January 2019 - tor-project - lists.torproject.org

Are there countries where using Tor is illegal?
by Cristian Consonni 11 May '25

11 May '25

Hi, (Sorry if this question has already been asked in the past, feel free to point me to the relevant resources.) I know that the legal FAQs by the EFF state that: «we believe that running a Tor relay — including an exit relay that allows people to anonymously send and receive traffic — is legal under U.S. law.»[1] I also know there is a list of countries for which there is legislation that exclude communication service providers from liability. They are indicated in the Legal of the Tor Exit Guidelines page[2], they are USA, Germany, Netherlands, Austria, France, and Sweden. >From some articles in the press[3a][3b] it may be illegal - depending on how you interpret the wording[*] - to use Tor (and other technologies such as VPNs or proxies) in the UAE, with fines ranging in the millions of dirhams (hundreds of thousand of dollars). A couple of weeks ago it was discussed - on this list as well - that a law was introduced to the state parliament to ban Tor[4a][4b]. This follows a case of some months ago of a Russian Tor exit node operator being arrested for inciting mass riots and terrorism[4c][4d]. The idea of blocking VPNs or Tor seems to have already been considered in the past[4e]. This infographic about pluggable transports[5] suggests access to the Tor network is censored or limited in China, Uzbekistan, Iran, and Kazakhstan. Tor being censored orblocked may be different from it being illegal. What about other countries? Is there a place where I can find more about this topic? Cristian [1]: https://www.torproject.org/eff/tor-legal-faq.html.en [2]: https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines [3a]: http://www.emirates247.com/news/emirates/dh500-000-fine-if-you-use-fraud-ip… [3b]: http://news.softpedia.com/news/people-caught-using-vpns-tor-or-proxies-in-t… [*]: «Whoever uses a fraudulent computer network protocol address (IP address) by using a false address or a third-party address by any other means for the purpose of committing a crime or preventing its discovery» [4a]: https://lists.torproject.org/pipermail/tor-talk/2017-June/043293.html [4b]: https://trac.torproject.org/projects/tor/ticket/22055 [4c]: https://lists.torproject.org/pipermail/tor-talk/2017-April/043109.html [4d]: https://techcrunch.com/2017/04/24/dmitry-bogatov-tor-russia/ [4e]; https://torrentfreak.com/vpn-and-tor-ban-looming-on-the-horizon-for-russia-… [5]: https://www.torproject.org/images/PT/2016-07-how-to-use-PT.png

4 3

Roadmap for hypothetical network health team
by Roger Dingledine 29 Aug '19

29 Aug '19

Here is an area list for a hypothetical future "network health" team. I say hypothetical because we have no near-term plans to form such a team -- but imo the task areas make sense together. Some of them are being handled by other teams right now, but some of them aren't getting as much attention as they need. (1) track community standards about what makes a good relay - publish up-to-date expectations for relay operators - set best practices for how to set relay families - detect and resolve bad relays - exitmap, sybil detection, hsdir traps (2) anomaly analysis / network health engineer [with network team] - establish baselines of expected network behavior - look for and resolve denial of service issues - track connectivity issues between relays - look for relays hitting resource limits (3) make sure usage/growth stats are collected and accurate - track network performance, relay diversity by various metrics - count users [with network team and metrics team] - monitor bridge growth and usage [with censorship team] (4) relay advocacy [with community team] - maintain docs for setting up and running relays and bridges - grow a cohesive community of relay operators so they have peers - keep relays on the right tor versions - relaunch a gamification / badge system for lauding good relay progress - strengthen relationships with non-profit orgs that run relays - help companies that want to offset their tor network load (5) maintain the components of the network - maintain directory authority relationships - keep bandwidth authorities working (including setting the right balance between speed and location diversity) - have enough tor browser default bridges, and keep them running smoothly [with censorship team] - update the fallbackdirs list

3 2

Problems fetching Debian package archive signing key (0xEE8CBC9E886DDD89)
by Matthew Finkel 22 Feb '19

22 Feb '19

Hi All, Someone reported difficulty with retrieving 0xEE8CBC9E886DDD89 from the key servers. It seems this is only affecting some of the keyservers (but I don't know which ones because load-balancing). I was able to reproduce it, but not consistently. $ gpg --recv-key A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 gpg: packet(13) too large gpg: read_block: read error: Invalid packet gpg: no valid OpenPGP data found. gpg: Total number processed: 0 This error seems suspiciously similar to this sks-keyserver bug[0]. If anyone has any ideas of how we should troubleshoot or fix this, that'd be helpful. - Matt [0] https://bitbucket.org/skskeyserver/sks-keyserver/issues/57

4 5

announcing the next Tor Meeting location....
by Alison Macrina 04 Feb '19

04 Feb '19

We're excited to meet and hack with the Tor community in Athens, Greece in May 2019! The meeting planners are working on finalizing the precise dates and people for the invite-only portion of the meeting, but the open days will be held 18-19 May. Mark your calendars! Alison -- Alison Macrina Community Team Lead The Tor Project

3 3

Two new open jobs at Tor Project!
by Erin Wyatt 31 Jan '19

31 Jan '19

Hey everyone! We have two new open positions. Please help us spread the word! + Browser Developer https://www.torproject.org/about/jobs-browserdeveloper.html.en + Backend Engineer for OONI https://www.torproject.org/about/jobs-backenddeveloper.html.en Both job descriptions are attached in PDF and plain text format, and both are pasted below. Please share, forward, tweet, etc! Thank you! Have a great weekend. Cheers, Erin Wyatt Director of People and Office Operations ewyatt(a)torproject.org PGP: 35E7 2A9F 6655 45F9 2CB6 6624 BA0C 9400 F80F 91CE ———————————>8———————————>8———————————>8 Internet Freedom Nonprofit Seeks Backend Engineer for OONI The Tor Project, Inc. is looking for a dedicated backend engineer to work on OONI (https://ooni.torproject.org/) OONI is the Open Observatory of Network Interference: a free and open source software, global observation network for detecting censorship, surveillance, and traffic manipulation on the internet. You will be working to improve OONI’s data processing pipeline and other backend components responsible for recording measurements collected from our growing global user network. You will also be tasked with improving our network measurement methodologies and data analysis heuristics to increase the accuracy of our experiments. This is a full-time 12-month contract position, starting ASAP (no later than mid-May 2019); contract may be extended. The OONI team is based in Europe. However, this position may be performed remotely. Here are some of our code repositories: https://github.com/ooni/api https://github.com/ooni/pipeline https://github.com/ooni/orchestra https://github.com/ooni/collector https://github.com/ooni/sysadmin Required skills and qualifications: - Extensive experience in python or golang. - Comfortable working remotely. - Self-directed, self-disciplined, but good at working and communicating with a team. - Have experience and be comfortable with others reviewing your code and design; have experience and be comfortable reviewing others’ code. - Experience documenting and designing protocols. - Be comfortable with transparency! Preferred qualifications: - Experience designing, implementing, and maintaining scalable complex network applications. - Working experience with data processing pipelines. - Possess the confidence to refactor code and write unit-tests. - Familiarity with the challenges of developing and scaling data processing pipelines. - Familiarity with the network measurement field. - Experience with open-source software development, including working with distributed teams across different time-zones containing employees and volunteers of differing skill levels. - Basic familiarity with distributed version control systems. - Contributed significant chunks of code to multiple open-source projects in the past. - Be passionate about internet freedom and interested in contributing to it in a concrete way! Other notes: Academic degrees are great but not required if you have the right experience. You should be very good at working remotely at communicating with the team on a daily basis via Slack, IRC, instant messaging, email, and issue trackers. Salary negotiable. How to apply: Please email a *PDF* of your resume/CV, and a cover letter explaining how your qualifications and experience meet the requirements of this job description. Please include the reasons why you want to work on OONI. Please also include link to one or several code samples (of which you are authorized to share), and also your GitHub or GitLab profile, and three professional references. Email should be sent to jobs at openobservatory dot org with "OONI Backend Engineer" in the subject line. About the project: The Open Observatory of Network Interference (OONI) is a free software project under the Tor Project. OONI collects and processes network measurements with the aim of detecting network interferences, such as censorship, surveillance, and traffic manipulation. Since late 2012, OONI has collected millions of measurements across more than 90 countries around the world. The Tor Project, Inc., is a 501(c)(3) non-profit organization that provides the technical infrastructure for privacy protection over the Internet. With paid staff and contractors of around 30 technologists and operational support people, plus many volunteers all over the world who contribute to our work, the Tor Project is funded in part by government grants and contracts, as well as by individual, foundation, and corporate donations. We only write free and open source software, and we don't believe in software patents. The Tor Project, Inc., is an equal opportunity, affirmative action employer. ———————————>8———————————>8———————————>8 The Tor Project is looking for a Browser Developer (C++ and Javascript) As a browser developer, your job would be to work closely with other members of the Tor Browser development team on C++ patches to our Firefox-based browser, writing new APIs, altering functionality for privacy and security, and making improvements to our collection of Firefox add-ons (JavaScript code). Being a Tor Browser developer includes triaging, diagnosing, and fixing bugs; looking for and resolving web privacy issues; responding on short notice to urgent security issues; and working collaboratively with coworkers and volunteers to implement new features and web behavior changes. We also need help making our code more maintainable, testable, and mergeable by upstream. The person in this position will also review other people's code, designs, and academic research papers to make suggestions for improvement. This is a full-time position. Required Qualifications: - Experience in C++ (and ideally, JavaScript). Five years of C++ experience is probably necessary for the level of expertise we want, though some of these years can be replaced with other Object Oriented Programming and/or C experience. If you meet this level of experience with C++/OOP, JavaScript can be learned on the job. - Possess a solid understanding of issues surrounding secure C++ programming and reference counted memory (at least to the level of avoiding issues). - Be comfortable diving into new, unfamiliar codebases, looking for ways to alter and augment their functionality in specific, goal-oriented ways. - Be familiar with web technologies and how the web works, especially the same-origin model and web tracking. - Willingness and ability to justify and document technical decisions for a public, world-wide technical audience. - Be comfortable working remotely with a geographically distributed team. - Experience interacting with users and other developers online, including experience being confronted with differing ideas and opinions (not always in a nice manner), while maintaining a high level of professionalism. - Comfort with transparency: as a non-profit organization who develops open source software, almost everything we do is public, including your name (or at least your business name) and possibly salary information. Preferred qualifications: - Familiarity and/or experience with writing add-ons and/or patches for Mozilla Firefox or other web browsers. - Familiarity with compiling software for the Android platform. - Familiarity with browser fingerprinting defenses - Familiarity with Firefox's internal architecture, including its use of multiple processes and sandboxing. - Be intensely creative yet also ruthlessly pragmatic in your thinking. - Possess knowledge/familiarity of probability, statistics, and information theory. - Know enough about networking to be able to visualize what HTTP 1.1 looks like on the wire while encapsulated within Tor's network protocol. - Experience working with distributed (remote) teams across different time-zones with people of differing skill levels over multiple mediums, including email, instant messaging, and IRC. - Open-source experience: contributed significant chunks of code to multiple open-source projects in the past. - Familiarity with distributed version control systems, including Git. - Familiarity with rust - Genuinely be excited about Tor and its values! - Willingness and ability to travel internationally to twice-yearly team meetings (strongly preferred). For a more detailed understanding of the full breadth and depth of the work you'd be doing, have a look at The Design and Implementation of the Tor Browser, especially The Design Requirements section at https://www.torproject.org/projects/torbrowser/design/#DesignRequirements. Academic degrees are great, but not required if you have the right experience! The team coordinates via IRC, email, and bug trackers. This position may be performed remotely, but we would be happy to provide a desk at our office in Seattle, Washington. Salary negotiable. We have a competitive benefits package, including a generous PTO policy; 14 paid holidays per year (US; including the week between Christmas and New Year's, when the office is closed); health, vision, dental, disability, and life insurance; flexible work schedule; and occasional travel opportunities. To apply: Please email a *PDF* of your resume/CV, and a cover letter explaining how your qualifications and experience meet the requirements of this job description. Please include the reasons why you want to work at Tor Project, and include links to code samples, if possible. Email should be sent to job-browser at torproject.org with "Browser Developer" in the subject line. Link to at least one of your code samples (ideally, more than one and all of which we will presume you are authorized to disclose). No phone calls, please! About the Organization: The Tor Project, Inc., is a 501(c)(3) non-profit organization that provides the technical infrastructure for privacy protection over the Internet. With paid staff and contractors of around 30 technologists and operational support people, plus many volunteers all over the world who contribute to our work, the Tor Project is funded in part by government grants and contracts, as well as by individual, foundation, and corporate donations. We only write free and open source software, and we don't believe in software patents. The Tor Project, Inc., is an equal opportunity, affirmative action employer.

1 0

Damian's Status Report - January 2019
by Damian Johnson 30 Jan '19

30 Jan '19

Hi lovely onion enthusiasts! Here's my status report for the Nyx and Stem fronts this last month... https://blog.atagar.com/january2019/

1 0

Tor Browser team meeting notes, 28 Jan 2019
by Georg Koppen 29 Jan '19

29 Jan '19

Hi, Yesterday we had our first weekly meeting adhering to the new meeting time and location. For those following along at home: from now on we ,meet 1830UTC on Mondays in #tor-meeting2, as the meeting time usually overlaps with the network team meeting in #tor-meeting. That said our IRC log got covered by MeetBot as usual and is available at: http://meetbot.debian.net/tor-meeting2/2019/tor-meeting2.2019-01-28-18.29.l… Meeting notes from the pad are below: Monday January 28, 2019 Discussion - planning for next mobile release (GeKo: We try to have TBA-a3 out by end of Feb, otherwise it's getting too close for the proposed 8.5 stable release date) mcs and brade: Last week: - Code reviews. - Revisited #28885 (notify users that update is downloading). - Worked on proposal for #28044 (Integrate Tor Launcher into tor-browser). - Experimented some more. - Draft proposal is nearly ready to share with the team. This week: - Publish draft proposal for #28044 (Integrate Tor Launcher into tor-browser). - Work on #29180 (MAR download stalls when about dialog is opened). - Revisit #28885 (notify users that update is downloading). GeKo: Last week: - release preparations - code reviews (#28885, #27828, #29097, #29143, #12885, #29178, #26858, #27531, #28705) - dealing with last minute release blockers (#29185, #29182, #29179) - wrote patch for #29187 - continued working on mingw-w64/clang toolchain and Firefox build (#28716 and #28238) - started to get back to emails (sorry, tjr, did not get to yours but they are on top of the stack now) - helped with various proposals and sponsor reports (nlnet, otf, sponsor8) - sysrqb: sisbell: see comment:14 https://bugzilla.mozilla.org/show_bug.cgi?id=1516642 (I am still thinking about what to reply, but we might want to do that outside of that particular bug anyway) - sysrqb: (okay, it's only bold here) ack. i wish following m-c was easier.VV - I got inspired over the weekend (and by the discussion on tbb-dev) and started to look at our updater security. I am in the process of going over the code and writing a state-of-the-tor browser-update document. It's a spare time project, so no big promises so far. Folks interested might enjoy the recent-ish audit of the firefox updater: https://bugzilla.mozilla.org/attachment.cgi?id=8985197 mcs: where is the tbb-dev discussion? I missed it somehow. (GeKo: I meant https://lists.torproject.org/pipermail/tbb-dev/2018-December/000934.html ff.) This week: - release preparations - further work on mingw-w64/clang toolchchain - getting back Torbutton integration into tor-browser (#10760) - trying to figure out #29185 - more emails - more reviews pospeselr: Last week: - code reviews ( #29082, #21805 ) - #25658 work (security settings) This week: - get a #25658 patch up for review boklm: Last week: - reviewed: #28618 #27597 #27503 - reopened and fixed #29097 (https-everywhere make.sh explicitly depends on missing python 3.6) - updated patch for #29143 (fix build of obfs4 in nightly builds) - made patches for: - #29158 (Add fix for DSA 4371-1 (apt vulnerability)) - #29181 (Make it possible to force rebuild of debootstrap-image) - #29178 (Don't build master of goxcrypto, goxnet, uniuri and go-webrtc) - helped build the new releases This week: - help with publishing the new releases - Try to find some fix for #29158 for wheezy-i686 (GeKo: I think the right thing to do here is not wasting too much time on finding a workaround for that but fix #26323) - continue work on testsuite - make patch for #29183 (We are using linux i686 langpacks in the linux x86_64 builds) - work on #25623 (Disable network during build) - work on #26323 (Build 32bit Linux bundles on 64bit systems) - some reviews: #28716, #28803 sysrqb: Last week: - 28705 and 28814 (Downloading crash, and allow installing another apk within TB) - Investigated mobile build failure after backporting patch - More of new bootstrapping UI (#28329) - but still not complete This week: - TBA release - Hopefully complete 28329 branch - Maybe fastlane igt0: Last week: - Updated #25764 tablet layout - Rebased #25764 on top of master - Reviewed more tor button tickets This week: - Send #25764 to review - More TBA alpha tickets pili: - Roadmapping - OTF Proposal (warnings/notifications & new identity) - NLNet ESR proposal - GSoC investigation sisbell: Last week: - Did testing of integrated TOPL.OrbotService code, various bug fixes and improvements. Everything now working correctly. - Opened 10+ issues on TOPL project (GitHub). These are for the changes we need for integration. This Week: - Finish TOPL commits to project (by tomorrow latest) and do pull request - Create new GitHub project with modified OrbotService - Fork Orbit project, integrating TOPL and the OrbotService - If time, start on tor-browser-build Georg

1 0

Notes from January 24 2019 Vegas team meeting
by Karsten Loesing 26 Jan '19

26 Jan '19

Notes for January 24 2019 meeting: Nick: 1) Prepping for hackweek 2) Need to meet with metrics team at hackweek; Gaba is making sure it happens. 3) 0.4.0.1-alpha is out. TBB folks, please let us know if you see any tbb-needs stuff. (GeKo: right now only #28614 and related tickets come to mind) 4) With the Brussels hackweek coming up, this is a good time to remind people about expenses. Let's talk about Sue's Harvest proposal? Gaba: 1) Coordinating for hackweek (metrics and network teams and 1 person from anti-censorship team) 2) Finished sponsor 8 Q4 report Arturo: 1) Launched the revamped OONI Probe mobile app! https://ooni.torproject.org/post/revamped-ooni-probe-mobile-app/ 2) Published an OONI Year in review blog post: https://ooni.torproject.org/post/ooni-in-2018/ 3) Published a research report on censorship in Zimbabwe: https://ooni.torproject.org/post/zimbabwe-protests-social-media-blocking-20… 4) Working on the OONI Explorer country pages 5) Going to publish a job posting for the OONI Backend engineer position Georg: 1) Preparing new Tor Browser releases (8.0.5 and 8.5a7); work on our next big Tor Browser for Android milestone Steph: 1) Edited copy for a beautiful new brochure 2) Strategizing with Isa 3) Upcoming posts: TPL, year in review/looking fwd 4) We will share a booth with fossasia at FOSDEM, Gaba taking from here 5) Press inquiries. 6) Creating new Tor stories survey Alison: 1) Finishing up new outreach brochures with comms and UX 2) Doing LFI recruitment and curriculum development 3) Much of the community team is prepping for sponsor9 travel Sarah: 1) Sending thank you emails with 2018 giving totals to monthly givers 2) Working with Al and grants team on NLnet proposals 3) Helping respond to OTF questions 4) Meeting with Isa and Jon about optimizing donation flow 5) Planning changes to the donation page for major donor program, monthly giving program, and cryptocurrency donations Antonela: 1) Wrapping outreach material, content was reviewed by comms and is ready for emmapeel to start the localization workflow. I'm still working with covers and back posters. 2) Reviewing tpo.org, tpo.org/about, tpo.org/download on staging with Hiro. 3) Working on OONI Country pages with Elio. We are running user testing with Explorer users this week, coordinated by Maria. 4) Working on Q12019 user research documents with Caroline Sinders 5) Alon will work on illustrations for tpo.org. He will join us at our regular open meetings. 6) I was a reviewer for the Spanish localization for the Pluggable Transports guide. 7) Reviewing OTF UX proposal 8) Fosdem Talk and Roger slides are in progress. Sue: 1) Working with auditors to finalize Financial Audit 2) Working with Sida Auditors for definitions required for Attestation Audit 3) Working with DRL Auditors on 2016 findings 4) Working on various payroll/pension items for International Payroll compliance Pili: 1) Team Roadmap reviews 2) S8 Report wrap up 3) Gettor handover meeting 4) More GSoC "investigation" isabela: 1) getting ready for Board meeting tomorrow (Friday Jan 25th) 2) reviewing reports (sponsor 8 and rose foundation) 3) reviewing proposals (NLnet, DRL, OTF) 4) synced with Steph on the 'there is no dark web strategy' 5) getting ready for all things w/ sida for next week Roger: 1) I'm getting back up to speed after health issues. I'm mostly answering and writing emails as usual. If you need something from me, let me know (with a fresh reminder I mean). Erin: 1) general hr stuff 2) anti-censorship team announcement will go out today Karsten: 1) Prepared metrics-web patch that will switch from Ant to Java-only for running the daily updater. This is the first step in reusing code between modules and simplify operation. 2) Worked more on last remaining Sponsor 13 report. 3) Preparing for Brussels next week. Mike: 1) Working on vanguards 2) Prepping for network team meeting

1 0

December 2018 User Feedback Summary
by Maggie 25 Jan '19

25 Jan '19

Hey, friends! Welcome to the December 2018 user feedback report. For more information on what users and community members were talking about this month, check out the December 2018/January 2019 User Feedback pad [1]. TL;DR: There were a bunch of releases this month, and lots of user bug reports in the blog post comments. Reddit was about the same as always (with a focus on VPN and fingerprinting questions), and RT brought in a lot of questions about bridges and TBA. - Confusion about using a VPN with Tor continues to be common on Reddit and RT. I'm hoping that these questions will be addressed by the Tor v. VPN guide I'm writing up for the support portal, which will incorporate some of the information that pastly previously posted [2]. - People (especially Reddit users) have lots of questions about whether certain actions will allow them to be fingerprinted. I think we could address some of this with an expanded FAQ entry, and potentially by linking to EFF's Panopticlick [3] so that users can experiment with their settings themselves. - Tor is still broken for screen readers. This is a high priority fix, not only because this issue may prevent users with impaired vision from using Tor, but also because the issue interferes with our commitment to making Tor easy to use for everyone. Now, on to the feedback! Scroll further down to see a summary of Reddit posts, some points from Google Play Store reviews, a list of the most common Stack Exchange tags from the month, and a collection of some notable issues and bugs mentioned by users in December. --- Most common questions on Reddit: - How can I hide the fact that I'm using Tor; or, should I use a VPN together with Tor? - (these questions appear all the time, and will be addressed in a Tor v. VPN doc I'm working on for the support portal.) - Will doing _____ allow me to be fingerprinted? --- TBA Reviews & Feedback on Google Play Store: The average review score is currently 4.2. Reviews are a mix of people who are very excited to be able to use Tor on their mobile, people who are getting 'proxy server' errors, and people who are upset that it's slower than their usual browser. I will continue to investigate the reported 'proxy server' errors through related RT tickets. Users are also experiencing crashes on certain Android devices when attempting to download a file using TBA. --- Most common stack exchange tags: tor-browser-bundle: 12 this month configuration: 8 this month help: 5 this month orbot: 5 this month --- Notable bugs, fixes, & issues: #27503 [4] - Disabling accessibility on Windows breaks screen readers - OPEN (NEEDS INFORMATION) #28720 [5] - NoScript blocks certain videos starting with 10.1.9.2rc2 on security level "safer" - CLOSED - FIXED #28874 [6] - https://browserleaks.com/webgl crashes tab on 64bit Tor Browser for Windows - CLOSED - FIXED #28836 [7] - Links on about:tor are not clickable anymore on Windows starting with 8.5a5 - OPEN - NEEDS REVIEW #28705 [8] - Tor Browser on Android is crashing on newer Android devices (>= Android N) by file download - OPEN - NEEDS REVISION #29043 [9] - NoScript freezes the browser when scripts are enabled (TB 8.5a6) - OPEN #29032 [10] - Tor Browser 8.0.4 stops displaying text correctly in Virtualbox on Windows - OPEN --- That's it for the month of December! In the interest of keeping things short(ish), I've left out some other feedback. If you want to know more, please do check out the December 2018/January 2019 User Feedback pad [1] or reach out to me via email (waywardwyrd at riseup dot net) or IRC (wayward). Thanks for reading! I'll see you all back here next month! - wayward (Maggie) pronouns: she/they | twitter: @meochaidha <https://www.twitter.com/meochaidha> pgp: 0626 9C68 D0CC 1A5B E41B 72F2 615E B878 975C 4CDC ------ Annotations: 1. https://storm.torproject.org/shared/u4ch1acnksyrZD2Zu8_ODT2l_Va8iMPgqWQU41g… 2. https://matt.traudt.xyz/posts/vpn-tor-not-mRikAa4h.html 3. https://panopticlick.eff.org/ 4. https://trac.torproject.org/projects/tor/ticket/27503 5. https://trac.torproject.org/projects/tor/ticket/28720 6. https://trac.torproject.org/projects/tor/ticket/28874 7. https://trac.torproject.org/projects/tor/ticket/28836 8. https://trac.torproject.org/projects/tor/ticket/28705 9. https://trac.torproject.org/projects/tor/ticket/29043 10. https://trac.torproject.org/projects/tor/ticket/29032

2 1

Initial roadmap for the anti-censorship team
by Roger Dingledine 24 Jan '19

24 Jan '19

Here is an early brainstorming list of the scope for our future anti-censorship team. Let us know if we left out a critical category. And of course once we have actual team members I expect they will take this initial roadmap and do something even smarter than this list. :) (1) BridgeDB: - Automated monitoring - Understand current usage patterns, consider improving the design Don't get obfs4 bridges blocked by other transports (#28655) (2) Pluggable Transports: - Improve the PT interface with Tor, to pass logs etc (#25502) [with network team] - Tor Browser can use other circumvention tools as proxies (#28556) [with browser team] - Specific PTs: Maintain obfs4proxy (like fixing the iat bug that let Kazakhstan block it) Snowflake Httpsproxy Marionette Domain front through community sites - Talk to research groups to keep in touch about their PT research work (3) Improve Tor user experience for users in censored / crappy networks: - Gettor: automated monitoring and automated updates. Improve UX. - Understanding and reducing client time to bootstrap [with network team] and other parameters that are tuned poorly for slow networks (4) Understand Tor censorship: - Tor Browser network testing mode (#23839, #28531) [with browser team] - Reachability scanning for the default (shipped in Tor Browser) bridges [with ooni] - Understand bridge load and bridge blocking (e.g. fix user counting bugs that are making our Turkey count wrong) [with network / metrics teams] (5) Help users use bridges: - Help NGOs get their users on bridges (#28015, #28526) - Tor Browser *automates* picking the right PTs [with browser team] (6) Community outreach and integration: [with community team] - [Initial list of outreach partner NGOs elided for now, since some of them have opsec needs to keep their people safe]

9 10