Support all your favorite nonprofits with a single donation.

Donate safely, anonymously & monthly, in any amount. It's a smarter way to give online. Learn more
The Tor Project
Dedham, MA
givvers: emerssso + 4 others

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

The Tor Project is a 501(c)3 organization.

Latest News

Aug 24, 2016

Tor 0.2.8.7 fixes an important bug related to the ReachableAddresses option in 0.2.8.6, and replaces a retiring bridge authority. Everyone who sets the ReachableAddresses option, and all bridges, are strongly encouraged to upgrade.

You can download the source from the Tor website. Packages should be available over the next week or so.

Below is a list of changes since 0.2.8.6.

Changes in version 0.2.8.7 - 2016-08-24

  • Directory authority changes:
    • The "Tonga" bridge authority has been retired; the new bridge authority is "Bifroest". Closes tickets 19728 and 19690.
  • Major bugfixes (client, security):
    • Only use the ReachableAddresses option to restrict the first hop in a path. In earlier versions of 0.2.8.x, it would apply to every hop in the path, with a possible degradation in anonymity for anyone using an uncommon ReachableAddress setting. Fixes bug 19973; bugfix on 0.2.8.2-alpha.
  • Minor features (geoip):
    • Update geoip and geoip6 to the August 2 2016 Maxmind GeoLite2 Country database.
  • Minor bugfixes (compilation):
    • Remove an inappropriate "inline" in tortls.c that was causing warnings on older versions of GCC. Fixes bug 19903; bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (fallback directories):
    • Avoid logging a NULL string pointer when loading fallback directory information. Fixes bug 19947; bugfix on 0.2.4.7-alpha and 0.2.8.1-alpha. Report and patch by "rubiate".

Aug 24, 2016

Tor 0.2.9.2-alpha continues development of the 0.2.9 series with several new features and bugfixes. It also includes an important authority update and an important bugfix from 0.2.8.7. Everyone who sets the ReachableAddresses option, and all bridges, are strongly encouraged to upgrade to 0.2.8.7, or to 0.2.9.2-alpha.

You can download the source from the usual place on the website.
Packages should be available over the next several days. Remember
to check the signatures!

Please note: This is an alpha release. You should only try this one if you are interested in tracking Tor development, testing new features, making sure that Tor still builds on unusual platforms, or generally trying to hunt down bugs. If you want a stable experience, please stick to the stable releases.

Below are the changes since 0.2.9.1-alpha.

Changes in version 0.2.9.2-alpha - 2016-08-24

  • Directory authority changes (also in 0.2.8.7):
    • The "Tonga" bridge authority has been retired; the new bridge authority is "Bifroest". Closes tickets 19728 and 19690.
  • Major bugfixes (client, security, also in 0.2.8.7):
    • Only use the ReachableAddresses option to restrict the first hop in a path. In earlier versions of 0.2.8.x, it would apply to every hop in the path, with a possible degradation in anonymity for anyone using an uncommon ReachableAddress setting. Fixes bug 19973; bugfix on 0.2.8.2-alpha.

 

  • Major features (user interface):
    • Tor now supports the ability to declare options deprecated, so that we can recommend that people stop using them. Previously, this was done in an ad-hoc way. Closes ticket 19820.
  • Major bugfixes (directory downloads):
    • Avoid resetting download status for consensuses hourly, since we already have another, smarter retry mechanism. Fixes bug 8625; bugfix on 0.2.0.9-alpha.
  • Minor features (config):
    • Warn users when descriptor and port addresses are inconsistent. Mitigates bug 13953; patch by teor.
  • Minor features (geoip):
    • Update geoip and geoip6 to the August 2 2016 Maxmind GeoLite2 Country database.
  • Minor features (user interface):
    • There is a new --list-deprecated-options command-line option to list all of the deprecated options. Implemented as part of ticket 19820.
  • Minor bugfixes (code style):
    • Fix an integer signedness conversion issue in the case conversion tables. Fixes bug 19168; bugfix on 0.2.1.11-alpha.
  • Minor bugfixes (compilation):
    • Build correctly on versions of libevent2 without support for evutil_secure_rng_add_bytes(). Fixes bug 19904; bugfix on 0.2.5.4-alpha.
    • Fix a compilation warning on GCC versions before 4.6. Our ENABLE_GCC_WARNING macro used the word "warning" as an argument, when it is also required as an argument to the compiler pragma. Fixes bug 19901; bugfix on 0.2.9.1-alpha.
  • Minor bugfixes (compilation, also in 0.2.8.7):
    • Remove an inappropriate "inline" in tortls.c that was causing warnings on older versions of GCC. Fixes bug 19903; bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (fallback directories, also in 0.2.8.7):
    • Avoid logging a NULL string pointer when loading fallback directory information. Fixes bug 19947; bugfix on 0.2.4.7-alpha and 0.2.8.1-alpha. Report and patch by "rubiate".
  • Minor bugfixes (logging):
    • Log a more accurate message when we fail to dump a microdescriptor. Fixes bug 17758; bugfix on 0.2.2.8-alpha. Patch from Daniel Pinto.
  • Minor bugfixes (memory leak):
    • Fix a series of slow memory leaks related to parsing torrc files and options. Fixes bug 19466; bugfix on 0.2.1.6-alpha.
  • Deprecated features:
    • A number of DNS-cache-related sub-options for client ports are now deprecated for security reasons, and may be removed in a future version of Tor. (We believe that client-side DNS cacheing is a bad idea for anonymity, and you should not turn it on.) The options are: CacheDNS, CacheIPv4DNS, CacheIPv6DNS, UseDNSCache, UseIPv4Cache, and UseIPv6Cache.
    • A number of options are deprecated for security reasons, and may be removed in a future version of Tor. The options are: AllowDotExit, AllowInvalidNodes, AllowSingleHopCircuits, AllowSingleHopExits, ClientDNSRejectInternalAddresses, CloseHSClientCircuitsImmediatelyOnTimeout, CloseHSServiceRendCircuitsImmediatelyOnTimeout, ExcludeSingleHopRelays, FastFirstHopPK, TLSECGroup, UseNTorHandshake, and WarnUnsafeSocks.
    • The *ListenAddress options are now deprecated as unnecessary: the corresponding *Port options should be used instead. These options may someday be removed. The affected options are: ControlListenAddress, DNSListenAddress, DirListenAddress, NATDListenAddress, ORListenAddress, SocksListenAddress, and TransListenAddress.
  • Documentation:
    • Correct the IPv6 syntax in our documentation for the VirtualAddrNetworkIPv6 torrc option. Closes ticket 19743.
  • Removed code:
    • We no longer include the (dead, deprecated) bufferevent code in Tor. Closes ticket 19450. Based on a patch from U+039b.

Aug 16, 2016

Tor Browser 6.0.4 is now available from the Tor Browser Project page and also from our distribution directory.

This release finally brings Tor Browser users the latest Tor stable, 0.2.8.6, and avoids pinging Mozilla's servers for system extensions.

Pinging Mozilla's servers was responsible for users getting an extension into their Tor Browser that resulted in annoying and confusing "Your Firefox is out of date" notifications on start-up (bug 19890). Thanks to Mozilla engineers, who fixed that issue as quickly as possible on their side, the extension is not shipped to Tor Browser users anymore since August 11 13:00 UTC. This takes care of getting the add-on removed as well in case it got installed into Tor Browser (as does the fix we ship in Tor Browser 6.0.4) which should have happened/is happening during the next extension update ping. For further information see the discussion in our bug tracker.

Users that are on the alpha channel or are using the hardened Tor Browser were not affected. The same goes for Tails users as far as we know.

The full changelog since Tor Browser 6.0.3 is:

Tor Browser 6.0.4 -- August 16

  • All Platforms
    • Update Tor to 0.2.8.6
    • Update NoScript to 2.9.0.14
    • Bug 19890: Disable installation of system addons

Aug 10, 2016

At The Tor Project, we make tools that help promote and protect the essential human rights of people everywhere. We have a set of guiding principles that make that possible, but for a long time, those principles were more or less unspoken. In order to ensure that project members build a Tor that reflects the commitment to our ideals, we've taken a cue from our friends at Debian and written the Tor Social Contract -- the set of principles that show who we are and why we make Tor.

Our social contract is a set of behaviors and goals: not just the promised results we want for our community, but the ways we seek to achieve them. We want to grow Tor by supporting and advancing these guidelines in the time we are working on Tor, while taking care not to undermine them in the rest of our time.

The principles can also be used to help recognize when people's actions or intents are hurting Tor. Some of these principles are established norms; things we've been doing every day for a long time; while others are more aspirational -- but all of them are values we want to live in public, and we hope they will make our future choices easier and more open. This social contract is one of several documents that define our community standards, so if you're looking for things that aren't here (e.g. something that might be in a code of conduct) bear in mind that they might exist, in a different document.

Social goals can be complex. If there is ever tension in the application of the following principles, we will always strive to place highest priority on the safety and freedom of any who would use the fruits of our endeavors. The social contract can also help us work through such tensions -- for example, there are times when we might have a need to use tools that are not completely open (contradicting point 2) but opening them would undermine our users' safety (contradicting point 6). Using such a tool should be weighed against how much it's needed to make our technologies usable (point 1). And if we do use such a tool, we must be honest about its capabilities and limits (point 5).

Tor is not just software, but a labor of love produced by an international community of people devoted to human rights. This social contract is a promise from our internal community to the rest of the world, affirming our commitment to our beliefs. We are excited to present it to you.

1. We advance human rights by creating and deploying usable anonymity and privacy technologies.

We believe that privacy, the free exchange of ideas, and access to information are essential to free societies. Through our community standards and the code we write, we provide tools that help all people protect and advance these rights.

2. Open and transparent research and tools are key to our success.

We are committed to transparency; therefore, everything we release is open and our development happens in the open. Whenever feasible, we will continue to make our source code, binaries, and claims about them open to independent verification. In the extremely rare cases where open development would undermine the security of our users, we will be especially vigilant in our peer review by project members.

3. Our tools are free to access, use, adapt, and distribute.

The more diverse our users, the less is implied about any person by simply being a Tor user. This diversity is a fundamental goal and we aim to create tools and services anyone can access and use. Someone's ability to pay for these tools or services should not be a determining factor in their ability to access and use them. Moreover, we do not restrict access to our tools unless access is superceded by our intent to make users more secure.

We expect the code and research we publish will be reviewed and improved by many different people, and that is only possible if everyone has the ability to use, copy, modify, and redistribute this information. We also design, build, and deploy our tools without collecting identifiable information about our users.

4. We make Tor and related technologies ubiquitous through advocacy and education.

We are not just people who build software, but ambassadors for online freedom. We want everybody in the world to understand that their human rights -- particularly their rights to free speech, freedom to access information, and privacy -- can be preserved when they use the Internet. We teach people how and why to use Tor and we are always working to make our tools both more secure and more usable, which is why we use our own tools and listen to user feedback. Our vision of a more free society will not be accomplished simply behind a computer screen, and so in addition to writing good code, we also prioritize community outreach and advocacy.

5. We are honest about the capabilities and limits of Tor and related technologies.

We never intentionally mislead our users nor misrepresent the capabilities of the tools, nor the potential risks associated with using them. Every user should be free to make an informed decision about whether they should use a particular tool and how they should use it. We are responsible for accurately reporting the state of our software, and we work diligently to keep our community informed through our various communication channels.

6. We will never intentionally harm our users.

We take seriously the trust our users have placed in us. Not only will we always do our best to write good code, but it is imperative that we resist any pressure from adversaries who want to harm our users. We will never implement front doors or back doors into our projects. In our commitment to transparency, we are honest when we make errors, and we communicate with our users about our plans to improve.

Aug 08, 2016

Tor 0.2.9.1-alpha is the first alpha release in the 0.2.9 development series. It improves our support for hardened builds and compiler warnings, deploys some critical infrastructure for improvements to hidden services, includes a new timing backend that we hope to use for better support for traffic padding, makes it easier for programmers to log unexpected events, and contains other small improvements to security, correctness, and performance.

You can download the source from the usual place on the website.
Packages should be available over the next several days. Remember
to check the signatures!

Please note: This is an alpha release. You should only try this one if
you are interested in tracking Tor development, testing new features,
making sure that Tor still builds on unusual platforms, or generally
trying to hunt down bugs. If you want a stable experience, please stick to the stable releases.

Below are the changes since 0.2.8.6.

Changes in version 0.2.9.1-alpha - 2016-08-08

  • New system requirements:
    • Tor now requires Libevent version 2.0.10-stable or later. Older versions of Libevent have less efficient backends for several platforms, and lack the DNS code that we use for our server-side DNS support. This implements ticket 19554.
    • Tor now requires zlib version 1.2 or later, for security, efficiency, and (eventually) gzip support. (Back when we started, zlib 1.1 and zlib 1.0 were still found in the wild. 1.2 was released in 2003. We recommend the latest version.)
  • Major features (build, hardening):
    • Tor now builds with -ftrapv by default on compilers that support it. This option detects signed integer overflow (which C forbids), and turns it into a hard-failure. We do not apply this option to code that needs to run in constant time to avoid side-channels; instead, we use -fwrapv in that code. Closes ticket 17983.
    • When --enable-expensive-hardening is selected, stop applying the clang/gcc sanitizers to code that needs to run in constant time. Although we are aware of no introduced side-channels, we are not able to prove that there are none. Related to ticket 17983.

 

  • Major features (compilation):
    • Our big list of extra GCC warnings is now enabled by default when building with GCC (or with anything like Clang that claims to be GCC-compatible). To make all warnings into fatal compilation errors, pass --enable-fatal-warnings to configure. Closes ticket 19044.
    • Use the Autoconf macro AC_USE_SYSTEM_EXTENSIONS to automatically turn on C and POSIX extensions. (Previously, we attempted to do this on an ad hoc basis.) Closes ticket 19139.
  • Major features (directory authorities, hidden services):
    • Directory authorities can now perform the shared randomness protocol specified by proposal 250. Using this protocol, directory authorities generate a global fresh random value every day. In the future, this value will be used by hidden services to select HSDirs. This release implements the directory authority feature; the hidden service side will be implemented in the future as part of proposal 224. Resolves ticket 16943; implements proposal 250.
  • Major features (downloading, random exponential backoff):
    • When we fail to download an object from a directory service, wait for an (exponentially increasing) randomized amount of time before retrying, rather than a fixed interval as we did before. This prevents a group of Tor instances from becoming too synchronized, or a single Tor instance from becoming too predictable, in its download schedule. Closes ticket 15942.
  • Major bugfixes (exit policies):
    • Avoid disclosing exit outbound bind addresses, configured port bind addresses, and local interface addresses in relay descriptors by default under ExitPolicyRejectPrivate. Instead, only reject these (otherwise unlisted) addresses if ExitPolicyRejectLocalInterfaces is set. Fixes bug 18456; bugfix on 0.2.7.2-alpha. Patch by teor.
  • Major bugfixes (hidden service client):
    • Allow Tor clients with appropriate controllers to work with FetchHidServDescriptors set to 0. Previously, this option also disabled descriptor cache lookup, thus breaking hidden services entirely. Fixes bug 18704; bugfix on 0.2.0.20-rc. Patch by "twim".
  • Minor features (build, hardening):
    • Detect and work around a libclang_rt problem that would prevent clang from finding __mulodi4() on some 32-bit platforms, and thus keep -ftrapv from linking on those systems. Closes ticket 19079.
    • When building on a system without runtime support for the runtime hardening options, try to log a useful warning at configuration time, rather than an incomprehensible warning at link time. If expensive hardening was requested, this warning becomes an error. Closes ticket 18895.
  • Minor features (code safety):
    • In our integer-parsing functions, ensure that maxiumum value we give is no smaller than the minimum value. Closes ticket 19063; patch from U+039b.
  • Minor features (controller):
    • Implement new GETINFO queries for all downloads that use download_status_t to schedule retries. This allows controllers to examine the schedule for pending downloads. Closes ticket 19323.
    • Allow controllers to configure basic client authorization on hidden services when they create them with the ADD_ONION control command. Implements ticket 15588. Patch by "special".
    • Fire a STATUS_SERVER controller event whenever the hibernation status changes between "awake"/"soft"/"hard". Closes ticket 18685.
  • Minor features (directory authority):
    • Directory authorities now only give the Guard flag to a relay if they are also giving it the Stable flag. This change allows us to simplify path selection for clients. It should have minimal effect in practice, since >99% of Guards already have the Stable flag. Implements ticket 18624.
    • Directory authorities now write their v3-status-votes file out to disk earlier in the consensus process, so we have a record of the votes even if we abort the consensus process. Resolves ticket 19036.
  • Minor features (hidden service):
    • Stop being so strict about the payload length of "rendezvous1" cells. We used to be locked in to the "TAP" handshake length, and now we can handle better handshakes like "ntor". Resolves ticket 18998.
  • Minor features (infrastructure, time):
    • Tor now uses the operating system's monotonic timers (where available) for internal fine-grained timing. Previously we would look at the system clock, and then attempt to compensate for the clock running backwards. Closes ticket 18908.
    • Tor now includes an improved timer backend, so that we can efficiently support tens or hundreds of thousands of concurrent timers, as will be needed for some of our planned anti-traffic- analysis work. This code is based on William Ahern's "timeout.c" project, which implements a "tickless hierarchical timing wheel". Closes ticket 18365.
  • Minor features (logging):
    • Provide a more useful warning message when configured with an invalid Nickname. Closes ticket 18300; patch from "icanhasaccount".
    • When dumping unparseable router descriptors, optionally store them in separate files, named by digest, up to a configurable size limit. You can change the size limit by setting the MaxUnparseableDescSizeToLog option, and disable this feature by setting that option to 0. Closes ticket 18322.
    • Add a set of macros to check nonfatal assertions, for internal use. Migrating more of our checks to these should help us avoid needless crash bugs. Closes ticket 18613.
  • Minor features (performance):
    • Changer the "optimistic data" extension from "off by default" to "on by default". The default was ordinarily overridden by a consensus option, but when clients were bootstrapping for the first time, they would not have a consensus to get the option from. Changing this default When fetching a consensus for the first time, use optimistic data. This saves a round-trip during startup. Closes ticket 18815.
  • Minor features (relay, usability):
    • When the directory authorities refuse a bad relay's descriptor, encourage the relay operator to contact us. Many relay operators won't notice this line in their logs, but it's a win if even a few learn why we don't like what their relay was doing. Resolves ticket 18760.
  • Minor features (testing):
    • Let backtrace tests work correctly under AddressSanitizer. Fixes part of bug 18934; bugfix on 0.2.5.2-alpha.
    • Move the test-network.sh script to chutney, and modify tor's test- network.sh to call the (newer) chutney version when available. Resolves ticket 19116. Patch by teor.
    • Use the lcov convention for marking lines as unreachable, so that we don't count them when we're generating test coverage data. Update our coverage tools to understand this convention. Closes ticket 16792.
  • Minor bugfixes (bootstrap):
    • Remember the directory we fetched the consensus or previous certificates from, and use it to fetch future authority certificates. This change improves bootstrapping performance. Fixes bug 18963; bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (build):
    • The test-stem and test-network makefile targets now depend only on the tor binary that they are testing. Previously, they depended on "make all". Fixes bug 18240; bugfix on 0.2.8.2-alpha. Based on a patch from "cypherpunks".
  • Minor bugfixes (circuits):
    • Make sure extend_info_from_router() is only called on servers. Fixes bug 19639; bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (compilation):
    • When building with Clang, use a full set of GCC warnings. (Previously, we included only a subset, because of the way we detected them.) Fixes bug 19216; bugfix on 0.2.0.1-alpha.
  • Minor bugfixes (directory authority):
    • Authorities now sort the "package" lines in their votes, for ease of debugging. (They are already sorted in consensus documents.) Fixes bug 18840; bugfix on 0.2.6.3-alpha.
    • When parsing a detached signature, make sure we use the length of the digest algorithm instead of an hardcoded DIGEST256_LEN in order to avoid comparing bytes out-of-bounds with a smaller digest length such as SHA1. Fixes bug 19066; bugfix on 0.2.2.6-alpha.
  • Minor bugfixes (documentation):
    • Document the --passphrase-fd option in the tor manpage. Fixes bug 19504; bugfix on 0.2.7.3-rc.
    • Fix the description of the --passphrase-fd option in the tor-gencert manpage. The option is used to pass the number of a file descriptor to read the passphrase from, not to read the file descriptor from. Fixes bug 19505; bugfix on 0.2.0.20-alpha.
  • Minor bugfixes (ephemeral hidden service):
    • When deleting an ephemeral hidden service, close its intro points even if they are not completely open. Fixes bug 18604; bugfix on 0.2.7.1-alpha.
  • Minor bugfixes (guard selection):
    • Use a single entry guard even if the NumEntryGuards consensus parameter is not provided. Fixes bug 17688; bugfix on 0.2.5.6-alpha.
    • Don't mark guards as unreachable if connection_connect() fails. That function fails for local reasons, so it shouldn't reveal anything about the status of the guard. Fixes bug 14334; bugfix on 0.2.3.10-alpha.
  • Minor bugfixes (hidden service client):
    • Increase the minimum number of internal circuits we preemptively build from 2 to 3, so a circuit is available when a client connects to another onion service. Fixes bug 13239; bugfix on 0.1.0.1-rc.
  • Minor bugfixes (logging):
    • When logging a directory ownership mismatch, log the owning username correctly. Fixes bug 19578; bugfix on 0.2.2.29-beta.
  • Minor bugfixes (memory leaks):
    • Fix a small, uncommon memory leak that could occur when reading a truncated ed25519 key file. Fixes bug 18956; bugfix on 0.2.6.1-alpha.
  • Minor bugfixes (testing):
    • Allow clients to retry HSDirs much faster in test networks. Fixes bug 19702; bugfix on 0.2.7.1-alpha. Patch by teor.
    • Disable ASAN's detection of segmentation faults while running test_bt.sh, so that we can make sure that our own backtrace generation code works. Fixes another aspect of bug 18934; bugfix on 0.2.5.2-alpha. Patch from "cypherpunks".
    • Fix the test-network-all target on out-of-tree builds by using the correct path to the test driver script. Fixes bug 19421; bugfix on 0.2.7.3-rc.
  • Minor bugfixes (time):
    • Improve overflow checks in tv_udiff and tv_mdiff. Fixes bug 19483; bugfix on all released tor versions.
    • When computing the difference between two times in milliseconds, we now round to the nearest millisecond correctly. Previously, we could sometimes round in the wrong direction. Fixes bug 19428; bugfix on 0.2.2.2-alpha.
  • Minor bugfixes (user interface):
    • Display a more accurate number of suppressed messages in the log rate-limiter. Previously, there was a potential integer overflow in the counter. Now, if the number of messages hits a maximum, the rate-limiter doesn't count any further. Fixes bug 19435; bugfix on 0.2.4.11-alpha.
    • Fix a typo in the passphrase prompt for the ed25519 identity key. Fixes bug 19503; bugfix on 0.2.7.2-alpha.
  • Code simplification and refactoring:
    • Remove redundant declarations of the MIN macro. Closes ticket 18889.
    • Rename tor_dup_addr() to tor_addr_to_str_dup() to avoid confusion. Closes ticket 18462; patch from "icanhasaccount".
    • Split the 600-line directory_handle_command_get function into separate functions for different URL types. Closes ticket 16698.
  • Documentation:
    • Fix spelling of "--enable-tor2web-mode" in the manpage. Closes ticket 19153. Patch from "U+039b".
  • Removed features:
    • Remove support for "GET /tor/bytes.txt" DirPort request, and "GETINFO dir-usage" controller request, which were only available via a compile-time option in Tor anyway. Feature was added in 0.2.2.1-alpha. Resolves ticket 19035.
    • There is no longer a compile-time option to disable support for TransPort. (If you don't want TransPort; just don't use it.) Patch from "U+039b". Closes ticket 19449.
  • Testing:
    • Run more workqueue tests as part of "make check". These had previously been implemented, but you needed to know special command-line options to enable them.
    • We now have unit tests for our code to reject zlib "compression bombs". (Fortunately, the code works fine.)

Aug 03, 2016

Download video | view on YouTube


While Tor Browser provides many security and privacy properties and features, not everyone around the world has the luxury to connect to use it. By default, Tor Browser makes all of its users look alike by spoofing UserAgent (and other methods) to avoid fingerprinting attacks. However, it doesn't hide the fact you're connecting to Tor, an open network where anyone can get the list of relays. This network transparency has many benefits, but also has a downside: Many repressive governments and authorities benefit from blocking their users from having free and open access to the internet. They can simply get the list of Tor relays and block them. This bars millions of people from access to free information, often including those who need it most. We at Tor care about freedom of access to information and strongly oppose censorship. This is why we've developed methods to connect to the network and bypass censorship. These methods are called Pluggable Transports (PTs).

Pluggable Transports are a type of bridge to the Tor network. They take advantage of various transports and make encrypted traffic to Tor look like not-interesting or garbage traffic. Unlike normal relays, bridge information is kept secret and distributed between users via BridgeDB. If you're interested in helping censored users, you can become a bridge operator. And if you're a developer and have interesting ideas on how to make new PTs or want to contribute code, we've some good documents to get you up to speed.

And finally, if you're a censored user and want to take advantage of PTs, I've good news for you. They're already included in Tor Browser and this how-to graphic should help you configure it to bypass censorship.


How to use PTs: 1-download tor-send email to gettor@torproject.org; 2 select configure 3; check my isp blocks tor option; 4 select obfs4; 5 press connect
(download png)


And of course we didn't forget to make a gif version:


How to use PTs: 1-download tor-send email to gettor@torproject.org; 2 select configure 3; check my isp blocks tor option; 4 select obfs4; 5 press connect
(download gif)



In case you need more bridges, send an email to [email protected] or visit BridgeDB website.

At the end, I'd like to thank all anonymous contributors and Vivido Studio for making this work possible.

In solidarity,
Nima Fatemi

Aug 03, 2016

A new hardened Tor Browser release is available. It can be found in the 6.5a2-hardened distribution directory and on the download page for hardened builds.

This release features important security updates to Firefox.

In addition to the changes from Tor Browser 6.5a2, this releases integrates Selfrando. For more details about Selfrando integration in Tor Browser, see the Q and A with Georg Koppen and the Selfrando git repository.

Here is the full changelog since 6.5a1-hardened:

  • All Platforms
    • Update Firefox to 45.3.0esr
    • Update Tor to tor-0.2.8.5-rc
    • Update Torbutton to 1.9.6.1
      • Bug 19689: Use proper parent window for plugin prompt
      • Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client
      • Bug 19417: Disable asm.js (but add code to clear on New Identity if enabled)
      • Bug 19273: Improve external app launch handling and associated warnings
      • Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy
    • Update HTTPS-Everywhere to 5.2.1
    • Update NoScript to 2.9.0.12
    • Bug 17406: Include Selfrando into our hardened builds
    • Bug 19417: Disable asmjs for now
    • Bug 19715: Disable the meek-google pluggable transport option
    • Bug 19714: Remove mercurius4 obfs4 bridge
    • Bug 19585: Fix regression test for keyboard layout fingerprinting
    • Bug 19515: Tor Browser is crashing in graphics code
    • Bug 18513: Favicon requests can bypass New Identity
    • Bug 19273: Write C++ patch for external app launch handling
    • Bug 16998: Isolate preconnect requests to URL bar domain
    • Bug 18923: Add script to run all Tor Browser regression tests
    • Bug 19478: Prevent millisecond resolution leaks in File API
    • Bug 19401: Fix broken PDF download button
    • Bug 19411: Don't show update icon if a partial update failed
    • Bug 19400: Back out GCC bug workaround to avoid asmjs crash
    • Bug 19735: Switch default search engine to DuckDuckGo
    • Bug 19276: Disable Xrender due to possible performance regressions
    • Bug 19725: Remove old updater files left on disk after upgrade to 6.x
  • Build System
    • All Platforms

Aug 03, 2016

Tor Browser 6.5a2 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release updates firefox to 45.3.0esr and contains the improvements that went into Tor Browser 6.0.3. Additionally, Tor is updated to 0.2.8.5-rc, the default search engine has been switched to DuckDuckGo, resource URLs are blocked to avoid fingerprinting.

Note: Due to bug 19410, on OSX the incremental update will not be working for users who installed the previous version using the .dmg file. The internal updater should still work, though, doing a complete update.

Here is the full changelog since 6.5a1:

  • All Platforms
    • Update Firefox to 45.3.0esr
    • Update Tor to tor-0.2.8.5-rc
    • Update Torbutton to 1.9.6.1
      • Bug 19689: Use proper parent window for plugin prompt
      • Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client
      • Bug 19417: Disable asm.js (but add code to clear on New Identity if enabled)
      • Bug 19273: Improve external app launch handling and associated warnings
      • Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy
    • Update HTTPS-Everywhere to 5.2.1
    • Update NoScript to 2.9.0.12
    • Bug 19417: Disable asmjs for now
    • Bug 19715: Disable the meek-google pluggable transport option
    • Bug 19714: Remove mercurius4 obfs4 bridge
    • Bug 19585: Fix regression test for keyboard layout fingerprinting
    • Bug 19515: Tor Browser is crashing in graphics code
    • Bug 18513: Favicon requests can bypass New Identity
    • Bug 19273: Write C++ patch for external app launch handling
    • Bug 16998: Isolate preconnect requests to URL bar domain
    • Bug 18923: Add script to run all Tor Browser regression tests
    • Bug 19478: Prevent millisecond resolution leaks in File API
    • Bug 19401: Fix broken PDF download button
    • Bug 19411: Don't show update icon if a partial update failed
    • Bug 19400: Back out GCC bug workaround to avoid asmjs crash
    • Bug 19735: Switch default search engine to DuckDuckGo
  • Windows
    • Bug 19348: Adapt to more than one build target on Windows (fixes updates)
    • Bug 19725: Remove old updater files left on disk after upgrade to 6.x
  • Linux
    • Bug 19276: Disable Xrender due to possible performance regressions
    • Bug 19725: Remove old updater files left on disk after upgrade to 6.x
  • OS X
    • Bug 19269: Icon doesn't appear in Applications folder or Dock
  • Android
    • Bug 19484: Avoid compilation error when MOZ_UPDATER is not defined
  • Build System
    • All Platforms