor tools more easily because our support documentation is available in their language

  • Update Dec 2024: * During this period we hired a new Farsi-speaking User Support Specialist that will start to work with us in December 2024.

Continue tool maintenance and fundraising

Goal 17: COMPLETE

  • Description: General Tor Browser maintenance work that ensures continuous improvement for security and user experience.

  • Expected outcome: Monthly security, maintenance, and bug fix updates, Tor Browser for Android code improvements for maintainability and parity with Tor Browser for desktop, Bug Bounty Program - tor.browser.org security feedback, OpenH264 Build Reproducibility

  • Update Dec 2024: We continued our monthly maintenance work. For Tor Browser Android we have converged the Tor backends between Desktop and Android, and this allowed us to easily implement “New Circuit” for this site functionality on Android in the 14.0 release. Our security expert continues to hold the line on the security mailing list o7 , and OpenH264 reproducibility is on hold at the moment. See: New Release: Tor Browser 14.0 | The Tor Project

Raise funds for the Tor Project

Goal 18: COMPLETE

  • Description: Deploy a new version of the Tor Project’s donate page (https://donate.torproject.org)

  • Expected outcome: Donation web infrastructure that is easier to maintain and modify and is easier to use for donors

  • Update Dec 2024: In this period we designed, developed and deployed a new donate page. This new site is made with django so it is more maintainable than the legacy version. It is easier to maintain and for our fundraising team to update.

Goal 19: IN PROGRESS

  • Description: Improve search and sharing content from the Tor Project’s blog (https://blog.torproject.org)

  • Expected outcome: Users will be able to search for and share content from the Tor Project blog

  • Update Dec 2024: During this period, we have been working on adding a button to the blog pages so users can share its content to the social networks where Tor has a presence. We are also working on a search form to search through the sites.

Goal 20: IN PROGRESS

  • Description: Execution of the Tor Project’s annual fundraising campaign

  • Expected outcome: Raise approx. ~$600K+ from individual donors through a comprehensive annual fundraising effort

  • Update Dec 2024: During this period we launched the fundraising campaign and it is on track to meet our goals by the end of December 2024.