Support all your favorite nonprofits with a single donation.

Donate safely, anonymously & monthly, in any amount. It's a smarter way to give online. Learn more
The Tor Project
Dedham, MA
givvers: jason, emerssso + 4 others

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

The Tor Project is a 501(c)3 organization.

Latest News

Sep 23, 2016

Tor 0.2.8.8 fixes two crash bugs present in previous versions of the 0.2.8.x series. Relays running 0.2.8.x should upgrade, as should users who select public relays as their bridges.

You can download the source from the Tor website. Packages should be available over the next week or so.

Below is a list of changes since 0.2.8.6.

Changes in version 0.2.8.8 - 2016-09-23

  • Major bugfixes (crash):
    • Fix a complicated crash bug that could affect Tor clients configured to use bridges when replacing a networkstatus consensus in which one of their bridges was mentioned. OpenBSD users saw more crashes here, but all platforms were potentially affected. Fixes bug 20103; bugfix on 0.2.8.2-alpha.
  • Major bugfixes (relay, OOM handler):
    • Fix a timing-dependent assertion failure that could occur when we tried to flush from a circuit after having freed its cells because of an out-of-memory condition. Fixes bug 20203; bugfix on 0.2.8.1-alpha. Thanks to "cypherpunks" for help diagnosing this one.
  • Minor feature (fallback directories):
    • Remove broken fallbacks from the hard-coded fallback directory list. Closes ticket 20190; patch by teor.
  • Minor features (geoip):
    • Update geoip and geoip6 to the September 6 2016 Maxmind GeoLite2 Country database.

Sep 23, 2016

Tor 0.2.9.3-alpha adds improved support for entities that want to make high-performance services available through the Tor .onion mechanism without themselves receiving anonymity as they host those services. It also tries harder to ensure that all steps on a circuit are using the strongest crypto possible, strengthens some TLS properties, and resolves several bugs -- including a pair of crash bugs from the 0.2.8 series. Anybody running an earlier version of 0.2.9.x should upgrade.

You can download the source from the usual place on the website. Packages should be available over the next several days. Remember to check the signatures!

Please note: This is an alpha release. You should only try this one if you are interested in tracking Tor development, testing new features, making sure that Tor still builds on unusual platforms, or generally trying to hunt down bugs. If you want a stable experience, please stick to the stable releases.

Below are the changes since 0.2.9.2-alpha.

Changes in version 0.2.9.3-alpha - 2016-09-23

  • Major bugfixes (crash, also in 0.2.8.8):
    • Fix a complicated crash bug that could affect Tor clients configured to use bridges when replacing a networkstatus consensus in which one of their bridges was mentioned. OpenBSD users saw more crashes here, but all platforms were potentially affected. Fixes bug 20103; bugfix on 0.2.8.2-alpha.
  • Major bugfixes (relay, OOM handler, also in 0.2.8.8):
    • Fix a timing-dependent assertion failure that could occur when we tried to flush from a circuit after having freed its cells because of an out-of-memory condition. Fixes bug 20203; bugfix on 0.2.8.1-alpha. Thanks to "cypherpunks" for help diagnosing this one.

 

  • Major features (circuit building, security):
    • Authorities, relays and clients now require ntor keys in all descriptors, for all hops (except for rare hidden service protocol cases), for all circuits, and for all other roles. Part of ticket 19163.
    • Tor authorities, relays, and clients only use ntor, except for rare cases in the hidden service protocol. Part of ticket 19163.
  • Major features (single-hop "hidden" services):
    • Add experimental HiddenServiceSingleHopMode and HiddenServiceNonAnonymousMode options. When both are set to 1, every hidden service on a Tor instance becomes a non-anonymous Single Onion Service. Single Onions make one-hop (direct) connections to their introduction and renzedvous points. One-hop circuits make Single Onion servers easily locatable, but clients remain location-anonymous. This is compatible with the existing hidden service implementation, and works on the current tor network without any changes to older relays or clients. Implements proposal 260, completes ticket 17178. Patch by teor and asn.
  • Major features (resource management):
    • Tor can now notice it is about to run out of sockets, and preemptively close connections of lower priority. (This feature is off by default for now, since the current prioritizing method is yet not mature enough. You can enable it by setting "DisableOOSCheck 0", but watch out: it might close some sockets you would rather have it keep.) Closes ticket 18640.
  • Major bugfixes (circuit building):
    • Hidden service client-to-intro-point and service-to-rendezvous- point cicruits use the TAP key supplied by the protocol, to avoid epistemic attacks. Fixes bug 19163; bugfix on 0.2.4.18-rc.
  • Major bugfixes (compilation, OpenBSD):
    • Fix a Libevent-detection bug in our autoconf script that would prevent Tor from linking successfully on OpenBSD. Patch from rubiate. Fixes bug 19902; bugfix on 0.2.9.1-alpha.
  • Major bugfixes (hidden services):
    • Clients now require hidden services to include the TAP keys for their intro points in the hidden service descriptor. This prevents an inadvertent upgrade to ntor, which a malicious hidden service could use to distinguish clients by consensus version. Fixes bug 20012; bugfix on 0.2.4.8-alpha. Patch by teor.
  • Minor features (security, TLS):
    • Servers no longer support clients that without AES ciphersuites. (3DES is no longer considered an acceptable cipher.) We believe that no such Tor clients currently exist, since Tor has required OpenSSL 0.9.7 or later since 2009. Closes ticket 19998.
  • Minor feature (fallback directories):
    • Remove broken entries from the hard-coded fallback directory list. Closes ticket 20190; patch by teor.
  • Minor features (geoip, also in 0.2.8.8):
    • Update geoip and geoip6 to the September 6 2016 Maxmind GeoLite2 Country database.
  • Minor feature (port flags):
    • Add new flags to the *Port options to finer control over which requests are allowed. The flags are NoDNSRequest, NoOnionTraffic, and the synthetic flag OnionTrafficOnly, which is equivalent to NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic. Closes enhancement 18693; patch by "teor".
  • Minor features (directory authority):
    • After voting, if the authorities decide that a relay is not "Valid", they no longer include it in the consensus at all. Closes ticket 20002; implements part of proposal 272.
  • Minor features (testing):
    • Disable memory protections on OpenBSD when performing our unit tests for memwipe(). The test deliberately invokes undefined behavior, and the OpenBSD protections interfere with this. Patch from "rubiate". Closes ticket 20066.
  • Minor features (testing, ipv6):
    • Add the single-onion and single-onion-ipv6 chutney targets to "make test-network-all". This requires a recent chutney version with the single onion network flavours (git c72a652 or later). Closes ticket 20072; patch by teor.
    • Add the hs-ipv6 chutney target to make test-network-all's IPv6 tests. Remove bridges+hs, as it's somewhat redundant. This requires a recent chutney version that supports IPv6 clients, relays, and authorities. Closes ticket 20069; patch by teor.
  • Minor features (Tor2web):
    • Make Tor2web clients respect ReachableAddresses. This feature was inadvertently enabled in 0.2.8.6, then removed by bugfix 19973 on 0.2.8.7. Implements feature 20034. Patch by teor.
  • Minor features (unit tests):
    • We've done significant work to make the unit tests run faster.
    • Our link-handshake unit tests now check that when invalid handshakes fail, they fail with the error messages we expected.
    • Our unit testing code that captures log messages no longer prevents them from being written out if the user asked for them (by passing --debug or --info or or --notice --warn to the "test" binary). This change prevents us from missing unexpected log messages simply because we were looking for others. Related to ticket 19999.
    • The unit tests now log all warning messages with the "BUG" flag. Previously, they only logged errors by default. This change will help us make our testing code more correct, and make sure that we only hit this code when we mean to. In the meantime, however, there will be more warnings in the unit test logs than before. This is preparatory work for ticket 19999.
    • The unit tests now treat any failure of a "tor_assert_nonfatal()" assertion as a test failure.
  • Minor bug fixes (circuits):
    • Use the CircuitBuildTimeout option whenever LearnCircuitBuildTimeout is disabled. Previously, we would respect the option when a user disabled it, but not when it was disabled because some other option was set. Fixes bug 20073; bugfix on 0.2.4.12-alpha. Patch by teor.
  • Minor bugfixes (allocation):
    • Change how we allocate memory for large chunks on buffers, to avoid a (currently impossible) integer overflow, and to waste less space when allocating unusually large chunks. Fixes bug 20081; bugfix on 0.2.0.16-alpha. Issue identified by Guido Vranken.
    • Always include orconfig.h before including any other C headers. Sometimes, it includes macros that affect the behavior of the standard headers. Fixes bug 19767; bugfix on 0.2.9.1-alpha (the first version to use AC_USE_SYSTEM_EXTENSIONS).
    • Fix a syntax error in the IF_BUG_ONCE__() macro in non-GCC- compatible compilers. Fixes bug 20141; bugfix on 0.2.9.1-alpha. Patch from Gisle Vanem.
    • Stop trying to build with Clang 4.0's -Wthread-safety warnings. They apparently require a set of annotations that we aren't currently using, and they create false positives in our pthreads wrappers. Fixes bug 20110; bugfix on 0.2.9.1-alpha.
  • Minor bugfixes (directory authority):
    • Die with a more useful error when the operator forgets to place the authority_signing_key file into the keys directory. This avoids an uninformative assert & traceback about having an invalid key. Fixes bug 20065; bugfix on 0.2.0.1-alpha.
    • When allowing private addresses, mark Exits that only exit to private locations as such. Fixes bug 20064; bugfix on 0.2.2.9-alpha.
  • Minor bugfixes (documentation):
    • Document the default PathsNeededToBuildCircuits value that's used by clients when the directory authorities don't set min_paths_for_circs_pct. Fixes bug 20117; bugfix on 02c320916e02 in tor-0.2.4.10-alpha. Patch by teor, reported by Jesse V.
    • Fix manual for the User option: it takes a username, not a UID. Fixes bug 19122; bugfix on 0.0.2pre16 (the first version to have a manpage!).
  • Minor bugfixes (hidden services):
    • Stop logging intro point details to the client log on certain error conditions. Fixed as part of bug 20012; bugfix on 0.2.4.8-alpha. Patch by teor.
  • Minor bugfixes (IPv6, testing):
    • Check for IPv6 correctly on Linux when running test networks. Fixes bug 19905; bugfix on 0.2.7.3-rc; patch by teor.
  • Minor bugfixes (Linux seccomp2 sandbox):
    • Add permission to run the sched_yield() and sigaltstack() system calls, in order to support versions of Tor compiled with asan or ubsan code that use these calls. Now "sandbox 1" and "--enable-expensive-hardening" should be compatible on more systems. Fixes bug 20063; bugfix on 0.2.5.1-alpha.
  • Minor bugfixes (logging):
    • When logging a message from the BUG() macro, be explicit about what we were asserting. Previously we were confusing what we were asserting with what the bug was. Fixes bug 20093; bugfix on 0.2.9.1-alpha.
    • When we are unable to remove the bw_accounting file, do not warn if the reason we couldn't remove it was that it didn't exist. Fixes bug 19964; bugfix on 0.2.5.4-alpha. Patch from 'pastly'.
  • Minor bugfixes (option parsing):
    • Count unix sockets when counting client listeners (SOCKS, Trans, NATD, and DNS). This has no user-visible behaviour changes: these options are set once, and never read. Required for correct behaviour in ticket 17178. Fixes bug 19677; bugfix on 0.2.6.3-alpha. Patch by teor.
  • Minor bugfixes (options):
    • Check the consistency of UseEntryGuards and EntryNodes more reliably. Fixes bug 20074; bugfix on tor- 0.2.4.12-alpha. Patch by teor.
    • Stop changing the configured value of UseEntryGuards on authorities and Tor2web clients. Fixes bug 20074; bugfix on commits 51fc6799 in tor-0.1.1.16-rc and acda1735 in tor-0.2.4.3- alpha. Patch by teor.
  • Minor bugfixes (Tor2web):
    • Prevent Tor2web clients running hidden services, these services are not anonymous due to the one-hop client paths. Fixes bug 19678. Patch by teor.
  • Minor bugfixes (unit tests):
    • Fix a shared-random unit test that was failing on big endian architectures due to internal representation of a integer copied to a buffer. The test is changed to take a full 32 bytes of data and use the output of a python script that make the COMMIT and REVEAL calculation according to the spec. Fixes bug 19977; bugfix on 0.2.9.1-alpha.
    • The tor_tls_server_info_callback unit test no longer crashes when debug-level logging is turned on. Fixes bug 20041; bugfix on 0.2.8.1-alpha.

Sep 20, 2016

This release fixes many security issues and users should upgrade as soon as possible.

New features

  • We enabled address space layout randomization in the Linux kernel (kASLR) to improve protection from buffer overflow attacks.

  • We installed rngd to improve the entropy of the random numbers generated on computers that have a hardware random number generator.

Upgrades and changes

  • Upgrade Tor to 0.2.8.7.

  • Upgrade Tor Browser to 6.0.5.

  • Upgrade to Linux 4.6. This should improve the support for newer hardware (graphics, Wi-Fi, etc.)

  • Upgrade Icedove to 45.2.0.

  • Upgrade Tor Birdy to 0.2.0.

  • Upgrade Electrum to 2.6.4.

  • Install firmware for Intel SST sound cards (firmware-intel-sound).

  • Install firmware for Texas Instruments Wi-Fi interfaces (firmware-ti-connectivity).

  • Remove non-free APT repositories. We documented how to configure additional APT repositories using the persistent volume.

  • Use a dedicated page as the homepage of Tor Browser so we can customize it for our users.

  • Set up the trigger for RAM erasure on shutdown earlier in the boot process. This should speed up shutdown and make RAM erasure more robust.

Fixed problems

  • Disable the automatic configuration of Icedove when using OAuth.
    This should fix the automatic configuration for GMail accounts. (#11536)

  • Make the Disable all networking and Tor bridge mode options of Tails Greeter more robust. (#11593)

For more details, read our changelog.

Known issues

  • For some users memory wiping fails more often than in Tails 2.5, and for some users it fails less often. Please report any such changes to #11786.

See the list of long-standing issues.

Get Tails 2.6

What's coming up?

Tails 2.7 is scheduled for November 8.

Have a look at our roadmap to see where we are heading to.

We need your help and there are many ways to contribute to Tails (donating is only one of them). Come talk to us!

Support and feedback

For support and feedback, visit the Support section on the Tails website.

Sep 20, 2016

A new hardened Tor Browser release is available. It can be found in the 6.5a3-hardened distribution directory and on the download page for hardened builds.

This release features important security updates to Firefox including the recently disclosed extension update vulnerability. All users should upgrade as soon as possible.

In addition to the changes from Tor Browser 6.5a3, the creation of incremental MARs for hardened builds is now fixed.

Note: Due to bug 20185 Tor Browser will not work correctly if the path where it is installed is too long. As a workaround you may need to move it to a directory with a shorter path.

  • All Platforms
  • Update Firefox to 45.4.0esr
  • Update Tor to 0.2.9.2-alpha
  • Update OpenSSL to 1.0.2h (bug 20095)
  • Update Torbutton to 1.9.6.4
    • Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git
    • Bug 17767: Make "JavaScript disabled" more visible in Security Slider
    • Bug 19995: Clear site security settings during New Identity
    • Bug 19906: "Maximizing Tor Browser" Notification can exist multiple times
    • Bug 19837: Whitelist internal URLs that Firefox requires for media
    • Bug 15852: Remove/synchronize Torbutton SOCKS pref logic
    • Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6
    • Bug 14271: Make Torbutton work with Unix Domain Socket option
    • Translation updates
  • Update Tor Launcher to 0.2.11
    • Bug 14272: Make Tor Launcher work with Unix Domain Socket option
    • Bug 19568: Set CurProcD for Thunderbird/Instantbird
    • Bug 19432: Remove special handling for Instantbird/Thunderbird
    • Translation updates
  • Update HTTPS-Everywhere to 5.2.4
  • Update NoScript to 2.9.0.14
  • Bug 19851: Fix ASan error by upgrading GCC to 5.4.0
  • Bug 17858: Fix creation of incremental MARs for hardened builds
  • Bug 14273: Backport patches for Unix Domain Socket support
  • Bug 19890: Disable installation of system addons
  • Bug 17334: Spoof referrer when leaving a .onion domain
  • Bug 20092: Rotate ports for default obfs4 bridges
  • Bug 20040: Add update support for unpacked HTTPS Everywhere
  • Bug 20118: Don't unpack HTTPS Everywhere anymore
  • Bug 19336+19835: Enhance about:tbupdate page
  • Build system
    • All platforms
      • Bug 20133: Don't apply OpenSSL patch anymore
      • Bug 19528: Set MOZ_BUILD_DATE based on Firefox version

Sep 20, 2016

Tor Browser 6.5a3 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox including the recently disclosed extension update vulnerability. All users should upgrade as soon as possible.

This release bumps the versions of several of our components: Firefox to 45.4.0esr, Tor to 0.2.9.2-alpha and OpenSSL to 1.0.2h, HTTPS-Everywhere to 5.2.4, NoScript to 2.9.0.14. Additionally we are adding Unix Domain Socket support on Linux and OSX, the about:tbupdate page giving information about the update has been improved, the referrer spoofing for .onion domains has been moved from Torbutton to C++ patches.

Note: Due to bug 20185 Tor Browser on Linux and OS X will not work correctly if the path where it is installed is too long. As a workaround you may need to move it to a directory with a shorter path.

Update (9/22 07:15 UTC): We got reports about updates failing on OS X systems. We are still investigating the problem but this is likely due to a combination of issues. For one we might have introduced a permission problem by trying to get our incremental updates working again. Secondly, unix domain socket paths for the control port that contain spaces are not working. See comment 5 in bug 20210 for a preliminary analysis and workarounds. We are sorry for the inconvenience.

Here is the full changelog since 6.5a2:

  • All Platforms
    • Update Firefox to 45.4.0esr
    • Update Tor to 0.2.9.2-alpha
    • Update OpenSSL to 1.0.2h (bug 20095)
    • Update Torbutton to 1.9.6.4
      • Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git
      • Bug 17767: Make "JavaScript disabled" more visible in Security Slider
      • Bug 19995: Clear site security settings during New Identity
      • Bug 19906: "Maximizing Tor Browser" Notification can exist multiple times
      • Bug 19837: Whitelist internal URLs that Firefox requires for media
      • Bug 15852: Remove/synchronize Torbutton SOCKS pref logic
      • Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6
      • Bug 14271: Make Torbutton work with Unix Domain Socket option
      • Translation updates
    • Update Tor Launcher to 0.2.10.1
      • Bug 14272: Make Tor Launcher work with Unix Domain Socket option
      • Bug 19568: Set CurProcD for Thunderbird/Instantbird
      • Bug 19432: Remove special handling for Instantbird/Thunderbird
      • Translation updates
    • Update HTTPS-Everywhere to 5.2.4
    • Update NoScript to 2.9.0.14
    • Bug 14273: Backport patches for Unix Domain Socket support
    • Bug 19890: Disable installation of system addons
    • Bug 17334: Spoof referrer when leaving a .onion domain
    • Bug 20092: Rotate ports for default obfs4 bridges
    • Bug 20040: Add update support for unpacked HTTPS Everywhere
    • Bug 20118: Don't unpack HTTPS Everywhere anymore
    • Bug 19336+19835: Enhance about:tbupdate page
  • Android
    • Bug 19706: Store browser data in the app home directory
  • Build system
    • All platforms
      • Bug 20133: Don't apply OpenSSL patch anymore
      • Bug 19528: Set MOZ_BUILD_DATE based on Firefox version
    • OS X
      • Bug 19856: Make OS X builds reproducible again
      • Bug 19410: Fix incremental updates by taking signatures into account

Sep 19, 2016

Hello,

This blog post is the first part of the Cooking with Onions series which aims to highlight various interesting developments on the .onion space. This particular post presents a technique for efficiently scaling busy onion services.

The need for scaling

Onion services have been around for a while. During the past few years, they have been deployed by many serious websites like major media organizations (like the Washington Post), search engines (such as DuckDuckGo) and critical Internet infrastructure (e.g. PGP keyservers). This has been a great opportunity for us, the development team, since our code has been hardened and tested by the sheer volume of clients that use it every day.

This recent widespread usage also gave us greater insights on the various scalability issues that onion service operators face when they try to take their service to the next level. More users means more load to the onion service, and there is only so much that a single machine can handle. The scalability of the onion service protocol has been a topic of interest to us for a while, and recently we've made advancements in this area by releasing a tool called OnionBalance.

So what is OnionBalance?

OnionBalance is software designed and written by Donncha O'Cearbhaill as part of Tor's Summer of Privacy 2015. It allows onion service operators to achieve the property of high availability by allowing multiple machines to handle requests for a single onion service. You can think of it as the onion service equivalent of load balancing using round-robin DNS.

OnionBalance has recently started seeing more and more usage by onion service operators! For example, the Debian project recently started providing onion services for its entire infrastructure, and the whole project is kept in line by OnionBalance.





How OnionBalance works

Consider Alice, an onion operator, who wants to load balance her overloaded onion service using OnionBalance.

She starts by setting up multiple identical instances of that onion service in multiple machines, makes a list of their onion addresses, and passes the list to OnionBalance. OnionBalance then fetches their descriptors, extracts their introduction points, and publishes a "super-descriptor" containing all their introduction points. Alice now passes to her users the onion address that corresponds to the "super-descriptor". Multiple OnionBalance instances can be run with the same configuration to provide redundancy when publishing the super descriptor.

When Bob, a client, wants to visit Alice's onion service, his Tor client will pick a random introduction point out of the super-descriptor and use it to connect to the onion service. That introduction point can correspond to any of the onion service instances, and this way the client load gets spread out.

With OnionBalance, the "super-descriptor" can be published from a different machine to the one serving the onion service content. Your onion service private key can be kept in a more isolated location, reducing the risk of key compromise.

For information on how to set up OnionBalance, please see the following article:
http://onionbalance.readthedocs.io/en/latest/

Conclusion

OnionBalance is a handy tool that allows operators to spread the load of their onion service to multiple machines. It's easy to set up and configure and more people should give it a try.

In the meanwhile, we'll keep ourselves busy coming up with other ways to scale onion services in this brave new world of onions that is coming!

Take care until the next episode :)

Sep 16, 2016

Tor Browser 6.0.5 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox including the recently disclosed extension update vulnerability. All users should upgrade as soon as possible.

That vulnerability allows an attacker who is able to obtain a valid certificate for addons.mozilla.org to impersonate Mozilla's servers and to deliver a malicious extension update, e.g. for NoScript. This could lead to arbitrary code execution. Moreover, other built-in certificate pinnings are affected as well. Obtaining such a certificate is not an easy task, but it's within reach of powerful adversaries (e.g. nation states).

Thanks to everyone who helped investigating this bug and getting a bugfix release out as fast as possible.

We are currently building the alpha and hardened bundles (6.5a3 and 6.5a3-hardened) that will contain the fix for alpha/hardened channel users. We expect them to get released at the beginning of next week. Until then users are strongly encouraged to use Tor Browser 6.0.5.

Apart from fixing Firefox vulnerabilities this release comes with a new Tor stable version (0.2.8.7), an updated HTTPS-Everywhere (5.2.4), and fixes minor bugs.

Here is the full changelog since Tor Browser 6.0.4:

  • All Platforms
    • Update Firefox to 45.4.0esr
    • Update Tor to 0.2.8.7
    • Update Torbutton to 1.9.5.7
      • Bug 19995: Clear site security settings during New Identity
      • Bug 19906: "Maximizing Tor Browser" Notification can exist multiple times
    • Update HTTPS-Everywhere to 5.2.4
    • Bug 20092: Rotate ports for default obfs4 bridges
    • Bug 20040: Add update support for unpacked HTTPS Everywhere
  • Windows
    • Bug 19725: Remove old updater files left on disk after upgrade to 6.x
  • Linux
    • Bug 19725: Remove old updater files left on disk after upgrade to 6.x
  • Android
    • Bug 19706: Store browser data in the app home directory
  • Build system
    • All platforms
      • Upgrade Go to 1.4.3

Sep 12, 2016

Senator Ron Wyden delivered a speech on the floor of the Senate on Thursday calling for passage of a bill that would annul new rules for judges. These rules will give the FBI authority to hack millions of people's computers with a single search warrant, regardless of where the device is located.

The Stop Mass Hacking Act (S. 2952, H.R. 5321), which has bipartisan support, is composed of a single sentence:

"To prevent the proposed amendments to rule 41 
of the Federal Rules of Criminal Procedure from taking effect."

Wyden's bill attempts to stop the upcoming changes to Rule 41, set to take effect in less than 90 days.

The changes to Rule 41 would allow judges to grant warrants to search and seize electronic media located outside of their home districts when the location of the information is “concealed through technological means."

For instance, when a person is using Tor.

The broad search warrants allowable under these new rules will apply to people using Tor in any country—even if they are journalists, members of a legislature, or human rights activists. The FBI will be permitted to hack into a person’s computer or phone remotely and to search through and remove their data. The FBI will be able to introduce malware into computers. It will create vulnerabilities that will leave users exposed.

To quote a tweet from Daniel Shuman of the NGO Demand Progress, "Even if you like mass FBI hacking, shouldn't the Senate hold a hearing first before it automatically becomes law?"

We are at a critical point in the United States regarding surveillance law. Some public officials, like those at the US Department of Justice (the FBI is a department of DOJ), understand very well how surveillance technology works and the implications of the Rule 41 changes. But the judges who must approve these warrants under the new rules vary widely in their technical expertise and understanding of how these decisions affect the larger Constitutional issues of search and seizure. Rule 41 will allow savvy law enforcement officials to seek those judges who don't yet understand the tech.

Similarly, there are many members of Congress who don't yet understand either the technology or its impact on democratic institutions and values. Some understand that Tor and encryption are currently used by politicians, judges, and even the FBI to keep their communications private--but others do not. Some—but not all—know that privacy tools like Tor can help enforce the separation of powers by preventing one branch of government from spying on another. Some know that a back door for one good guy is eventually a back door for multiple bad guys. Many others do not.

So some US officials can take advantage of this ignorance in order to expand their power. And since the FBI works for the Department of Justice, and the Department of Justice works for the White House, Rule 41 gives new surveillance power to the Administrative branch of US government. New power over millions of people--that Congress never discussed or approved.

Why go through Congress, the reasoning goes, and risk public exposure, debate, and possible defeat, when law enforcement can tweak a rulebook and get the same new hacking power?

If you care about FBI mass hacking, urge Congress to pass the Stop Mass Hacking bill on social media with the hashtag #SMHAct (one of the better legislative hashtags).

If you are an American citizen, there is much more you can do. Here is a seemingly minor thing--but one that can have great impact. Call and leave a message with the Washington, DC, office of the US Senator from your state. Senators actually count these calls, and they influence their decisions--Perhaps they don't want to be voted out of office by the constituents they ignored.

Here is a list of Senators' phone numbers (calling is much more effective than email for this purpose): http://www.senate.gov/general/contact_information/senators_cfm.cfm?OrderBy=state

Your call or voicemail can be very simple:

"My name is _____, I am Senator ____'s constituent in the state of ___, and I support the "Stop Mass Hacking Act." I ask Senator _____ to support The Stop Mass Hacking Act also and that it be considered during this work period. Thank you.”

You can also leave a thank you message with Senator Wyden's office--This gives Wyden more ballast to encourage his colleagues to support the bill).

If you make those calls or leave voicemails and you're on Twitter, tweet that you called your Senator using their Twitter handle and the #SMHAct hashtag. This amplifies the power of the phone call.

The Stop Mass Hacking Act has bipartisan support. Senator Steve Daines (R-Montana), along with Senator Rand Paul (R-Kentucky) Senators Tammy Baldwin (D-Wisconsin) and Jon Tester (D-Montana) are original co-sponsors of the Senate bill.

People listen to the Tor community on issues of anonymity technology. But the threat to anonymity can be just as destructive when it comes because of a small rule change--a bureaucratic sleight of hand---as when it comes through a attack on our software by a state intelligence agency. As Tor users, our threat model includes both, so our response as a community must also include both.

UPDATE: Phoning is by far most important. Then you can tweet to your Senator.

The Twitter accounts for US Senators are here: http://www.socialseer.com/resources/us-senator-twitter-accounts/ #SMHAct

-----
H.R.5321: https://www.congress.gov/bill/114th-congress/house-bill/5321
S.2952: https://www.congress.gov/bill/114th-congress/senate-bill/2952