The Tor Project Epoch 4 Updates

• Total Funds Received from Octant so far: 80.9696 ETH
• Funds Spent: 80.9696 ETH
• Detailed Utilization: We have claimed Octant funds on three occasions Nov 02, 2023, Jan 31, 2024, and Jul 29, 2024 and have spent those funds on personnel (e.g., salaries and benefits) + infrastructure (e.g., servers)

Milestones and Deliverables

The following Milestones are long-term goals of the Tor Project. The unrestricted funding of Octant goes towards work on these Milestones. None of these milestones have been completed during this period, but they are a good way to track incremental progress of our work and the best way to adapt to this new form of reporting retroactively.

For future Epochs, we have proposed goals that are more granular.

• Milestone 1: Improve the health of the Tor network

  • Description: Continuing our work over the last several years, we are working to better defend the network against denial of service attacks, build community with relay operators, and make scalability improvements to the network.
  • Immediate Outcome: All users have a safe, stable experience on the Tor network.
  • Funding Used: See note below.

• Milestone 2: Write an implementation of Tor in Rust (“Arti”)

  • Description: The current Tor implementation bears the signs of age. We’re on year two of the project to write a Rust implementation of the Tor protocols called “Arti,” built from the ground up for flexible embedding, easy maintenance, and good performance.
  • Immediate Outcome: Tor is faster, safer, and easier to embed in third-party products and services.
  • Funding Used: See note below.

• Milestone 3: Build community through training & user support

  • Description: We’ve integrated UX research, feedback collection, & digital security training into a combined program through which we reach a diverse audience of human rights defenders in the Global South in countries where censorship and surveillance threaten their work.
  • Immediate Outcome: Users who need Tor for safety, security, and privacy in adverse conditions have the support they need from the Tor Project.
  • Funding Used: See note below.

• Milestone 4: Track censorship and improve circumvention

  • Description: Tor is widely used for censorship circumvention. Many repressive governments block access to Tor. We track that censorship, work to improve existing mechanisms of circumvention, and make adjustments to those circumvention tools when censorship methods change.
  • Immediate Outcome: Users in places where the Tor network is censored as less negatively impacted by this censorship.
  • Funding Used: See note below.

• Milestone 5: Increase Tor availability where it’s needed most

  • Description: Part of making Tor easy to use is localizing our tools in languages spoken where censorship is severe. We prioritize localizing our tools and creating relevant support, outreach, and marketing materials in those languages.
  • Immediate Outcome: Everybody who needs Tor can use our tools in the languages that are most relevant to them.
  • Funding Used: See note below.

Note regarding “funding used:” as an organization with ~15 ongoing grants and 60+ staff who work on projects in an overlapping way, tracking which precise piece of Octant’s unrestricted funding was spent on each of these milestones would be impractical; therefore, we do not have the “amount spent” per milestone figure. If this is considered required reporting in the future, we would need to establish that before the funds are distributed, not retroactively.

• Karma GAP: https://gap.karmahq.xyz/project/tor-project

Challenges

• Previous Challenges: Need for unrestricted funding.
  • Description: The Tor Project’s funding typically comes in the form of project-specific grants and contracts. Project-specific grants are excellent for stability, but have limitations that make agile development and rapid response to changing internet censorship/surveillance very difficult. In order to better respond to some of the most difficult problems in the internet censorship and privacy space, we need to raise more unrestricted funding.
  • Updates: We’ve had some good success in the last year engaging new donors and grantmakers who make unrestricted donations. We have also hired two new staff. (See bottom section of the report.)
  • Resolution: Despite progress, this is an ongoing challenge.
  • Lessons Learned: Educating donor communities about the importance of unrestricted gifts is key! Folks are eager to help and want to know how their donations can make a difference to an organization. We’ve seen that this approach is helping grantmakers and individuals understand how to make impactful unrestricted donations.

Outputs and Outcomes

Outputs

(Note, we did not receive funding from Epoch 3, so the following are Outputs since Epoch 2 ended.)

• Output 1: Tor Browser 13.0.15 through Tor Browser 13.5.2 released.
• Output 2: Arti 1.2.3 through Arti 1.2.6 released.
• Output 3: Gave talk at DEF CON 32 about Measuring the Tor network + held Tor booth

Short-term Outcomes:

• Outcome 1: Tor Browser for Android users can navigate Tor network connection settings more easily. This comes as a result of changes we’ve released for Tor Browser for Android’s connection experience. The secondary outcome of this change is that we are now well positioned to improve the automatic censorship circumvention options in Tor Browser for Android.

• Outcome 2: Tor Browser for desktop users can customize the experience of certain privacy settings more easily. This comes as a result of the Tor Browser for desktop’s improved letterboxing and associated settings.

• Outcome 3: Tor Browser users can more easily circumvent censorship with bridges. This comes as a result of a series of refinements coming to Connection Settings that make it easier to find working bridges and manage multiple bridges within the browser.

• Outcome 4: Tor Browser users can more easily understand onion site errors. This is the result of implementing a simplified design of onion site errors.

• Outcome 5: Users and developers using Arti to run an onion service are now able to harden their onion services against guard discovery attacks, making anything using Arti + onion services + Vanguards safer for users. This is a result of the release of Vanguards for Arti, a defense against guard discovery attacks targeting onion services and onion service clients. The C version of Tor already supported Vanguards, but we have now added it to the Rust version of Tor.

• Outcome 6: Increased in connection to supporters, users, and relay operators in real life after connecting with the community at DEF CON.

Long-term Outcomes:

• Outcome 1: Tor Browser users on mobile and desktop are able to exercise their human right to privacy with fewer usability challenges.

• Outcome 2: Tor Browser users on mobile and desktop are able to exercise their human right to access information with less friction related to network-level censorship.

• Outcome 3: Arti is closer to being a full replacement to the c version of Tor. Arti replacing the current implementation of Tor will make Tor faster, safer, easier to maintain, and easier to implement in third-party tools.

Metrics for Outcomes:

• Tor Browser is downloaded ~75,000x per day
• Top 10 countries by relay users at any given time:
  • United States 365698 (18.23 %)
  • Germany 227302 (11.33 %)
  • Finland 115458 (5.76 %)
  • Republic of Korea 104116 (5.19 %)
  • India 84035 (4.19 %)
  • Netherlands 65516 (3.27 %)
  • Indonesia 64056 (3.19 %)
  • United Kingdom 53536 (2.67 %)
  • France 50647 (2.53 %)
  • Canada 43025 (2.15 %)
• Top 10 countries by bridge users at any given time::
  • Russia 46566 (39.29 %)
  • Iran 21387 (18.04 %)
  • United States 11655 (9.83 %)
  • Germany 4028 (3.40 %)
  • France 2639 (2.23 %)
  • China 2470 (2.08 %)
  • United Kingdom 2416 (2.04 %)
  • Netherlands 2231 (1.88 %)
  • India 1524 (1.29 %)
  • Poland 1315 (1.11 %)
• 900+ user-submitted stories in Tor stories survey
  • “I’m using Tor for accessing the internet freely. I need it because in my country internet is censored. Tor is free and multi platform. Im using it on [my] Android phone, on my Macbook and Windows desktop everywhere… Tor does not have any alternatives and VPN services are not working properly in my country or are not free and I don’t have any payment methods for paying the cost of them.” – Anonymous Tor user
  • “The Internet certainly wouldn’t be as free without Tor.” – Anonymous Tor user
  • “I’m a political activist, part of a semi-criminalized minority… Only by using anonymizing means, among which Tor is key, can I get my message out. Tor allows me freedom to publish my message to the world without being personally persecuted for it.” – Anonymous Tor user

Plans for Potential Funds Raised in the Next Octant Allocation Window

Regarding funding needed: Right now, as an organization with ~15 ongoing grants and 60+ staff who work on projects in an overlapping way, most of the goals below are partially funded by one or more grants, and the gaps in funding are covered by unrestricted funding, like that raised through Octant allocations. In total, we have roughly $1.4M left to raise for the 2024-2025 fiscal year.

Improve the health of the Tor network

• Goal 1:

  • Description: Implement approved proposals for code of conduct, policies and agreements for relay operators

  • Expected Outcome: Relay operators have clear community governance documents and agreements for participating in the network

  • Funding Need: See note below.

• Goal 2:

  • Description: Update documentation on the threat model for the Tor network

  • Expected Outcome: Publicly available documentation for the threat model of the Tor network is published for all users and developers to reference

  • Funding Need: See note below.

- Goal 3

• Description: Develop a tool to detect relays lying about their bandwidth capacity

• Expected outcome: We can more easily detect relays lying about their bandwidth capacity, address if this is malicious behavior, and suggest removal from the network as necessary

• Funding Need: See note below.

- Goal 4

• Description: Deploy new metrics portal (https://metrics.torproject.org), which is used for downloading and visualizing data collected about the network

• Expected outcome: The new metrics portal is out for testing with users

• Funding Need: See note below.

- Goal 5

• Description: Build mechanisms to annotate, understand, tag and follow relays to document their behavior and churn on the network

• Expected outcome: A system that we can use to follow and understand relay behavior

• Funding Need: See note below.

Write an implementation of Tor in Rust (“Arti”)

- Goal 6:

• Description: Implement support for RPC in Arti

• Expected outcome: Allow remote applications to control a remote Arti process via a non-Rust interface in addition to the public Arti Rust API

• Funding Need: See note below.

Build community through training & user support

Goal 7:

• Description: Track internet freedom during 2024 global elections

• Expected outcome: We have documented evidence of internet censorship and censorship against the Tor network during elections held this year

• Funding Need: See note below.

Goal 8:

• Description: Continue outreach with Tor communities

• Expected outcome: We have held relay operator monthly meetups and attended Global Gathering, FIFAFrica, and CCC.

• Funding Need: See note below.

Goal 9:

• Description: Conduct digital safety training in MENA region

• Expected outcome: Users in the MENA region have increased digital safety skills

• Funding Need: See note below.

Track censorship and improve circumvention

Goal 10:

• Description: Deprecate the legacy project bridgeDB, the system that currently handles distributing bridges to users

• Expected outcome: The replacement version of the bridge distribution system, rdsys, is the new tool use for distributing bridges

• Funding Need: See note below.

Goal 11:

• Description: Add manifest V3 support for snowflake webextension

• Expected outcome: The Snowflake webextension, which allows users to run a Snowflake bridge in their browser, continues working when Chrome drops support for manifest V2.

• Funding Need: See note below.

Goal 12:

• Description: Improve support for unreliable networks

• Expected outcome: Expected outcome: Snowflake becomes more stable and faster in networks with high UDP packet loss like mainland China.

• Funding Need: See note below.

Goal 13:

• Description: Add support for and test Snowflake and obfs4 pluggable transports in OnionMasq. OnionMasq is an experimental tunnel interface for Arti.

• Expected outcome: OnionMasq can use these pluggable transports and offer this kind of censorship circumvention in Arti

• Funding Need: See note below.

Increase Tor availability and usability where it’s needed most

Goal 14:

• Description: Hire a new User Research Coordinator (filling an existing role)

• Expected outcome: We have made an offer to a User Research Coordinator who can pick up our planned user research work

• Funding Need: See note below.

Goal 15:

• Description: Onboard new Product Designer (filling an existing role)

• Expected outcome: We have onboarded our new Product Designer who will be able to pick up our planned product design work

• Funding Need: See note below.

Goal 16

• Description: Localize user support documents in Farsi

• Expected outcome: Users in Farsi-speaking countries will be able to use Tor tools more easily because our support documentation is available in their language

• Funding Need: See note below.

Continue tool maintenance and fundraising

Goal 17:

• Description: General Tor Browser maintenance work that ensures continuous improvement for security and user experience.

• Expected outcome: Monthly security, maintenance, and bug fix updates, Tor Browser for Android code improvements for maintainability and parity with Tor Browser for desktop, Bug Bounty Program - tor.browser.org security feedback, OpenH264 Build Reproducibility

• Funding Need: See note below.

Raise funds for the Tor Project

Goal 18:

• Description: Deploy a new version of the Tor Project’s donate page (https://donate.torproject.org)

• Expected outcome: Donation web infrastructure that is easier to maintain and modify and is easier to use for donors

• Funding Need: See note below.

Goal 19:

• Description: Improve search and sharing content from the Tor Project’s blog (https://blog.torproject.org)

• Expected outcome: Users will be able to search for and share content from the Tor Project blog

• Funding Need: See note below.

Goal 20:

• Description: Execution of the Tor Project’s annual fundraising campaign

• Expected outcome: Raise approx. ~$600K+ from individual donors through a comprehensive annual fundraising effort

• Funding Need: See note below.

Regarding funding needed: Right now, as an organization with ~15 ongoing grants and 60+ staff who work on projects in an overlapping way, most of the projects that contain the goals above are partially funded by one or multiple grants, and the gaps in funding are covered by unrestricted funding, like that raised through Octant allocations. In total, we have roughly $1.4M left to raise for the 2024-2025 fiscal year.

Other Funding

• Grant Funding Received Since the Last Epoch:
  • New grant from Open Society Foundation
  • New grant from Open Sats
• Other Non-Grant Funding Sources:
  • Individual donations
  • Corporate donations and/or memberships

Future Plans for Financial Sustainability

In order to increase our unrestricted funding, we have increased our Fundraising team from two people to four people this year.

The first new position for the Tor Project, Individual Giving Manager, will be focused exclusively on cultivating the 6,000+ donors who give below $1000 every year. Before now, very little attention has been paid to this donor group outside of one fundraising campaign per year due to capacity limitations. With the Individual Giving Manager designing and executing a strategy focused on keeping these donors onboard and increasing their gifts over time, we’re increasing our investment in raising unrestricted funds.

The second position is that of Grant Writer, who will be responsible for increasing our grant writing capacity and allowing the Director of Fundraising to focus on other opportunities for unrestricted funding, including gifts from corporations, major donors, and private foundations that make unrestricted gifts.

Increased unrestricted funding from these fundraising efforts will take several years to come to fruition, so it’s important that we invest in them now.