Support all your favorite nonprofits with a single donation.

Donate safely, anonymously & monthly, in any amount. It's a smarter way to give online. Learn more
The Tor Project
Dedham, MA
givvers: jason, emerssso + 4 others

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

The Tor Project is a 501(c)3 organization.

Latest News

Jan 12, 2017

The Tor Project is looking for a Communications Director!

This senior level position will report directly to the Executive Director and will be part of the organization's leadership team. The Communications Director will set and guide the strategy for all communications and public relations messages to consistently articulate the Tor Project's mission. This job includes working closely with this diverse, international community of people who make Tor and related software products. This is a hands-on position for a highly skilled communications professional.

This is a full-time position. The Tor Project’s main office is in Seattle, and we’d be delighted to supply a desk for the Communications Director there, however, this job can be done remotely. Knowledge of media and press contacts within the United States is essential.

The job description, including instructions on how to apply, can be viewed here:

If you know someone who would be awesome at this job, please direct them to the job posting!

Erin Wyatt
HR Manager

Jan 11, 2017

carml is a command-line, pipe-friendly tool for exploring and controlling a running Tor daemon. Most of the sub-commands will be interesting to developers and tinkerers; a few of these will be interesting to end users. This post concentrates on the developers and tinkerers.

carml is a Python program written using Twisted and my library txtorcon. If you're familiar with Python, create a new virtualenv and pip install carml. There are more verbose install instructions available. Once this works, you should be able to type carml and see the help output.

Connecting to Tor

carml works somewhat like git, in that a normal invocation is carml followed by some global options and then a sub-command with its own options. The most-useful global option is --connect <endpoint> which tells carml how to connect to the control-port. Technically this can be any Twisted client endpoint-string but for Tor will be one of tcp:<port> (or simply a port) or unix:/var/run/tor/control for a unix-socket.

For Tor Browser Bundle, use carml --connect 9151. Typically a "system" Tor is reachable at carml --connect 9051 or carml --connect unix:/var/run/tor/control. You may need to enable the control-port in the configuration and re-load (or re-start) Tor. More details are in the documentation.

Start Exploring

The most interesting general purpose command is probably carml monitor -- try running it for a while and you can see what your Tor client is doing. This gives some good insight into Tor behavior.

A (very basic) usage graph is available via carml graph to see what bandwidth you're using (this needs work on the scaling -- PRs welcome!)

Explicit Circuits

Sometimes, you want to use a particular circuit. For example, you're trying to confirm some possibly-nefarious activity of an Exit. We can combine the carml circ and carml stream commands:

carml circ --build "*,*,4D08D29FDE23E75493E4942BAFDFFB90430A81D2"

This means make a 3-hop circuit through any entry-guard, any middle and then one particular exit (identified by ID). You can*= identify via name (only if it's unique!) but hashes are highly recommended. Of course, you could explicitly choose the other hops as well. Note that the stars still leave the selection up to carml / txtorcon which cannot (and does not) use Tor's exact selection algorithm.

Next, you'll want to actually attach circuits to that stream. It will have printed out something like "Circuit ID 1234". Now we can use carml stream:

carml stream --attach 1234

This will cause all new streams to be attached to circuit 1234 (until we exit the carml stream command). In another terminal, try torsocks curl to visit Tor Project's web site via your new circuit. Once you kill the above carml stream command, Tor will select circuits via its normal algorithm once again.

Note that it's not currently possible to attach streams destined for onion services (this is a Tor limitation, see connection_edge.c).

Debugging Tor

The control protocol reveals all Tor events, which includes INFO and DEBUG logging events. This allows you to easily turn on DEBUG and INFO logging via the carml events command:

carml events INFO DEBUG

This can of course be piped through grep or anything else. You can give a --count to carml events, which is useful for some of the other events.

For example, if you want to "do something" every time a new consensus document is published, you could do this:

carml events --once NEWCONSENSUS

This will wait until exactly one NEWCONSENSUS event is produced, dump the contents of it to stdout (which will be the new consensus) and exit. Using a bash script that runs the above (maybe piped to /dev/null) you can ensure a new consensus is available before continuing.

Events that Tor emits are documented in torspec section 4.1. You can use carml to list them, with carml events --list.

Another example might be that you want to ensure your relay is still listed in the consensus every hour. One way would be to schedule a cron-job shortly before the top of each hour which does something like:

carml events --once NEWCONSENSUS | grep 
# log something useful if grep didn't find anything

Raw Commands

You can issue a raw control-port command to Tor via the carml cmd sub-command. This takes care of authentication, etc. and exits when the command succeeds (or errors). This can be useful to test out new commands under development etc (as the inputs / outputs are not in any way validated).

Every argument after cmd is joined back together with spaces before being sent to Tor so you don't have to quote things.

carml cmd getinfo info/names
carml cmd ADD_ONION NEW:BEST Port=1234

End-User Commands

Briefly, the commands intended to be "end-user useful" are:

carml pastebin: create a new hidden service and serve a directory, single file, or stdin at it. You can combine with carml copybin or simply torsocks curl ... on the other side. Still an "exercise to the reader" to securely distribute the address.

carml tbb: download, verify and run a new Tor Browser Bundle. This pins the public-key of and bundles the keys of likely suspects that sign the bundles. It is less useful now that TBB auto-updates.

carml newid: sends the NEWNYM signal, which clears the DNS cache and causes Tor to not re-use any existing circuits for new requests.

carml monitor shows you what Tor is doing currently. Similarly, carml graph shows you just the current in/out bandwidth.

Pure Entertainment

Commands that can provide hours of entertainment include:

  • carml xplanet
  • carml tmux

I hope you find carml useful. Suggestions, bugs, and fixes all welcome on carml's GitHub page.

See Also

There is also a curses-based Tor tool called ARM (blog post). This is being re-written as "Nyx" currently.

Jan 09, 2017

If you haven’t noticed already, has a new look. The underlying data, graphing engine, and graphs remain the same.

The goal for this project was to make Tor metrics easier to use and more useful. Our process involved usability inspections, feature brainstorming, rough wireframes, and iterative prototypes. This page documents our process in detail.

We restructured, redesigned, and added content to:

  • Alleviate pain points in using the interface for better workflow and navigation.
  • Aggregate resources for journalists, developers, relay operators, and researchers.
  • Increase compatibility with phones and tablets through responsive design.

It’s truly a place where you can learn interesting facts about the Tor network! We’re especially excited about the news page, which lists various world events with measured anomalies. We hope that the operation, development, and research pages help our many valued Tor community members to find the resources they need. Feel free to email [email protected] with suggestions.

This work was sponsored by Mozilla's Open Source Support. The objectives were to 1) determine the usability of Tor Metrics and 2) address the most pressing usability issues identified (milestone 6.1 and 6.2 of this contract).

Dec 31, 2016

Throughout the month of December, we've highlighted a few of our fellow travelers on the road to Internet freedom in a series of blog posts titled "Tor at the Heart." We wanted to show some of the many other projects out there and their connection to us. Just like a heart, Tor helps to fortify these projects as they provide Internet freedom around the world.

This past year we saw very dangerous trends of Internet censorship growing around the world. Activists in Brazil, China, Greece, India, Indonesia, Iran, Russia, Saudi Arabia, Sudan, and Turkey all experienced serious censorship events. The entire African continent saw a spike of censorship events, especially in Uganda, Chad, Ethiopia, Zimbabwe, Congo and Burundi.

Technological tools like Tor are often the only way people within those countries can communicate to the outside world.

Tor is also important for those of us lucky enough to live in countries without major censorship events. Journalists use Tor to communicate more safely with whistleblowers and dissidents. Everyday people use Tor to keep their Internet activities concealed from advertisers, ISPs, and web sites. Tor is important for anyone who doesn't want their browsing habits linked to them.

2016 has been a very busy year at the Tor Project. We created our own UX team to improve our tools usability, we fixed zero-days in less than 12 hours, we have started to apply very strong sandboxing to Tor Browser, we kicked off the next generation of onion services project, and we have done many other important updates on our network and applications.

And 2017 is shaping up to be even more intense. We are working to deploy new features, including better mobile connectivity and better visualizations of our data so that others can easily explore and learn from them. We are working to improve the user interface on our website and various apps. And we’re working on better ways to safeguard our users, including sandboxing Tor at the application level and investigating quantum computing.

As we wind down our 2016 end-of-year fundraising campaign, won't you take a minute to contribute a financial donation? Giving is easy, and you'll get the warm glow of knowing that you've done your small part to help someone in an oppressive part of the world be able to get her story out to the rest of us. We'll even throw in a t-shirt and/or other swag, if you choose, so you can show the world how cool you are and that you care about digital freedom.

To donate:

Thanks for your help. Here's wishing you and yours a healthy, happy 2017!

Dec 30, 2016

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today!

Firefox <3 Tor Browser

by Ethan Tseng and Richard Barnes

If you’ve used Tor, you’ve probably used Tor Browser, and if you’ve used Tor Browser you’ve used Firefox. By lines of code, Tor Browser is mostly Firefox -- there are some modifications and some additions, but around 95% of the code in Tor Browser comes from Firefox. The Firefox and Tor Browser teams have collaborated for a long time, but in 2016, we started to take it to the next level, bringing Firefox and Tor Browser closer together than ever before. With closer collaboration, we’re enabling the Tor Browser team to do their jobs more easily, adding more privacy options for Firefox users, and making both browsers more secure.

The Tor Browser team builds Tor Browser by taking Firefox ESR and applying some patches to it. These changes add valuable privacy features for Tor Browser users, but having these changes also means that every time the Tor Browser team wants to use a new version of Firefox, they have to update the patches to work with the new version. These updates take up a substantial fraction of the effort involved in producing Tor Browser.

In 2016, we started an effort to take the Tor Browser patches and “uplift” them to Firefox. When a patch gets uplifted, we take the change that Tor Browser needs and we add it to Firefox in such a way that it’s disabled by default, but can be enabled by changing a preference value. That saves the Tor Browser team work, since they can just change preferences instead of updating patches. And it gives the Firefox team a way to experiment with the advanced privacy features that Tor Browser team is building, to see if we can bring them to a much wider audience.

Our first major target in the uplift project was a feature called First Party Isolation, which provides a very strong anti-tracking protection (at the risk of breaking some websites). Mozilla formed a dedicated team to take the First Party Isolation features in Tor Browser and implement them in Firefox, using the same technology we used to build the containers feature. The team also developed thorough test and QA processes to make sure that the isolation in Firefox is as strong as what’s in Tor Browser -- and even identified some ways to add even stronger protections. The Mozilla team worked closely with the Tor Browser team, including weekly calls and an in-person meeting in September.

First Party Isolation will be incorporated in Firefox 52, the basis for the next major version of Tor Browser. As a result, the Tor Browser team won’t have to update their First Party Isolation patches for this version. In Firefox, First Party Isolation is disabled by default (because of the compatibility risk), but Firefox users can opt in to using First Party Isolation by going to about:config and setting “privacy.firstparty.isolate” to “true”.

We’re excited to continue this collaboration in 2017. Work will start soon on uplifting a set of patches that prevent various forms of browser fingerprinting. We’ll also be looking at how we can work together on sandboxing, building on the work that Yawning Angel has done for Tor Browser and the Firefox sandboxing features that are scheduled to start shipping in early 2017.

Finally, we should recognize the value of the continued collaboration between Mozilla and the Tor Project with regard to security vulnerabilities. The importance of this collaboration was on display only a few weeks ago, when we were both simultaneously notified of a zero-day exploit targeted at Tor Browser using a vulnerability in Firefox. Working together, we were able to develop, test, and ship a fix to both browsers in under 24 hours.

The collaboration between the Firefox and Tor Browser teams is a great example of how Mozilla’s principles of openness and participation can help advance security and privacy in the Internet. We’re proud of all we’ve accomplished together with the Tor Project in 2016, and we’re looking forward to continuing to making the web more secure and more private.

Dec 29, 2016

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today!

Tor Saves Lives

by Cindy Cohn

I joined the Tor Board of Directors because Tor saves lives.

By allowing people to access knowledge, share information, organize and find communities of support in otherwise hostile environments, Tor represents one of the strongest examples of how technology can be marshaled to serve the causes of freedom, safety, liberty and human rights for people around the world. It’s easy enough to say: “speak truth to power” when the risks are low. To ensure that people can really do that in today’s digital world – where the stakes can be much, much higher – often requires some technical assistance. That’s where Tor comes in.

Before I started fighting for freedom online, I was a human rights lawyer. I spent time at the United Nations and helped organize a small NGO, called the Unrepresented Nations and Peoples Organization, which serves as a central hub for oppressed groups seeking a voice internationally. Its members range from the Ogoni in Nigeria to Tibetans to West Papuans. I saw first hand how hard it is to sneak information about human rights abuses out of repressive countries and how important it is to build networks of support inside and outside of those environments.

This experience is why, when I first learned about Tor, I immediately saw how it sits at the heart of ensuring that the world we’re building with digital technologies can be at least as much, if not more humane than the physical world. In addition to helping those facing government repression, Tor also serves as protection closer to home, and even inside the home for those seeking information and assistance to escape from domestic abuse. Tor of course has other uses, some good and some rotten, but that’s no different than most technologies. Even a hammer can be used to hit someone over the head. The difference is in what we do with it.

So when Shari Steele and I talked about how to usher Tor into its next phase, I offered to join with her to do it.

I have a core belief that those of us with access to power – be it personal, technical, legal or situational – have a duty to try to steer it toward empowering the people in the rest of the world to live better, safer and more free lives. That Tor exists demonstrates that many others share this core belief. The knowledge that there is a large posse of us building and supporting these tools, along with the courage shown by those who rely on Tor, keeps me energized.

There’s no doubt that a strong, well-run Tor can help more people. While the work of ensuring that the organization stays strong, stays on course, pays its bills and treats people well isn’t always the glamorous part, it’s necessary. For me, helping Tor do that well is how I help Tor save lives.

Please support the Tor Project!
Donate today!

Dec 29, 2016

We are pleased to announce another public beta release of Tor Messenger. This release features important improvements to the stability and security of Instantbird. All users are encouraged to upgrade.

Tor Messenger 0.3.0b1 users will be automatically prompted to install the update (similar to Tor Browser). On installing and restarting, the update will be applied; your account settings and OTR keys will be preserved.


Please note that Tor Messenger is still in beta. The purpose of this release is to help test the application and provide feedback. At-risk users should not depend on it for their privacy and safety.

Linux (32-bit)

Linux (64-bit)




The sha256sums-signed-build.txt file containing hashes of the bundles is signed with the key 0xB01C8B006DA77FAA (fingerprint: E4AC D397 5427 A5BA 8450 A1BE B01C 8B00 6DA7 7FAA). Please verify the fingerprint from the signing keys page on Tor Project's website.


Tor Messenger 0.3.0b2 -- 29 December, 2016

  • All Platforms
    • Use the tor-browser-45.6.0esr-6.0-1-build1 tag on tor-browser
    • Use the THUNDERBIRD_45_6_0_RELEASE tag on comm-esr45
    • Update ctypes-otr to 0.0.4
    • Update tor-browser to 6.0.8
    • Don't allow javascript: links in themes
    • Permit storing cert. exceptions in private browsing mode
    • Bugzilla 1321420: Add a pref to disable JavaScript in browser requests
    • Bugzilla 1321641: Disable svg and mathml in content

Dec 28, 2016

During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom.
Donate today!

Qubes OS

by Michael Carbone and Andrew David Wong

Qubes OS is a security and privacy-oriented free and open source operating system that provides you with a safe platform for communications and information management. Its architecture is built to enable you to define different security environments (or "qubes") on your computer to manage the various parts of your digital life, including safely using Tor.

"If you're serious about security, @QubesOS is the best OS available today. It's what I use, and free. Nobody does VM isolation better."
--- Edward Snowden

Qubes OS allows you to safely manage the different communications, data, and identities in your digital life in securely compartmentalized qubes. All of these qubes are integrated into a single desktop environment with unforgeable colored window borders so that you can easily identify applications and windows from different security environments.

Some features of Qubes OS include:

Safer anonymous browsing

Qubes incorporates Whonix to provide a safer way to use Tor Browser, by compartmentalizing the Tor Browser and Tor process in separate qubes. This means that if the Tor Browser is exploited, the attacker still cannot discover your real IP address, because the Tor Browser and its qube do not know your real IP address. Moreover, that compromise cannot spread from Tor Browser to the Tor process, since they are isolated in different qubes, so any other Tor-related activities you have in other qubes remain secure and private.

Enforce Tor use for non-Tor-aware applications

Once a qube is set to use the Tor network, all network traffic that leaves it is forced to go through Tor. This means that no matter which applications you use, they will not be able to leak your real IP address, even if they are not Tor-aware.

All software and OS updates through Tor

Qubes allows users to download all software and OS updates through Tor, which means that network attackers can't target you with malicious updates or selectively block you from receiving certain updates. In addition, downloading all updates through Tor preserves your privacy, since it prevents your ISP and package repositories from tracking which packages you install.

Robust and safe networking

In addition to easily running non-Tor-aware programs through the Tor network, you can -- at the same time -- have other qubes go through VPNs or be non-networked, for instance to enable easily accessible but offline storage of sensitive information like your password manager. Common attack vectors like network cards are isolated in their own hardware qube while their functionality is preserved through secure networking and firewalls.

Secure communications

Qubes is integrated with existing secure communications tools like Pretty Good Privacy (PGP) to provide security-in-depth and reduce user error. With Split-GPG functionality, a compromise of your email client does not enable an adversary to access your private PGP key.

Safely interact with untrusted media

You can open an untrusted attachment from your email client, and any potential malicious payload in the document is isolated to a separate disposable, non-networked qube. No information from that session can be sent to the attacker, since it is not connected to the internet, and after the document has been read, the entire domain is deleted. You can convert the PDF to a “trusted PDF” that is known not to be malicious, which you could then share with colleagues or save in an offline Documents qube for later reference. In the same way, a potentially malicious DOC file can be opened in a disposable qube that enables the user to edit the file, save it, and send it without providing an opportunity for potential computer compromise.

Windows integration

Many users still rely on Windows-based programs for their work. Qubes enables them to do so securely.

Physical security

Qubes also protects your computer against some physical attacks. If an adversary plugs a malicious USB device into your computer while you're not watching, it isn't game over. Qubes isolates the entire USB stack from the rest of the system. And if you want to dual-boot, or if your computer is seized at the border and then returned, you can tell whether a malicious bootloader was installed, so you know not to input your decryption password.

Smooth integration of qubes

Integrated file and clipboard copy and paste operations make it easy to work across various qubes without compromising security. The innovative Template system separates software installation from software use, allowing qubes to share a root filesystem without sacrificing security (and saving disk space).

There are many different ways to contribute to Qubes, including creating artwork, reporting bugs, editing documentation, making financial contributions and more. If your company would like to license Qubes, please contact the Qubes team.