Researchers from the University of Michigan identified of 86% of live Tor "bridges" with a single scan?

Wed Oct 12 14:39:41 PDT 2022

what is it?

i dont really do much video, mostly text.

On 10/12/22, Digitalfolklore <digitalfolklore at protonmail.ch> wrote:
>
> Exodus
> https://archive.org/details/SilverBulletsandFairyTails
>
>
>
> VH
>
>
> ------- Original Message -------
> On Wednesday, October 12th, 2022 at 4:17 AM, Undescribed Horrific Abuse, One
> Victim & Survivor of Many <gmkarl at gmail.com> wrote:
>
>
>> 2013
>>
>> Researchers from the [[University of Michigan]] developed a network
>> scanner allowing identification of 86% of live Tor "bridges" with a
>> single scan.<ref name="twe-zmap"/>
>>
>>
>> <ref name="twe-zmap">{{cite
>>
>> web|url=http://www.techweekeurope.co.uk/news/zmap-internet-scan-zero-day-125374|title=Zmap's
>> Fast Internet Scan Tool Could Spread Zero Days In
>> Minutes|last=Judge|first=Peter|date=20 August 2013|website=TechWeek
>> Europe|url-status=dead|archive-url=https://web.archive.org/web/20130824142042/http://www.techweekeurope.co.uk/news/zmap-internet-scan-zero-day-125374|archive-date=24
>> August 2013}}</ref>
>>
>>
>> {{Short description|Free and open-source anonymity network based on
>> onion routing}}
>> {{About|the software and anonymity network|the software's
>> organization|The Tor Project}}
>> {{Other uses|Tor (disambiguation)}}
>> {{Pp-pc1}}
>> {{Use dmy dates|date=January 2020}}
>> {{Multiple issues|
>> {{More citations needed|date=December 2021}}
>> {{Duplication|date=August 2022|dupe=#Bad apple attack}}
>> {{POV|date=February 2021}}
>> }}
>> {{Infobox software
>> | name = Tor
>> | logo = [[File:Tor-logo-2011-flat.svg|150px]]
>> | logo caption = [[The Tor Project]] logo
>> | screenshot = [[File:Tor November 2021.png|250px]]
>> | caption = The [[#Tor Browser|Tor Browser]] default homepage
>> | collapsible =
>> | developer = [[The Tor Project]]
>> | released = {{Start date and age|2002|9|20|df=y}}<ref name="prealpha" />
>>
>> | ver layout = stacked
>> | discontinued =
>> | programming language = [[C (programming language)|C]],<ref
>> name="openhub-tor" /> [[Python programming language|Python]], [[Rust
>>
>> (programming language)|Rust]]<ref>{{cite web | date=2022|
>>
>> title=Announcing Arti, a pure-Rust Tor implementation|
>> url=https://blog.torproject.org/announcing-arti}}</ref>
>>
>> | operating system = [[Unix-like]], ([[Android operating
>> system|Android]], [[Linux]], [[BSD]], [[macOS]]), [[Microsoft
>> Windows]], [[IOS]].
>> | platform =
>> | size = {{Nowrap|50–55 MB}}<!-- Stand-alone version! Tor Browser has
>> its own infobox further down. -->
>>
>> | language =
>> | genre = [[Overlay network]], [[mix network]], [[onion routing|onion
>> router]], [[Anonymity application]]
>> | license = [[BSD licenses#3-clause license ("BSD License 2.0",
>> "Revised BSD License", "New BSD License", or "Modified BSD
>> License")|BSD 3-clause license]]<ref name="LICENSE - Tor">{{cite web
>>
>> |title=LICENSE – Tor's source code
>> |url=https://gitweb.torproject.org/tor.git/tree/LICENSE
>> |access-date=15 May 2018 |website=tor |archive-date=5 November 2018
>> |archive-url=https://web.archive.org/web/20181105121901/https://gitweb.torproject.org/tor.git/tree/LICENSE
>> |url-status=live }}</ref>
>>
>> | website = {{URL|torproject.org}}
>> }}
>> {{File sharing sidebar}}
>>
>> '''Tor''', short for '''The Onion Router''',<ref>{{cite
>>
>> web|url=https://www.bbc.com/news/technology-29987379|title=Dark net
>> raids were 'overblown' by police, says Tor
>> Project|last=Lee|first=Dave|work=[[BBC]]|date=10 November
>> 2014|access-date=18 June 2022}}</ref> is<!--software is a mass noun in
>>
>> English, do not put "a" here--> [[free and open-source software]] for
>>
>> enabling [[Anonymity|anonymous communication]].<ref>{{Cite
>>
>> journal|last=Schmucker|first=Niklas|title=Web tracking|journal=SNET2
>> Seminar Paper-Summer Term}}</ref> It directs [[Internet]] traffic
>>
>> through a free, worldwide, volunteer [[overlay network]], consisting
>> of more than seven thousand relays,<ref name="torstatus" /> to conceal
>>
>> a user's location and usage from anyone performing [[Computer and
>> network surveillance#Network surveillance|network surveillance]] or
>> [[Traffic analysis#In computer security|traffic analysis]].<ref>{{Cite
>>
>> journal |last1=McCoy |first=Damon |author2=Kevin Bauer |author3=Dirk
>> Grunwald |author4=Tadayoshi Kohno |author5=Douglas Sicker
>> |title=Shining light in dark places: Understanding the Tor network
>> |journal=International Symposium on Privacy Enhancing Technologies
>> Symposium}}</ref> Using Tor makes it more difficult to trace a user's
>>
>> Internet activity. Tor's intended use is to protect the personal
>> privacy of its users, as well as their freedom and ability to
>> communicate confidentially through [[IP address]] anonymity using Tor
>> exit nodes.<ref>{{cite web |title=ABOUT TOR BROWSER {{!}} Tor Project
>>
>> {{!}} Tor Browser Manual
>> |url=https://tb-manual.torproject.org/about/#:~:text=Tor is a network
>> of,out onto the public Internet.
>> |access-date=2022-04-27 |website=tb-manual.torproject.org}}</ref>
>>
>>
>> ==History==
>> The core principle of Tor, [[onion routing]], was developed in the
>> mid-1990s by [[United States Naval Research Laboratory]] employees,
>> [[mathematician]] [[Paul Syverson]], and [[computer scientist]]s [[G.
>> Mike Reed|Michael G. Reed]] and David Goldschlag, to protect [[United
>> States Intelligence Community|American intelligence]] communications
>> online.<ref name=bw-tor-vs /> Onion routing is implemented by means of
>>
>> [[encryption]] in the [[application layer]] of the [[communication
>> protocol]] stack, nested like the layers of an [[onion]]. The [[alpha
>> version]] of Tor, developed by Syverson and computer scientists
>> [[Roger Dingledine]] and [[Nick Mathewson]] and then called The Onion
>> Routing project (which was later given the acronym "Tor"), was
>> launched on 20 September 2002.<ref name="tor-history">{{cite web
>>
>> |title=History |url=https://www.torproject.org/about/history/
>> |website=Tor Project |access-date=5 June 2021}}</ref><ref
>>
>> name="torproject-faq" /> The first public release occurred a year
>>
>> later.<ref>{{Cite mailing
>>
>> list|mailing-list=tor-dev|last=Dingledine|first=Rogert|date=8 October
>> 2003|title=Tor is free|publisher=Tor
>> Project|url=https://lists.torproject.org/pipermail/tor-dev/2003-October/002185.html|access-date=23
>> September 2016|archive-date=13 February
>> 2017|archive-url=https://web.archive.org/web/20170213031700/https://lists.torproject.org/pipermail/tor-dev/2003-October/002185.html|url-status=live}}</ref>
>>
>>
>> {{Anchor|Tor project}}
>> In 2004, the Naval Research Laboratory released the code for Tor under
>> a free license, and the [[Electronic Frontier Foundation]] (EFF) began
>> funding Dingledine and Mathewson to continue its development.<ref
>> name="tor-history" /> In 2006, Dingledine, Mathewson, and five others
>>
>> founded [[The Tor Project]], a [[Massachusetts]]-based [[501(c)(3)]]
>> research-education [[nonprofit organization]] responsible for
>> maintaining Tor. The EFF acted as The Tor Project's [[Fiscal
>> sponsorship|fiscal sponsor]] in its early years, and early financial
>> supporters included the U.S. [[Bureau of Democracy, Human Rights, and
>> Labor]] and [[International Broadcasting Bureau]], [[Internews]],
>> [[Human Rights Watch]], the [[University of Cambridge]], [[Google]],
>> and Netherlands-based [[NLnet|Stichting NLnet]].<ref>{{cite
>>
>> web|date=2009|title=Tor Project Form 990
>> 2008|url=https://www.torproject.org/about/findoc/2008-TorProject-Form990.pdf|url-status=dead|archive-url=https://web.archive.org/web/20170629102518/https://www.torproject.org/about/findoc/2008-TorProject-Form990.pdf|archive-date=29
>> June 2017|access-date=30 August 2014|website=Tor
>> Project}}</ref><ref>{{cite web|date=2010|title=Tor Project Form 990
>>
>> 2009|url=https://www.torproject.org/about/findoc/2009-TorProject-Form990andPC.pdf|url-status=dead|archive-url=https://web.archive.org/web/20170629102506/https://www.torproject.org/about/findoc/2009-TorProject-Form990andPC.pdf|archive-date=29
>> June 2017|access-date=30 August 2014|website=Tor Project}}</ref>
>>
>> [[File:Geographies of Tor.png|thumb|A [[cartogram]] illustrating Tor
>> usage]]
>>
>> Over the course of its existence, various Tor
>> [[#Weaknesses|weaknesses]] have been discovered and occasionally
>> exploited. Attacks against Tor are an active area of academic
>> research<ref>{{cite web|last=Goodin|first=Dan|date=22 July
>>
>> 2014|title=Tor developers vow to fix bug that can uncloak
>> users|url=https://arstechnica.com/security/2014/07/tor-developers-vow-to-fix-bug-that-can-uncloak-users/|url-status=live|archive-url=https://web.archive.org/web/20170708090704/https://arstechnica.com/security/2014/07/tor-developers-vow-to-fix-bug-that-can-uncloak-users/|archive-date=8
>> July 2017|access-date=15 June 2017|website=[[Ars
>> Technica]]}}</ref><ref>{{cite web|title=Selected Papers in
>>
>> Anonymity|url=http://freehaven.net/anonbib/#2014|url-status=live|archive-url=https://web.archive.org/web/20180712134223/https://www.freehaven.net/anonbib/#2014|archive-date=12
>> July 2018|access-date=26 October 2005|website=Free Haven}}</ref> that
>>
>> is welcomed by The Tor Project itself.<ref>{{cite web|title=Tor
>>
>> Research
>> Home|url=https://research.torproject.org/|url-status=live|archive-url=https://web.archive.org/web/20180626053025/https://research.torproject.org/|archive-date=26
>> June 2018|access-date=31 July 2014|publisher=torproject.org}}</ref>
>>
>>
>> == Usage ==
>> {{Further|Dark web}}
>> {{Hidden services 2015}}
>> {{Hidden services 2016}}
>>
>> Tor enables its users to surf the Internet, chat and send instant
>> messages anonymously, and is used by a wide variety of people for both
>> licit and illicit purposes.<ref>{{Cite magazine |last=Zetter
>>
>> |first=Kim |date=17 May 2005 |title=Tor Torches Online Tracking
>> |magazine=Wired
>> |url=http://archive.wired.com/politics/security/news/2005/05/67542?currentPage=all
>> |access-date=30 August 2014 |archive-date=26 July 2014
>> |archive-url=https://web.archive.org/web/20140726025108/http://archive.wired.com/politics/security/news/2005/05/67542?currentPage=all
>> |url-status=live }}</ref> Tor has, for example, been used by criminal
>>
>> enterprises, [[hacktivism]] groups, and law enforcement agencies at
>> cross purposes, sometimes simultaneously;<ref name="cso-black-market"
>> /><ref name="muckrock-hunting-porn" /> likewise, agencies within the
>>
>> U.S. government variously fund Tor (the [[United States Department of
>> State|U.S. State Department]], the National Science Foundation, and –
>> through the Broadcasting Board of Governors, which itself partially
>> funded Tor until October 2012 – [[Radio Free Asia]]) and seek to
>> subvert it.<ref name="guardian-nsa-target" /><ref name="bw-tor-vs" />
>>
>>
>> Tor is not meant to completely solve the issue of anonymity on the
>> web. Tor is not designed to completely erase tracking but instead to
>> reduce the likelihood for sites to trace actions and data back to the
>> user.<ref>{{cite web |title=Tor: Overview
>>
>> |url=https://www.torproject.org/about/overview.html.en |website=The
>> Tor Project |access-date=29 April 2015 |archive-date=6 June 2015
>> |archive-url=https://web.archive.org/web/20150606002957/https://www.torproject.org/about/overview.html.en
>> |url-status=live }}</ref>
>>
>>
>> Tor is also used for illegal activities. These can include privacy
>> protection or censorship circumvention,<ref name="scm-egyptians" /> as
>>
>> well as distribution of child abuse content, drug sales, or malware
>> distribution.<ref name=":1">{{Cite journal |last1=Jardine |first1=Eric
>>
>> |last2=Lindner |first2=Andrew M. |last3=Owenson |first3=Gareth
>> |date=2020-12-15 |title=The potential harms of the Tor anonymity
>> network cluster disproportionately in free countries
>> |journal=Proceedings of the National Academy of Sciences |language=en
>> |volume=117 |issue=50 |pages=31716–31721 |doi=10.1073/pnas.2011893117
>> |issn=0027-8424 |pmid=33257555 |pmc=7749358
>> |bibcode=2020PNAS..11731716J |doi-access=free }}</ref>
>>
>>
>> Tor has been described by ''[[The Economist]]'', in relation to
>> [[Bitcoin]] and [[Silk Road (marketplace)|Silk Road]], as being "a
>> dark corner of the web".<ref name="economist-bitcoin" /> It has been
>>
>> targeted by the American [[National Security Agency]] and the British
>> [[GCHQ]] [[signals intelligence]] agencies, albeit with marginal
>> success,<ref name="guardian-nsa-target" /> and more successfully by
>>
>> the British [[National Crime Agency]] in its Operation
>> Notarise.<ref>{{cite web |last1=Boiten |first1=Eerke
>>
>> |last2=Hernandez-Castro |first2=Julio |date=28 July 2014 |title=Can
>> you really be identified on Tor or is that just what the cops want you
>> to believe? |url=http://phys.org/news/2014-07-tor-cops.html
>> |website=Phys.org |access-date=31 July 2014 |archive-date=1 February
>> 2019
>> |archive-url=https://web.archive.org/web/20190201224220/https://phys.org/news/2014-07-tor-cops.html
>> |url-status=live }}</ref> At the same time, GCHQ has been using a tool
>>
>> named "Shadowcat" for "end-to-end encrypted access to VPS over SSH
>> using the Tor network".<ref>{{cite web |date=14 July 2014 |title=JTRIG
>>
>> Tools and Techniques
>> |url=https://firstlook.org/theintercept/document/2014/07/14/jtrig-tools-techniques/
>> |website=[[The Intercept]] |access-date=14 July 2014 |archive-date=14
>> July 2014
>> |archive-url=https://web.archive.org/web/20140714224430/https://firstlook.org/theintercept/document/2014/07/14/jtrig-tools-techniques/
>> |url-status=live }}</ref><ref>{{cite web |date=5 July 2012
>>
>> |title=Document from an internal GCHQ wiki lists tools and techniques
>> developed by the Joint Threat Research Intelligence Group
>> |url=https://www.documentcloud.org/documents/1217406-jtrigall.html#document/p4gz
>> |access-date=30 July 2014 |website=documentcoud.org |archive-date=8
>> August 2014
>> |archive-url=https://web.archive.org/web/20140808040612/https://www.documentcloud.org/documents/1217406-jtrigall.html#document/p4gz
>> |url-status=live }}</ref> Tor can be used for anonymous defamation,
>>
>> unauthorized [[news leak]]s of sensitive information, [[copyright
>> infringement]], distribution of illegal sexual content,<ref
>> name="bbr-cleaning-up" /><ref name="jones-forensics" /><ref
>>
>> name="gawker-kiddie-porn" /> selling [[controlled substance]]s,<ref
>>
>> name="gawker-any-drug" /> weapons, and stolen credit card
>>
>> numbers,<ref>{{Cite news |last=Steinberg |first=Joseph |date=8 January
>>
>> 2015 |title=How Your Teenage Son or Daughter May Be Buying Heroin
>> Online |work=Forbes
>> |url=https://www.forbes.com/sites/josephsteinberg/2015/01/08/how-your-children-can-buy-illegal-drugs-online/
>> |access-date=6 February 2015 |archive-date=10 February 2015
>> |archive-url=https://web.archive.org/web/20150210015157/http://www.forbes.com/sites/josephsteinberg/2015/01/08/how-your-children-can-buy-illegal-drugs-online/
>> |url-status=live }}</ref> [[money laundering]],<ref
>>
>> name="ars-feds-narcotics" /> bank fraud,<ref>{{cite web |date=5
>>
>> December 2014 |title=Treasury Dept: Tor a Big Source of Bank Fraud
>> |url=http://krebsonsecurity.com/2014/12/treasury-dept-tor-a-big-source-of-bank-fraud/
>> |website=Krebs on Security |access-date=7 December 2014
>> |archive-date=3 February 2019
>> |archive-url=https://web.archive.org/web/20190203162229/https://krebsonsecurity.com/2014/12/treasury-dept-tor-a-big-source-of-bank-fraud/
>> |url-status=live }}</ref> [[credit card fraud]], [[identity theft]]
>>
>> and the exchange of [[counterfeit currency]];<ref>{{cite web
>>
>> |last=Farivar |first=Cyrus |date=3 April 2015 |title=How a $3.85 latte
>> paid for with a fake $100 bill led to counterfeit kingpin's downfall
>> |url=https://arstechnica.com/tech-policy/2015/04/how-a-3-85-latte-paid-for-with-a-fake-100-bill-lead-to-counterfeit-kingpins-downfall/
>> |access-date=19 April 2015 |website=Ars Technica |archive-date=18
>> April 2015
>> |archive-url=https://web.archive.org/web/20150418023540/http://arstechnica.com/tech-policy/2015/04/how-a-3-85-latte-paid-for-with-a-fake-100-bill-lead-to-counterfeit-kingpins-downfall/
>> |url-status=live }}</ref> the [[black market]] utilizes the Tor
>>
>> infrastructure, at least in part, in conjunction with Bitcoin.<ref
>> name="cso-black-market" /> It has also been used to brick [[Internet
>>
>> of things|IoT]] devices.<ref name="BrickerBot">{{cite web
>>
>> |last=Cimpanu |first=Catalin |date=6 April 2017 |title=New Malware
>> Intentionally Bricks IoT Devices
>> |url=https://www.bleepingcomputer.com/news/security/new-malware-intentionally-bricks-iot-devices/
>> |website=BleepingComputer |access-date=7 April 2017 |archive-date=19
>> February 2019
>> |archive-url=https://web.archive.org/web/20190219020834/https://www.bleepingcomputer.com/news/security/new-malware-intentionally-bricks-iot-devices/
>> |url-status=live }}</ref>
>>
>>
>> In its complaint against [[Ross William Ulbricht]] of [[Silk Road
>> (marketplace)|Silk Road]], the US [[Federal Bureau of Investigation]]
>> acknowledged that Tor has "known legitimate uses".<ref
>> name="compaint-ulbricht" /><ref name="eff-silk-road" /> According to
>>
>> [[CNET]], Tor's anonymity function is "endorsed by the [[Electronic
>> Frontier Foundation]] (EFF) and other civil liberties groups as a
>> method for [[whistleblower]]s and human rights workers to communicate
>> with journalists".<ref name="cnet-arrested" /> EFF's Surveillance
>>
>> Self-Defense guide includes a description of where Tor fits in a
>> larger strategy for protecting privacy and anonymity.<ref
>> name="eff-ssd-tor" />
>>
>>
>> In 2014, the EFF's [[Eva Galperin]] told ''[[Businessweek]]'' that
>> "Tor's biggest problem is press. No one hears about that time someone
>> wasn't [[stalking|stalked]] by their abuser. They hear how somebody
>> got away with downloading child porn."<ref name="thecable" />
>>
>>
>> The Tor Project states that Tor users include "normal people" who wish
>> to keep their Internet activities private from websites and
>> advertisers, people concerned about cyber-spying, and users who are
>> evading censorship such as activists, journalists, and military
>> professionals. {{As of |2013|11|}}, Tor had about four million
>> users.<ref>{{Cite news |last=Dredge |first=Stuart |date=5 November
>>
>> 2013 |title=What is Tor? A beginner's guide to the privacy tool
>> |work=[[The Guardian]]
>> |url=https://www.theguardian.com/technology/2013/nov/05/tor-beginners-guide-nsa-browser
>> |access-date=30 August 2014 |archive-date=15 August 2014
>> |archive-url=https://web.archive.org/web/20140815233728/http://www.theguardian.com/technology/2013/nov/05/tor-beginners-guide-nsa-browser
>> |url-status=live }}</ref> According to the ''Wall Street Journal'', in
>>
>> 2012 about 14% of Tor's traffic connected from the United States, with
>> people in "Internet-censoring countries" as its second-largest user
>> base.<ref>{{Cite news |last=Fowler |first=Geoffrey A. |date=17
>>
>> December 2012 |title=Tor: An Anonymous, And Controversial, Way to
>> Web-Surf |work=The Wall Street Journal
>> |url=https://online.wsj.com/news/articles/SB10001424127887324677204578185382377144280
>> |access-date=30 August 2014 |archive-date=19 February 2014
>> |archive-url=https://web.archive.org/web/20140219235003/http://online.wsj.com/news/articles/SB10001424127887324677204578185382377144280
>> |url-status=live }}</ref> Tor is increasingly used by victims of
>>
>> [[domestic violence]] and the [[social worker]]s and agencies that
>> assist them, even though shelter workers may or may not have had
>> professional training on cyber-security matters.<ref name="Where
>> Domestic Violence and Cybersecurity Intersect">{{cite web |last=Tveten
>>
>> |first=Julianne |date=12 April 2017 |title=Where Domestic Violence and
>> Cybersecurity Intersect
>> |url=https://rewire.news/article/2017/04/12/domestic-violence-cybersecurity-intersect/
>> |access-date=9 August 2017 |website=Rewire |archive-date=10 August
>> 2017
>> |archive-url=https://web.archive.org/web/20170810052253/https://rewire.news/article/2017/04/12/domestic-violence-cybersecurity-intersect/
>> |url-status=live }}</ref> Properly deployed, however, it precludes
>>
>> digital stalking, which has increased due to the prevalence of digital
>> media in contemporary [[online]] life.<ref
>> name="boston-domestic-abuse" /> Along with [[SecureDrop]], Tor is used
>>
>> by news organizations such as ''[[The Guardian]]'', ''[[The New
>> Yorker]]'', [[ProPublica]] and ''[[The Intercept]]'' to protect the
>> privacy of whistleblowers.<ref>{{Cite news |last=Ellis |first=Justin
>>
>> |date=5 June 2014 |title=The Guardian introduces SecureDrop for
>> document leaks |work=Nieman Journalism Lab
>> |url=http://www.niemanlab.org/2014/06/the-guardian-introduces-securedrop-for-document-leaks/
>> |access-date=30 August 2014 |archive-date=17 August 2014
>> |archive-url=https://web.archive.org/web/20140817181552/http://www.niemanlab.org/2014/06/the-guardian-introduces-securedrop-for-document-leaks/
>> |url-status=live }}</ref>
>>
>>
>> In March 2015, the [[Parliamentary Office of Science and Technology]]
>> released a briefing which stated that "There is widespread agreement
>> that banning online anonymity systems altogether is not seen as an
>> acceptable policy option in the U.K." and that "Even if it were, there
>> would be technical challenges." The report further noted that Tor
>> "plays only a minor role in the online viewing and distribution of
>> indecent images of children" (due in part to its inherent latency);
>> its usage by the [[Internet Watch Foundation]], the utility of its
>> onion services for [[whistleblower]]s, and its circumvention of the
>> [[Great Firewall]] of China were touted.<ref name="The Daily
>> Dot">{{cite web |last=O'Neill |first=Patrick Howell |date=9 March 2015
>>
>> |title=U.K. Parliament says banning Tor is unacceptable and impossible
>> |url=http://www.dailydot.com/politics/uk-briefing-tor-child-abuse-minor-role/
>> |access-date=19 April 2015 |website=The Daily Dot |archive-date=2
>> April 2015
>> |archive-url=https://web.archive.org/web/20150402091025/http://www.dailydot.com/politics/uk-briefing-tor-child-abuse-minor-role/
>> |url-status=live }}</ref>
>>
>>
>> Tor's executive director, Andrew Lewman, also said in August 2014 that
>> agents of the NSA and the GCHQ have anonymously provided Tor with bug
>> reports.<ref>{{Cite news |last=Kelion |first=Leo |date=22 August 2014
>>
>> |title=NSA and GCHQ agents 'leak Tor bugs', alleges developer
>> |work=BBC News |url=https://www.bbc.com/news/technology-28886462
>> |access-date=21 July 2018 |archive-date=2 February 2019
>> |archive-url=https://web.archive.org/web/20190202041855/https://www.bbc.com/news/technology-28886462
>> |url-status=live }}</ref>
>>
>>
>> The Tor Project's FAQ offers supporting reasons for the EFF's
>> endorsement:
>>
>> {{blockquote|Criminals can already do bad things. Since they're
>> willing to break laws, they already have lots of options available
>> that provide better privacy than Tor provides...
>>
>> Tor aims to provide protection for ordinary people who want to follow
>> the law. Only criminals have privacy right now, and we need to fix
>> that...
>>
>> So yes, criminals could in theory use Tor, but they already have
>> better options, and it seems unlikely that taking Tor away from the
>> world will stop them from doing their bad things. At the same time,
>> Tor and other privacy measures can fight identity theft, physical
>> crimes like stalking, and so on.|source=Tor Project FAQ<ref
>> name="torproject-faq-abuse" />}}
>>
>>
>> ==Operation==
>> {{Multiple image
>> | image1 = How Tor Works 2.svg
>> | caption1 = [[Infographic]] about how Tor works, by
>> [[Electronic Frontier Foundation|EFF]]
>> }}
>>
>> Tor aims to conceal its users' identities and their online activity
>> from surveillance and traffic analysis by separating identification
>> and routing. It is an implementation of [[onion routing]], which
>> encrypts and then randomly bounces communications through a network of
>> relays run by volunteers around the globe. These onion routers employ
>> [[encryption]] in a multi-layered manner (hence the onion metaphor) to
>> ensure [[perfect forward secrecy]] between relays, thereby providing
>> users with anonymity in a network location. That anonymity extends to
>> the hosting of censorship-resistant content by Tor's anonymous onion
>> service feature.<ref name="usenix-design" /> Furthermore, by keeping
>>
>> some of the entry relays (bridge relays) secret, users can evade
>> [[Internet censorship]] that relies upon blocking public Tor
>> relays.<ref name="torproject-bridges" />
>>
>>
>> Because the [[IP address]] of the sender and the recipient are not
>> ''both'' in [[cleartext]] at any hop along the way, anyone
>> eavesdropping at any point along the communication channel cannot
>> directly identify both ends. Furthermore, to the recipient, it appears
>> that the last Tor [[Node (networking)|node]] (called the exit node),
>> rather than the sender, is the originator of the communication.
>>
>> ===Originating traffic===
>> [[File:EtherApeTorScreenShot.png|thumb|A visual depiction of the
>> traffic between some Tor relay [[Node (networking)|nodes]] from the
>> open-source packet sniffing program [[EtherApe]]]]
>>
>> A Tor user's [[SOCKS]]-aware applications can be configured to direct
>> their network traffic through a Tor instance's SOCKS interface, which
>> is listening on TCP port 9050 (for standalone Tor) or 9150 (for Tor
>> Browser bundle) at [[localhost]].<ref>{{cite web |title=TorPCAP – Tor
>>
>> Network Forensics
>> |url=https://www.netresec.com/?page=Blog&month=2018-12&post=TorPCAP---Tor-Network-Forensics
>> |access-date=12 December 2018 |website=Netresec |date = 12 December
>> 2018|archive-date=12 December 2018
>> |archive-url=https://web.archive.org/web/20181212201750/https://www.netresec.com/?page=Blog&month=2018-12&post=TorPCAP---Tor-Network-Forensics
>> |url-status=live }}</ref> Tor periodically creates virtual circuits
>>
>> through the Tor network through which it can
>> [[multiplexing|multiplex]] and onion-route that traffic to its
>> destination. Once inside a Tor network, the traffic is sent from
>> router to router along the circuit, ultimately reaching an exit node
>> at which point the [[cleartext]] packet is available and is forwarded
>> on to its original destination. Viewed from the destination, the
>> traffic appears to originate at the Tor exit node.
>>
>> [[File:Tor-non-exit-relay-bandwidth-usage.jpg|thumb|A Tor non-exit
>> relay with a maximum output of 239.69 kbit/s]]
>>
>> Tor's application independence sets it apart from most other anonymity
>> networks: it works at the [[Transmission Control Protocol]] (TCP)
>> stream level. Applications whose traffic is commonly anonymized using
>> Tor include [[Internet Relay Chat]] (IRC), [[instant messaging]], and
>> [[World Wide Web]] browsing.
>>
>> {{Anchor|Hidden services}}
>>
>> ===Onion services===
>> {{See also|List of Tor onion services}}
>> {{Further|Dark web}}
>>
>> Tor can also provide anonymity to websites and other servers. Servers
>> configured to receive inbound connections only through Tor are called
>> '''onion services''' (formerly, '''hidden services''').<ref>{{cite web
>>
>> |last=Winter |first=Philipp |title=How Do Tor Users Interact With
>> Onion Services?
>> |url=https://nymity.ch/onion-services/pdf/sec18-onion-services.pdf
>> |access-date=27 December 2018 |archive-date=28 December 2018
>> |archive-url=https://web.archive.org/web/20181228035314/https://nymity.ch/onion-services/pdf/sec18-onion-services.pdf
>> |url-status=live }}</ref> Rather than revealing a server's IP address
>>
>> (and thus its network location), an onion service is accessed through
>> its [[.onion|onion address]], usually via the [[#Tor Browser|Tor
>> Browser]]. The Tor network understands these addresses by looking up
>> their corresponding [[public key]]s and ''introduction points'' from a
>> [[distributed hash table]] within the network. It can route data to
>> and from onion services, even those hosted behind [[firewall
>> (computing)|firewalls]] or [[network address translator]]s (NAT),
>> while preserving the anonymity of both parties. Tor is necessary to
>> access these onion services.<ref name="torproject-conf-hidden" />
>>
>>
>> Onion services were first specified in 2003<ref>{{cite web
>>
>> |last=Mathewson |first=Nick |title=Add first draft of rendezvous point
>> document
>> |url=https://gitweb.torproject.org/tor.git/commit/?id=3d538f6d702937c23bec33b3bdd62ff9fba9d2a3
>> |access-date=23 September 2016 |website=Tor Source Code
>> |archive-date=15 November 2018
>> |archive-url=https://web.archive.org/web/20181115205018/https://gitweb.torproject.org/tor.git/commit/?id=3d538f6d702937c23bec33b3bdd62ff9fba9d2a3
>> |url-status=live }}</ref> and have been deployed on the Tor network
>>
>> since 2004.<ref name="or-locating" /> Other than the database that
>>
>> stores the onion service descriptors,<ref name="torproject-hidden" />
>>
>> Tor is decentralized by design; there is no direct readable list of
>> all onion services, although a number of onion services catalog
>> publicly known onion addresses.{{Citation needed|date=April 2022}}
>>
>> Because onion services route their traffic entirely through the Tor
>> network, connection to an onion service is encrypted end-to-end and
>> not subject to eavesdropping. There are, however, security issues
>> involving Tor onion services. For example, services that are reachable
>> through Tor onion services ''and'' the public Internet are susceptible
>> to correlation attacks and thus not perfectly hidden. Other pitfalls
>> include misconfigured services (e.g. identifying information included
>> by default in web server error responses), uptime and downtime
>> statistics, intersection attacks, and user error.<ref
>> name="torproject-hidden" /><ref name="register-embassy-passwd" /> The
>>
>> [[open-source software|open source]] OnionScan program, written by
>> independent security researcher [[Sarah Jamie Lewis]], comprehensively
>> examines onion services for numerous flaws and vulnerabilities.<ref
>> name="OnionScan">{{cite web |last=Cox |first=Joseph |date=6 April 2016
>>
>> |title=A Tool to Check If Your Dark Web Site Really Is Anonymous:
>> 'OnionScan' will probe dark web sites for security weaknesses
>> |url=https://motherboard.vice.com/en_us/article/kb7bg3/onionscan-checks-if-your-dark-web-site-really-is-anonymous
>> |access-date=7 July 2017 |website=Motherboard |archive-date=16 August
>> 2017
>> |archive-url=https://web.archive.org/web/20170816012653/https://motherboard.vice.com/en_us/article/kb7bg3/onionscan-checks-if-your-dark-web-site-really-is-anonymous
>> |url-status=live }}</ref> (Lewis has also pioneered the field of
>>
>> "Onion Dildonics", [[sex toy]]s which make use of Tor through the
>> [[Ricochet (software)|Ricochet]] protocol)<ref name="Onion
>> Dildonics">{{Cite magazine |last=Burgess |first=Matt |date=3 February
>>
>> 2018 |title=Smart Dildos and Vibrators Keep Getting Hacked – But Tor
>> Could Be the Answer to Safer Connected Sex
>> |url=https://www.wired.co.uk/article/sex-toy-bluetooth-hacks-security-fix
>> |magazine=Wired UK |access-date=9 February 2018 |archive-date=9
>> February 2018
>> |archive-url=https://web.archive.org/web/20180209182430/https://www.wired.co.uk/article/sex-toy-bluetooth-hacks-security-fix
>> |url-status=live }}</ref>
>>
>>
>> Onion services can also be accessed from a standard web browser
>> without [[client-side]] connection to the Tor network, using services
>> like [[Tor2web]].<ref>{{Cite magazine |last=Zetter |first=Kim |date=12
>>
>> December 2008 |title=New Service Makes Tor Anonymized Content
>> Available to All
>> |url=https://www.wired.com/threatlevel/2008/12/tor-anonymized/
>> |magazine=Wired |access-date=22 February 2014 |archive-date=18 March
>> 2014
>> |archive-url=https://web.archive.org/web/20140318042302/http://www.wired.com/threatlevel/2008/12/tor-anonymized/
>> |url-status=live }}</ref> Popular sources of [[.onion]] links include
>>
>> [[Pastebin.com|Pastebin]], [[Twitter]], [[Reddit]], and other
>> [[Internet forum]]s.<ref>{{Cite news |last=Koebler |first=Jason
>>
>> |date=23 February 2015 |title=The Closest Thing to a Map of the Dark
>> Net: Pastebin |work=Motherboard
>> |url=http://motherboard.vice.com/read/the-closest-thing-to-a-map-of-the-dark-net-pastebin
>> |access-date=14 July 2015 |archive-date=22 December 2016
>> |archive-url=https://web.archive.org/web/20161222205738/http://motherboard.vice.com/read/the-closest-thing-to-a-map-of-the-dark-net-pastebin
>> |url-status=live }}</ref>
>>
>>
>> ===Nyx status monitor===
>> Nyx (formerly ARM) is a [[Command-line interface|command-line]] status
>> monitor written in [[Python (programming language)|Python]] for
>> Tor.<ref>{{cite web |title=Nyx |url=https://nyx.torproject.org/
>>
>> |website=nyx.torproject.org |language=en |access-date=19 June 2018
>> |archive-date=26 January 2019
>> |archive-url=https://web.archive.org/web/20190126070143/https://nyx.torproject.org/
>> |url-status=live }}</ref><ref>{{cite web |title=Ubuntu Manpage: arm –
>>
>> Terminal Tor status monitor
>> |url=http://manpages.ubuntu.com/manpages/precise/man1/arm.1.html
>> |website=Ubuntu.com |access-date=20 April 2015 |archive-date=20 June
>> 2018
>> |archive-url=https://web.archive.org/web/20180620002955/http://manpages.ubuntu.com/manpages/precise/man1/arm.1.html
>> |url-status=live }}</ref> This functions much like [[Top
>>
>> (software)|top]] does for system usage, providing real time statistics
>> for:
>>
>> * resource usage (bandwidth, CPU, and memory usage)
>> * general relaying information (nickname, fingerprint, flags,
>> or/dir/controlports)
>> * event log with optional [[Regular expression|regex]] filtering and
>> [[Data deduplication|deduplication]]
>> * connections correlated against Tor's consensus data (IP address,
>> connection types, relay details, etc.)
>> * torrc configuration file with [[syntax highlighting]] and validation
>>
>> Most of Nyx's attributes are configurable through an optional
>> [[configuration file]]. It runs on any platform supported by [[Curses
>> (programming library)|curses]] including [[Linux]], [[macOS]], and
>> other [[Unix-like]] variants.
>>
>> The project began in the summer of 2009,<ref name="arm introductory
>> blog posting">{{cite web |title=Summer Conclusion (ARM Project)
>>
>> |url=https://blog.torproject.org/blog/summer-conclusion-arm-project
>> |access-date=19 April 2015 |website=torproject.org |archive-date=20
>> April 2015
>> |archive-url=https://web.archive.org/web/20150420152618/https://blog.torproject.org/blog/summer-conclusion-arm-project
>> |url-status=live }}</ref><ref name="arm interview">{{cite web
>>
>> |title=Interview with Damien Johnson by Brenno Winter
>> |url=https://www.atagar.com/arm/resources/HFM_INT_0001.mp3
>> |url-status=dead
>> |archive-url=https://web.archive.org/web/20141004085010/https://www.atagar.com/arm/resources/HFM_INT_0001.mp3
>> |archive-date=4 October 2014 |access-date=4 June 2016
>> |website=atagar.com}}</ref> and since 18 July 2010 it has been an
>>
>> official part of the Tor Project. It is [[free software]], available
>> under the [[GNU General Public License]].<ref name=license/>
>>
>>
>> ==Weaknesses==
>> {{Update|section|date=September 2020}}
>> Like all current [[latency (engineering)|low-latency]] [[anonymity
>> network]]s, Tor cannot and does not attempt to protect against
>> monitoring of traffic at the boundaries of the Tor network (i.e., the
>> traffic entering and exiting the network). While Tor does provide
>> protection against [[traffic analysis]], it cannot prevent traffic
>> confirmation (also called ''end-to-end correlation'').<ref
>> name="torproject-one-cell" /><ref name="torproject-fail-both-ends" />
>>
>>
>> A 2009 study{{By whom|date=April 2022}} revealed that Tor and the
>> alternative network system [[Java Anon Proxy|JonDonym]] (Java Anon
>> Proxy, JAP) are considered more resilient to website fingerprinting
>> techniques than other [[tunneling protocol]]s.<ref>{{Cite journal
>>
>> |last=Herrmann |first=Dominik |last2=Wendolsky |first2=Rolf
>> |last3=Federrath |first3=Hannes |date=2009 |title=Website
>> fingerprinting |url=http://dx.doi.org/10.1145/1655008.1655013
>> |journal=Proceedings of the 2009 ACM workshop on Cloud computing
>> security - CCSW '09 |location=New York, New York, USA |publisher=ACM
>> Press |doi=10.1145/1655008.1655013}}</ref>
>>
>>
>> The reason for this is that conventional single-hop [[VPN]] protocols
>> do not need to reconstruct packet data nearly as much as a multi-hop
>> service like Tor or JonDonym. Website fingerprinting yielded greater
>> than 90% accuracy for identifying [[HTTP]] packets on conventional VPN
>> protocols versus Tor which yielded only 2.96% accuracy. However, some
>> protocols like [[OpenSSH]] and [[OpenVPN]] required a large amount of
>> data before HTTP packets were identified.<ref name="ccsw-attacking" />
>>
>>
>> Researchers from the [[University of Michigan]] developed a network
>> scanner allowing identification of 86% of live Tor "bridges" with a
>> single scan.<ref name="twe-zmap"/>
>>
>>
>> ===Consensus blocking===
>> Like many decentralized systems, Tor relies on a [[consensus (computer
>> science)|consensus mechanism]] to periodically update its current
>> operating parameters, which for Tor are network parameters like which
>> nodes are good/bad relays, exits, guards, and how much traffic each
>> can handle. Tor's architecture for deciding the consensus relies on a
>> small number of directory authority nodes voting on current network
>> parameters. Currently, there are ten directory authority nodes, and
>> their health is publicly monitored.<ref>{{cite
>>
>> web|url=https://consensus-health.torproject.org/ |title=Consensus
>> health |publisher=Consensus-health.torproject.org |date=
>> |access-date=2022-03-15}}</ref> The IP addresses of the authority
>>
>> nodes are [[hard coded]] into each Tor client. The authority nodes
>> vote every hour to update the consensus, and clients download the most
>> recent consensus on startup.<ref>{{cite web |title=Getting Started
>>
>> with Tor Development |author=George Tankersley |date=2017-10-04
>> |url=https://blog.gtank.cc/tor-dev-101/ |access-date=16 January 2021
>> |archive-date=22 January 2021
>> |archive-url=https://web.archive.org/web/20210122001011/https://blog.gtank.cc/tor-dev-101/
>> |url-status=live }}</ref><ref>{{cite web
>>
>> |url=https://blog.torproject.org/introducing-bastet-our-new-directory-authority
>> |title=Introducing Bastet, Our New Directory Authority |author=tommy
>> |date=2017-11-02 |publisher=[[The Tor Project]] |access-date=16
>> January 2021 |archive-date=25 November 2020
>> |archive-url=https://web.archive.org/web/20201125230425/https://blog.torproject.org/introducing-bastet-our-new-directory-authority
>> |url-status=live }}</ref><ref>{{cite web |title=10 years of collecting
>>
>> Tor directory data |author=Karsten Loesing |date=2014-05-15
>> |url=https://blog.torproject.org/10-years-collecting-tor-directory-data
>> |publisher=[[The Tor Project]] |access-date=16 January 2021
>> |archive-date=20 June 2020
>> |archive-url=https://web.archive.org/web/20200620160219/https://blog.torproject.org/10-years-collecting-tor-directory-data
>> |url-status=live }}</ref> A network congestion attack, such as a
>>
>> [[DDoS]], can prevent the consensus nodes from communicating and thus
>> prevent voting to update the consensus.{{Citation needed|date=April
>> 2022}}
>>
>> ===Eavesdropping===
>>
>> ==== Autonomous system (AS) eavesdropping ====
>> If the same [[Autonomous system (Internet)|autonomous system]] (AS),
>> responsible for routing packets at least partly, is present on both
>> path segments from a client to entry relay and from exit relay to
>> destination, such an AS can statistically correlate traffic on the
>> entry and exit segments of the path (i.e. traffic confirmation) and
>> potentially infer the destination with which the client communicated.
>> In 2012, LASTor proposed a method to predict a set of potential ASes
>> on these two segments and then avoid choosing this path during the
>> path selection algorithm on the client side. In this paper, they also
>> improve latency by choosing shorter geographical paths between a
>> client and destination.<ref name="LASTor-2012" />
>>
>>
>> ==== Exit node eavesdropping ====
>> In September 2007, Dan Egerstad, a Swedish security consultant,
>> revealed he had intercepted usernames and passwords for email accounts
>> by operating and monitoring Tor exit nodes.<ref
>> name="wired-rogue-nodes" /> As Tor cannot encrypt the traffic between
>>
>> an exit node and the target server, any exit node is in a position to
>> capture traffic passing through it that does not use [[end-to-end
>> encryption]] such as [[Secure Sockets Layer]] (SSL) or [[Transport
>> Layer Security]] (TLS). While this may not inherently breach the
>> anonymity of the source, traffic intercepted in this way by malicious
>> Tor exit nodes operators can expose information about the source in
>> either or both of payload and protocol data.<ref name="sf-tor-hack" />
>>
>> Furthermore, Egerstad is circumspect about the possible subversion of
>> Tor by intelligence agencies:<ref name="smh-hack-of-year" /><!-- Does
>>
>> it still makes sense to list this? This could have been the case 15
>> years ago, but as of 2022, VPS can be rented very cheaply and support
>> high-speed traffic. -IrrationalBeing -->
>>
>>
>> {{blockquote|If you actually look into where these Tor nodes are
>> hosted and how big they are, some of these nodes cost thousands of
>> dollars each month just to host because they're using lots of
>> bandwidth, they're heavy-duty servers and so on. Who would pay for
>> this and be anonymous?}}
>>
>> In October 2019, a Tor researcher revealed that since at least 2017,
>> there were hundreds of highly suspicious entry, relay, and exit nodes,
>> run by an unknown group, in an unprecedented scale.<ref
>> name=":2">{{cite web|title=Someone Is Running Hundreds of Malicious
>>
>> Servers on the Tor Network and Might Be De-Anonymizing Users
>> |url=https://gizmodo.com/someone-is-running-hundreds-of-malicious-servers-on-the-1848156630
>> |access-date=2021-12-05|website=Gizmodo |date=3 December 2021
>> |language=en-us}}</ref><ref name=":3">{{cite
>>
>> web|date=2021-12-03|title=A mysterious threat actor is running
>> hundreds of malicious Tor relays
>> |url=https://therecord.media/a-mysterious-threat-actor-is-running-hundreds-of-malicious-tor-relays/
>> |access-date=2021-12-05|website=The Record by Recorded
>> Future|language=en}}</ref><ref>{{cite web|date=2021-05-10|title=Over
>>
>> 25% Of Tor Exit Relays Spied On Users' Dark Web Activities
>> |url=https://thehackernews.com/2021/05/over-25-of-tor-exit-relays-are-spying.html
>> |access-date=2021-12-05 |website=The Hacker News |language=en}}</ref>
>>
>> It was alleged that this number of servers could pose the risk of a
>> [[sybil attack]] as it could map Tor users' routes inside the network,
>> increasing risk of deanonymization.<ref>{{cite web | last1 = Paganini
>>
>> | first1 = Pierluigi | date = 2021-12-03 | title = KAX17 threat actor
>> is attempting to deanonymize Tor users running thousands of rogue
>> relays | url =
>> https://cybersecurityworldconference.com/2021/12/03/kax17-threat-actor-is-attempting-to-deanonymize-tor-users-running-thousands-of-rogue-relays/
>> | publisher = cybersecurityworldconference.com | archiveurl =
>> https://web.archive.org/web/20210623001008/https://cybersecurityworldconference.com/category/cyber-security/
>> | archivedate = 2021-06-23 | url-status = live }}</ref><ref name=":2"
>>
>> /><ref name=":3" /> At some point there were about 900 nodes running
>>
>> and by November 2021 about 600 of them were purged.<ref>{{cite web
>>
>> |last=Koppen |first=Georg |date=9 November 2021|title=[tor-relays]
>> Recent rejection of relays
>> |url=https://lists.torproject.org/pipermail/tor-relays/2021-November/019980.html
>> |access-date=2021-12-05}}</ref><ref name=":2" /><ref name=":3" />
>>
>> Although described as being a deanonymization attempt, the motives and
>> the achievements of this possibly on-going event are still
>> unknown.<ref name=":2" /><ref name=":3" />
>>
>>
>> ==== Internal communication attack ====
>> In October 2011, a research team from [[ESIEA (university)|ESIEA]]
>> claimed to have discovered a way to compromise the Tor network by
>> decrypting communication passing over it.<ref name="thn-compromised"
>> /><ref name="01-chercheurs" /> The technique they describe requires
>>
>> creating a map of Tor network nodes, controlling one-third of them,
>> and then acquiring their encryption [[Key (cryptography)|keys]] and
>> algorithm [[Random seed|seeds]]. Then, using these known keys and
>> seeds, they claim the ability to decrypt two encryption layers out of
>> three. They claim to break the third key by a statistical attack. In
>> order to redirect Tor traffic to the nodes they controlled, they used
>> a [[denial-of-service]] attack. A response to this claim has been
>> published on the official Tor Blog stating these rumors of Tor's
>> compromise are greatly exaggerated.<ref
>> name="torproject-rumors-exaggerated" />
>>
>>
>> ===Traffic-analysis attack===
>> There are two methods of traffic-analysis attack, passive and active.
>> In the passive traffic-analysis method, the attacker extracts features
>> from the traffic of a specific flow on one side of the network and
>> looks for those features on the other side of the network. In the
>> active traffic-analysis method, the attacker alters the timings of the
>> packets of a flow according to a specific pattern and looks for that
>> pattern on the other side of the network; therefore, the attacker can
>> link the flows in one side to the other side of the network and break
>> the anonymity of it.{{Failed verification | date = August 2022 |
>> reason = The reference doesn't generally talk about active and passive
>> analysis. It suggests 2 active analyses that match this description,
>> but didn't say this is the only way active analysis can be done like
>> this sentence does. It's questionable that this description is
>> comprehensively right; see relay early traffic confirmation which is
>> an active analysis.}}<ref name=":0">{{cite conference | last1=Soltani
>>
>> | first1=Ramin | last2=Goeckel | first2=Dennis | last3=Towsley |
>> first3=Don | last4=Houmansadr | first4=Amir | title=2017 51st Asilomar
>> Conference on Signals, Systems, and Computers | chapter=Towards
>> provably invisible network flow fingerprints | publisher=IEEE | date =
>> 2017-11-27 | isbn = 978-1-5386-1823-3 | pages = 258–262 | arxiv =
>> 1711.10079 | doi = 10.1109/ACSSC.2017.8335179 | s2cid = 4943955 |
>> chapter-url = https://arxiv.org/pdf/1711.10079.pdf | archiveurl =
>> https://web.archive.org/web/20220505002059/https://arxiv.org/pdf/1711.10079.pdf
>> | archivedate = 2022-05-05 | url-status = live}}</ref> It is shown
>>
>> that, although timing noise is added to the packets, there are active
>> traffic analysis methods that are robust against such a noise.{{Verify
>> source | date = August 2022}}<!-- It is not obvious whether the source
>> implies this or not. The source just says that you can vary timings
>> of transmission to encode information in a network with transmission
>> modeled by Poisson process.--><ref name=":0" />
>>
>>
>> [[Steven Murdoch]] and George Danezis from [[University of Cambridge]]
>> presented an article at the 2005 [[Institute of Electrical and
>> Electronics Engineers|IEEE]] [[Symposium]] on security and privacy on
>> traffic-analysis techniques that allow adversaries with only a partial
>> view of the network to infer which nodes are being used to relay the
>> anonymous streams.<ref name="ieee-low-cost" /> These techniques
>>
>> greatly reduce the anonymity provided by Tor. Murdoch and Danezis have
>> also shown that otherwise unrelated streams can be linked back to the
>> same initiator. This attack, however, fails to reveal the identity of
>> the original user.<ref name="ieee-low-cost" /> Murdoch has been
>>
>> working with and has been funded by Tor since 2006.{{Citation
>> needed|date=April 2022}}
>>
>> ===Tor exit node block===
>> Operators of Internet sites have the ability to prevent traffic from
>> Tor exit nodes or to offer reduced functionality for Tor users. For
>> example, it is not generally possible to edit [[Wikipedia]] when using
>> Tor or when using an IP address also used by a Tor exit node. The
>> [[BBC]] blocks the IP addresses of all known Tor exit nodes from its
>> [[iPlayer]] service, although non-exit relays and bridges are not
>> blocked.<ref>{{cite web |title=BBC iPlayer Help – Why does BBC iPlayer
>>
>> think I'm outside the UK?
>> |url=https://www.bbc.co.uk/iplayer/help/troubleshooting/tv-games-consoles/in_the_uk_message
>> |url-status=dead
>> |archive-url=https://web.archive.org/web/20171228212137/https://www.bbc.co.uk/iplayer/help/troubleshooting/tv-games-consoles/in_the_uk_message
>> |archive-date=28 December 2017 |access-date=10 September 2017
>> |website=BBC |language=en-GB}}</ref>
>>
>>
>> ===Bad apple attack===
>> In March 2011, researchers with the Rocquencourt [[French Institute
>> for Research in Computer Science and Automation]] (''Institut national
>> de recherche en informatique et en automatique'', INRIA), documented
>> an attack that is capable of revealing the IP addresses of
>> [[BitTorrent]] users on the Tor network. The "bad apple attack"
>> exploits Tor's design and takes advantage of insecure application used
>> to associate the simultaneous use of a secure application with the IP
>> address of the Tor user in question. One method of attack depends on
>> control of an exit node or hijacking tracker responses, while a
>> secondary attack method is based in part on the statistical
>> exploitation of [[distributed hash table]] tracking.<ref
>> name="usenix-bad-apple" /> According to the study:<ref
>>
>> name="usenix-bad-apple" />
>>
>>
>> The results presented in the bad apple attack research paper are based
>> on an attack launched against the Tor network by the authors of the
>> study. The attack targeted six exit nodes, lasted for twenty-three
>> days, and revealed a total of 10,000 IP addresses of active Tor users.
>> This study is significant because it is the first documented attack
>> designed to target [[Peer-to-peer|P2P]] file-sharing applications on
>> Tor.<ref name="usenix-bad-apple" /> BitTorrent may generate as much as
>>
>> 40% of all traffic on Tor.<ref name="shining-light" /> Furthermore,
>>
>> the bad apple attack is effective against insecure use of any
>> application over Tor, not just BitTorrent.<ref name="usenix-bad-apple"
>> />
>>
>>
>> ===Some protocols exposing IP addresses===
>> {{Duplication|date=August 2022|section=yes|dupe=#Bad apple attack}}
>> Researchers from the [[French Institute for Research in Computer
>> Science and Automation]] (INRIA) showed that the Tor dissimulation
>> technique in [[BitTorrent]] can be bypassed by attackers controlling a
>> Tor exit node. The study was conducted by monitoring six exit nodes
>> for a period of twenty-three days. Researches used three [[attack
>> vector]]s:<ref name="manils-compromising" />
>>
>> ;Inspection of BitTorrent control messages: Tracker announces and
>> extension protocol handshakes may optionally contain a client [[IP
>> address]]. Analysis of collected data revealed that 35% and 33% of
>> messages, respectively, contained addresses of clients.<ref
>> name="manils-compromising" />{{rp|3}}
>>
>> ;Hijacking trackers' responses: Due to lack of encryption or
>> authentication in communication between the tracker and peer, typical
>> [[man-in-the-middle attack]]s allow attackers to determine peer IP
>> addresses and even verify the distribution of content. Such attacks
>> work when Tor is used only for tracker communication.<ref
>> name="manils-compromising" />{{rp|4}}
>>
>> ;Exploiting distributed hash tables (DHT): This attack exploits the
>> fact that [[distributed hash table]] (DHT) connections through Tor are
>> impossible, so an attacker is able to reveal a target's IP address by
>> looking it up in the DHT even if the target uses Tor to connect to
>> other peers.<ref name="manils-compromising" />{{rp|4–5}}
>>
>>
>> With these techniques, researchers were able to identify other streams
>> initiated by users, whose IP addresses were revealed.<ref
>> name="manils-compromising" />
>>
>>
>> ===Sniper attack===
>> Jansen ''et al.''., describes a [[DDoS]] attack targeted at the Tor
>> node software, as well as defenses against that attack and its
>> variants. The attack works using a colluding client and server, and
>> filling the queues of the exit node until the node runs out of memory,
>> and hence can serve no other (genuine) clients. By attacking a
>> significant proportion of the exit nodes this way, an attacker can
>> degrade the network and increase the chance of targets using nodes
>> controlled by the attacker.<ref name="andssy-sniper" />
>>
>>
>> ===Heartbleed bug===
>> The [[Heartbleed]] [[OpenSSL]] [[Software bug|bug]] disrupted the Tor
>> network for several days in April 2014 while [[private key]]s were
>> renewed. The Tor Project recommended Tor relay operators and onion
>> service operators revoke and generate fresh keys after patching
>> OpenSSL, but noted Tor relays use two sets of keys and Tor's multi-hop
>> design minimizes the impact of exploiting a single relay.<ref
>> name="torproject-openssl-cve" /> Five hundred eighty-six relays later
>>
>> found to be susceptible to the Heartbleed bug were taken offline as a
>> precautionary measure.<ref name="ml-rejecting" /><ref
>>
>> name="torproject-news-20140416" /><ref name="ars-ranks-cut" /><ref
>>
>> name="tp-blacklisting" />
>>
>>
>> {{Anchor |Relay early attack}}<!-- there are links here; please don't
>> move/remove without fixing the links -->
>>
>>
>> === Relay early traffic confirmation attack ===
>> {{Further|CERT Coordination Center#Operation Onymous |Operation
>> Onymous#Tor 0-day exploit}}
>> {{POV section|date=February 2021}}
>>
>> On 30 July 2014, the Tor Project issued the security advisory "relay
>> early traffic confirmation attack" in which the project discovered a
>> group of relays that tried to de-anonymize onion service users and
>> operators.<ref>{{harvp | Dingledine |2014}} "On July 4, 2014 we found
>>
>> a group of relays that we assume were trying to deanonymize users.
>> They appear to have been targeting people who operate or access Tor
>> hidden services."</ref> In summary, the attacking onion service
>>
>> directory node changed the headers of cells being relayed tagging them
>> as "relay" or "relay early" cells differently to encode additional
>> information and sent them back to the requesting user/operator. If the
>> user's/operator's guard/entry node was also part of the attacking
>> relays, the attacking relays might be able to capture the IP address
>> of the user/operator along with the onion service information that the
>> user/operator was requesting. The attacking relays were stable enough
>> to be designated as "suitable as hidden service directory" and
>> "suitable as entry guard"; therefore, both the onion service users and
>> the onion services might have used those relays as guards and hidden
>> service directory nodes.<ref name="relay-early-attack">{{cite web
>>
>> |last=Dingledine |first=Roger |date=30 July 2014 |title=Tor security
>> advisory: "relay early" traffic confirmation attack
>> |url=https://blog.torproject.org/tor-security-advisory-relay-early-traffic-confirmation-attack
>> |publisher=The Tor Project |access-date=9 July 2018 |archive-date=24
>> May 2019
>> |archive-url=https://web.archive.org/web/20190524031037/https://blog.torproject.org/tor-security-advisory-relay-early-traffic-confirmation-attack
>> |url-status=live }}</ref>
>>
>>
>> The attacking nodes joined the network early in the year on 30 January
>> and the project removed them on 4 July.<ref name=relay-early-attack />
>>
>> Although the attack's beginning is unclear, the project implied that
>> between February and July, IP addresses of onion service users and
>> operators might have been exposed.<ref>{{harvp | Dingledine |2014}}
>>
>> "...we assume were trying to deanonymize users. They appear to have
>> been targeting people who operate or access Tor hidden services...
>> users who operated or accessed hidden services from early February
>> through July 4 should assume they were affected... We know the attack
>> looked for users who fetched hidden service descriptors... The attack
>> probably also tried to learn who published hidden service descriptors,
>> which would allow the attackers to learn the location of that hidden
>> service... Hidden service operators should consider changing the
>> location of their hidden service."</ref>
>>
>>
>> The project mentioned the following mitigations besides removing the
>> attacking relays from the network:
>>
>> * patched relay software to prevent relays from relaying cells with
>> "relay early" headers that were not intended.<ref>{{harvp | Dingledine
>>
>> |2014}} "Relays should upgrade to a recent Tor release (0.2.4.23 or
>> 0.2.5.6-alpha), to close the particular protocol vulnerability the
>> attackers used..."</ref>
>>
>> * planned update for users' proxy software so that they could inspect
>> if they received "relay early" cells from the relays (as they are not
>> supposed to),<ref>{{harvp | Dingledine |2014}} "For expert users, the
>>
>> new Tor version warns you in your logs if a relay on your path injects
>> any relay-early cells: look for the phrase 'Received an inbound
>> RELAY_EARLY cell'"</ref> along with the settings to connect to just
>>
>> one guard node instead of selecting randomly from 3 to reduce the
>> probability of connecting to an attacking relay<ref>{{harvp |
>>
>> Dingledine |2014}} "Clients that upgrade (once new Tor Browser
>> releases are ready) will take another step towards limiting the number
>> of entry guards that are in a position to see their traffic, thus
>> reducing the damage from future attacks like this one... 3) Put out a
>> software update that will (once enough clients have upgraded) let us
>> tell clients to move to using one entry guard rather than three, to
>> reduce exposure to relays over time."</ref>
>>
>> * recommended that onion services should consider changing their
>> locations<ref>{{harvp | Dingledine |2014}} "Hidden service operators
>>
>> should consider changing the location of their hidden service."</ref>
>>
>> * reminded users and onion service operators that Tor could not
>> prevent de-anonymization if the attacker controlled or could listen to
>> both ends of the Tor circuit, like in this attack.<ref>{{harvp |
>>
>> Dingledine |2014}} "...but remember that preventing traffic
>> confirmation in general remains an open research problem."</ref>
>>
>>
>> In November 2014 there was speculation in the aftermath of [[Operation
>> Onymous]], resulting in 17 arrests internationally, that a Tor
>> weakness had been exploited. A representative of [[Europol]] was
>> secretive about the method used, saying: "''This is something we want
>> to keep for ourselves. The way we do this, we can't share with the
>> whole world, because we want to do it again and again and
>> again.''"<ref name="Wired-2014-11-07">{{Cite magazine |last=Greenberg
>>
>> |first=Andy |date=7 November 2014 |title=Global Web Crackdown Arrests
>> 17, Seizes Hundreds Of Dark Net Domains
>> |url=https://www.wired.com/2014/11/operation-onymous-dark-web-arrests
>> |magazine=Wired |access-date=9 August 2015 |archive-date=9 August 2015
>> |archive-url=https://web.archive.org/web/20150809113102/http://www.wired.com/2014/11/operation-onymous-dark-web-arrests/
>> |url-status=live }}</ref>
>>
>> A [[BBC]] source cited a "technical breakthrough"<ref
>> name="BBC-2014-11-07">{{Cite news |last=Wakefield |first=Jane |date=7
>>
>> November 2014 |title=Huge raid to shut down 400-plus dark net sites –
>> |work=BBC News |url=https://www.bbc.co.uk/news/technology-29950946
>> |access-date=9 August 2015 |archive-date=21 August 2015
>> |archive-url=https://web.archive.org/web/20150821232538/http://www.bbc.co.uk/news/technology-29950946
>> |url-status=live }}</ref>
>>
>> that allowed tracking physical locations of servers, and the initial
>> number of infiltrated sites led to the exploit speculation. Andrew
>> Lewman—a Tor Project representative—downplayed this possibility,
>> suggesting that execution of more traditional police work was more
>> likely.<ref name="crisis">{{cite web |last=O'Neill |first=Patrick
>>
>> Howell |date=7 November 2014 |title=The truth behind Tor's confidence
>> crisis |website=[[The Daily Dot]]
>> |url=http://www.dailydot.com/politics/tor-crisis-of-confidence/
>> |access-date=10 November 2014
>> |archive-url=https://web.archive.org/web/20141110122301/http://www.dailydot.com/politics/tor-crisis-of-confidence/
>> |archive-date=10 November 2014 |url-status=live }}</ref><ref>{{cite
>>
>> web |last=Knight |first=Shawn |date=7 November 2014 |title=Operation
>> Onymous seizes hundreds of darknet sites, 17 arrested globally
>> |url=http://www.techspot.com/news/58751-operation-onymous-seizes-hundreds-darknet-sites-17-arrested.html
>> |access-date=8 November 2014 |website=Techspot |archive-date=8
>> November 2014
>> |archive-url=https://web.archive.org/web/20141108205443/http://www.techspot.com/news/58751-operation-onymous-seizes-hundreds-darknet-sites-17-arrested.html
>> |url-status=live }}</ref>
>>
>>
>> In November 2015 court documents on the matter<ref
>> name="Motherboard2015">{{cite web |date=11 November 2015 |title=Court
>>
>> Docs Show a University Helped FBI Bust Silk Road 2, Child Porn
>> Suspects
>> |url=http://motherboard.vice.com/read/court-docs-show-a-university-helped-fbi-bust-silk-road-2-child-porn-suspects
>> |access-date=20 November 2015 |website=Motherboard |archive-date=21
>> November 2015
>> |archive-url=https://web.archive.org/web/20151121155246/http://motherboard.vice.com/read/court-docs-show-a-university-helped-fbi-bust-silk-road-2-child-porn-suspects
>> |url-status=live }}</ref>
>>
>> addressed concerns about security research ethics<ref
>> name="tor-blog-FBI">{{cite web |date=11 November 2015 |title=Did the
>>
>> FBI Pay a University to Attack Tor Users?
>> |url=https://blog.torproject.org/blog/did-fbi-pay-university-attack-tor-users
>> |access-date=20 November 2015 |website=torproject.org |archive-date=18
>> November 2015
>> |archive-url=https://web.archive.org/web/20151118131446/https://blog.torproject.org/blog/did-fbi-pay-university-attack-tor-users
>> |url-status=live }}</ref>{{Primary source inline|date=February 2021}}
>>
>> and the right of not being unreasonably searched as guaranteed by the
>> US [[Fourth Amendment to the United States Constitution|Fourth
>> Amendment]].<ref name="net-security-2015">{{cite web |last=Zorz
>>
>> |first=Zeljka |date=12 November 2015 |title=Tor Project claims FBI
>> paid university researchers $1m to unmask Tor users
>> |url=http://www.net-security.org/secworld.php?id=19097 |access-date=20
>> November 2015 |website=Help Net Security |archive-date=17 November
>> 2015
>> |archive-url=https://web.archive.org/web/20151117020533/http://www.net-security.org/secworld.php?id=19097
>> |url-status=live }}</ref>{{Unreliable source?|date=February 2021}}
>>
>> Moreover, the documents, along with expert
>> opinions,{{Who|date=February 2021}} may also show the connection
>> between the network attack and the law enforcement operation
>> including:
>>
>> * the search warrant for an administrator of Silkroad 2.0 indicated
>> that from January 2014 until July, the FBI received information from a
>> "university-based research institute" with the information being
>> "reliable IP addresses for Tor and onion services such as SR2" that
>> led to the identification of "at least another seventeen black markets
>> on Tor" and "approximately 78 IP addresses that accessed a vendor
>> [[.onion]] address." One of these IP addresses led to the arrest of
>> the administrator<ref name=Motherboard2015 />
>>
>> * the chronology and nature of the attack fitted well with the
>> operation<ref name=Motherboard2015 />
>>
>> * a senior researcher of [[International Computer Science Institute]],
>> part of [[University of California, Berkeley]], said in an interview
>> that the institute which worked with the FBI was "almost certainly"
>> [[Carnegie Mellon University]] (CMU),<ref name=Motherboard2015 /> and
>>
>> this concurred with the Tor Project's assessment<ref name=tor-blog-FBI
>> /> and with an earlier analysis of [[Edward Felten]], a computer
>>
>> security professor at [[Princeton University]], about researchers from
>> CMU's [[CERT/CC]] being involved<ref name="Felton2014">{{cite web
>>
>> |last=Felten|first= Ed|date=31 July 2014 |title=Why were CERT
>> researchers attacking Tor? |publisher=Freedom to Tinker, Center for
>> Information Technology Policy, Princeton University
>> |url=https://freedom-to-tinker.com/blog/felten/why-were-cert-researchers-attacking-tor/
>> |access-date=9 July 2018
>> |archive-url=https://web.archive.org/web/20160905235550/https://freedom-to-tinker.com/blog/felten/why-were-cert-researchers-attacking-tor/
>> |archive-date=5 September 2016 |url-status=live }}</ref>
>>
>>
>> In his analysis published on 31 July, besides raising ethical issues,
>> Felten also questioned the fulfillment of CERT/CC's purposes which
>> were to prevent attacks, inform the implementers of vulnerabilities,
>> and eventually inform the public. Because in this case, CERT/CC's
>> staff did the opposite which was to carry out a large-scale
>> long-lasting attack, withhold vulnerability information from the
>> implementers, and withhold the same information from the public.<ref
>> name=Felton2014 />{{Unreliable source?|date=February 2021}} CERT/CC is
>>
>> a non-profit, computer security research organization [[Government
>> spending|publicly funded]] through the [[US federal
>> government]].{{Citation needed|date=February 2021}}<ref>{{Cite
>>
>> journal|last=Madnick |first=Stuart |author2=Xitong Li |author3=Nazli
>> Choucri|date=2009|title=Experiences and challenges with using CERT
>> data to analyze international cyber security|journal=MIT Sloan
>> Research Paper}}</ref>
>>
>>
>> ===Mouse fingerprinting===
>> In March 2016, a security researcher based in [[Barcelona]]
>> demonstrated laboratory techniques using time measurement via
>> [[JavaScript]] at the 1-[[millisecond]] level<ref name="Researcher
>> finds new methods of deanonymizing Tor users">{{cite web |last=Cimpanu
>>
>> |first=Catalin |date=10 March 2016 |title=Tor Users Can Be Tracked
>> Based on Their Mouse Movements
>> |url=http://news.softpedia.com/news/tor-users-can-be-tracked-based-on-their-mouse-movements-501602.shtml
>> |access-date=11 March 2016 |website=Softpedia |archive-date=11 March
>> 2016
>> |archive-url=https://web.archive.org/web/20160311122218/http://news.softpedia.com/news/tor-users-can-be-tracked-based-on-their-mouse-movements-501602.shtml
>> |url-status=live }}</ref> which could potentially identify and
>>
>> correlate a user's unique [[computer mouse|mouse]] movements, provided
>> the user has visited the same "fingerprinting" website with both the
>> Tor browser and a regular browser.{{citation needed|date=November
>> 2020}} This [[proof of concept]] exploits the "time measurement via
>> JavaScript" issue, which had been an open ticket on the Tor Project
>> for ten months.<ref name="Open Ticket for Ten Months">{{cite web
>>
>> |last=Anonymous |date=10 March 2016 |title=Tor Users Can Be Tracked
>> Based On Their Mouse Movements
>> |url=http://news.slashdot.org/story/16/03/11/0045203/tor-users-can-be-tracked-based-on-their-mouse-movements
>> |access-date=11 March 2016 |website=Slashdot |archive-date=12 March
>> 2016
>> |archive-url=https://web.archive.org/web/20160312071945/http://news.slashdot.org/story/16/03/11/0045203/tor-users-can-be-tracked-based-on-their-mouse-movements
>> |url-status=live }}</ref>
>>
>>
>> ===Circuit fingerprinting attack===
>> In 2015, the administrators of [[Agora (online marketplace)|Agora]], a
>> [[darknet market]], announced they were taking the site offline in
>> response to a recently discovered security vulnerability in Tor. They
>> did not say what the vulnerability was, but Wired speculated it was
>> the "Circuit Fingerprinting Attack" presented at the Usenix security
>> conference.<ref>{{Cite magazine |last=Greenberg |first=Andy |date=26
>>
>> August 2015 |title=Agora, the Dark Web's Biggest Drug Market, Is Going
>> Offline
>> |url=https://www.wired.com/2015/08/agora-dark-webs-biggest-drug-market-going-offline/
>> |magazine=Wired |access-date=13 September 2016 |archive-date=15 August
>> 2016
>> |archive-url=https://web.archive.org/web/20160815105345/https://www.wired.com/2015/08/agora-dark-webs-biggest-drug-market-going-offline/
>> |url-status=live }}</ref><ref>{{cite web |author1=Albert Kwon
>>
>> |author2=Mashael AlSabah |author3=David Lazar |author4=Marc Dacier
>> |author5=Srinivas Devadas |date=August 2015 |title=Circuit
>> Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services
>> |url=https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-kwon.pdf
>> |access-date=14 July 2016 |archive-date=9 April 2016
>> |archive-url=https://web.archive.org/web/20160409103456/https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-kwon.pdf
>> |url-status=live }}</ref>
>>
>>
>> ===Volume information===
>> A study showed "anonymization solutions protect only partially against
>> target selection that may lead to efficient surveillance" as they
>> typically "do not hide the volume information necessary to do target
>> selection".<ref>{{cite web |title=The Economics of Mass Surveillance
>>
>> and the Questionable Value of Anonymous Communications
>> |url=http://www.econinfosec.org/archive/weis2006/docs/36.pdf|first1=George|last1=Danezis1|first2=Bettina|last2=Wittneben|via=ecoinfosec.org|access-date=27
>> April 2022 |archive-date=25 October 2016
>> |archive-url=https://web.archive.org/web/20161025002654/http://www.econinfosec.org/archive/weis2006/docs/36.pdf
>> |url-status=live }}</ref>
>>
>>
>> ==Implementations==
>> {{See also|The Tor Project#Tools|Guardian Project (software)#Projects}}
>> The main implementation of Tor is written primarily in [[C
>> (programming language)|C]]<ref name="tor-gitlab-repoanalytics" />
>>
>>
>> === Tor Browser ===
>> <!-- [[Portable Tor]] and [[Tor Browser Bundle]] redirect to this section
>> -->
>>
>> {{Infobox software
>> | name = Tor Browser
>> | screenshot = File:Tor-9.png
>> | caption = Tor Browser on [[Ubuntu]] showing its start page – about:tor
>> | developer = Tor Project
>> | ver layout = stacked
>> | latest release version = {{Multiple releases
>> |branch1=Android
>> |version1={{wikidata|property|preferred|references|edit|Q15397253|P348|P400=Q94|P548=Q2804309}}
>> |date1={{wikidata|qualifier|preferred|single|Q15397253|P348|P400=Q94|P548=Q2804309|P577}}
>> |branch2=Linux
>> |version2={{wikidata|property|preferred|references|edit|Q15397253|P348|P400=Q388|P548=Q2804309}}
>> |date2={{wikidata|qualifier|preferred|single|Q15397253|P348|P400=Q388|P548=Q2804309|P577}}
>> |branch3=macOS
>> |version3={{wikidata|property|preferred|references|edit|Q15397253|P348|P400=Q14116|P548=Q2804309}}
>> |date3={{wikidata|qualifier|preferred|single|Q15397253|P348|P400=Q14116|P548=Q2804309|P577}}
>> |branch4=Windows
>> |version4={{wikidata|property|preferred|references|edit|Q15397253|P348|P400=Q1406|P548=Q2804309}}
>> |date4={{wikidata|qualifier|preferred|single|Q15397253|P348|P400=Q1406|P548=Q2804309|P577}}
>> }}
>> | latest preview version = {{Multiple releases
>> |branch1=Android
>> |version1={{wikidata|property|preferred|references|edit|Q15397253|P348|P400=Q94|P548=Q51930650}}
>> |date1={{wikidata|qualifier|preferred|single|Q15397253|P348|P400=Q94|P548=Q51930650|P577}}
>> |branch2=Linux
>> |version2={{wikidata|property|preferred|references|edit|Q15397253|P348|P400=Q388|P548=Q51930650}}
>> |date2={{wikidata|qualifier|preferred|single|Q15397253|P348|P400=Q388|P548=Q51930650|P577}}
>> |branch3=macOS
>> |version3={{wikidata|property|preferred|references|edit|Q15397253|P348|P400=Q14116|P548=Q51930650}}
>> |date3={{wikidata|qualifier|preferred|single|Q15397253|P348|P400=Q14116|P548=Q51930650|P577}}
>> |branch4=Windows
>> |version4={{wikidata|property|preferred|references|edit|Q15397253|P348|P400=Q1406|P548=Q51930650}}
>> |date4={{wikidata|qualifier|preferred|single|Q15397253|P348|P400=Q1406|P548=Q51930650|P577}}
>> }}
>> | repo = {{URL|https://gitweb.torproject.org/tor-browser.git/}}
>> | engine = [[Gecko (software)|Gecko]]
>> | operating system = {{flatlist|
>> * [[Windows XP]] and later
>> * [[Unix-like]] (inc. [[macOS]])
>> * [[Android (operating system)|Android]]}}
>> | size = {{Nowrap|65–90 MB}}
>> | language = 36 languages<ref>{{cite
>>
>> web|url=https://www.torproject.org/download/languages/|title=Download
>> Tor Browser in your language|publisher=[[The Tor Project,
>> Inc.]]|access-date=7 July 2021}}</ref>
>>
>> | genre = [[Onion routing]], [[anonymity]], [[web browser]], [[feed
>> reader]]
>> | license = [[Mozilla Public License]]<ref name="license">{{cite
>>
>> web|title=Tor Project: FAQ
>> |url=https://torproject.org/docs/faq.html.en |website=torproject.org
>> |access-date=31 October 2019 |archive-date=24 March 2019
>> |archive-url=https://web.archive.org/web/20190324153623/https://www.torproject.org/docs/faq.html.en
>> |url-status=live}}</ref>
>>
>> | website = {{URL|torproject.org}}
>> }}
>>
>> [[File:Tor Browser icon.svg|90px|thumb|Tor Browser-Logo|left]]
>>
>> The Tor Browser<ref name="tbb">{{cite web |date=23 June 2014
>>
>> |title=Tor Browser Bundle
>> |url=https://www.torproject.org/projects/torbrowser.html.en
>> |archive-url=https://web.archive.org/web/20140623203436/https://www.torproject.org/projects/torbrowser.html.en
>> |archive-date=23 June 2014 |access-date=21 May 2017 |website=Tor
>> Project}}</ref> is the flagship product of the Tor Project. It was
>>
>> created as the Tor Browser Bundle by [[Steven J. Murdoch]]<ref
>> name="torproject-corepeople" /> and announced in January 2008.<ref
>>
>> name="tbbannounce">{{Cite mailing list |last=Murdoch |first=Steven J.
>>
>> |author-link=Steven J. Murdoch |date=30 January 2008 |title=New Tor
>> distribution for testing: Tor Browser Bundle |mailing-list=tor-talk
>> |url=https://lists.torproject.org/pipermail/tor-talk/2008-January/007837.html
>> |access-date=13 January 2020 |archive-date=5 March 2020
>> |archive-url=https://web.archive.org/web/20200305015731/https://lists.torproject.org/pipermail/tor-talk/2008-January/007837.html
>> |url-status=live }}</ref> The Tor Browser consists of a modified
>>
>> Mozilla [[Firefox]] ESR web browser, the TorButton, TorLauncher,
>> [[NoScript]] and the Tor proxy.<ref name="tbb-design-document" /><ref
>>
>> name="wu8-ubuntu-ppa" /> Users can run the Tor Browser from
>>
>> [[removable media]]. It can operate under [[Microsoft Windows]],
>> [[macOS]], [[Android (operating system)|Android]] and [[Linux]].<ref
>> name="lj-portable" />
>>
>>
>> The default [[search engine]] is [[DuckDuckGo]] (until version 4.5,
>> [[Startpage.com]] was its default). The Tor Browser automatically
>> starts Tor background processes and routes traffic through the Tor
>> network. Upon termination of a session the browser deletes
>> privacy-sensitive data such as HTTP cookies and the browsing
>> history.<ref name="wu8-ubuntu-ppa" /> This is effective in reducing
>>
>> [[web tracking]] and [[canvas fingerprinting]], and it also helps to
>> prevent creation of a [[filter bubble]].{{citation needed|date=April
>> 2022}}
>>
>> To allow download from places where accessing the Tor Project URL may
>> be risky or blocked, a [[GitHub]] repository is maintained with links
>> for releases hosted in other domains.<ref>{{cite web |date=23
>>
>> September 2020 |title=This repository contains TorBrowser Releases.
>> |website=[[GitHub]]
>> |url=https://github.com/TheTorProject/gettorbrowser |access-date=23
>> September 2020 |archive-date=23 September 2020
>> |archive-url=https://web.archive.org/web/20200923155534/https://github.com/TheTorProject/gettorbrowser
>> |url-status=live }}</ref>
>>
>>
>> {{Anchor|EgotisticalGiraffe}}
>>
>> ==== Firefox/Tor browser attack ====
>> In 2011, the [[Law enforcement in the Netherlands|Dutch authority]]
>> investigating [[child pornography]] discovered the IP address of a Tor
>> onion service site called "Pedoboard" from an unprotected
>> administrator's account and gave it to the [[FBI]], who traced it to
>> Aaron McGrath. After a year of surveillance, the FBI launched
>> "[[Operation Torpedo]]" which resulted in McGrath's arrest and allowed
>> them to install their [[Network Investigative Technique]] (NIT)
>> malware on the servers for retrieving information from the users of
>> the three onion service sites that McGrath controlled.<ref>{{Cite
>>
>> magazine |last=Poulsen |first=Kevin |date=8 May 2014 |title=Visit the
>> Wrong Website, and the FBI Could End Up in Your Computer
>> |url=https://www.wired.com/2014/08/operation_torpedo/
>> |magazine=[[Wired (magazine)|Wired]] |access-date=12 March 2017
>> |archive-date=11 January 2018
>> |archive-url=https://web.archive.org/web/20180111024650/https://www.wired.com/2014/08/operation_torpedo/
>> |url-status=live }}</ref> The technique, exploiting a Firefox/Tor
>>
>> browser's vulnerability that had been patched and targeting users that
>> had not updated, had a [[Adobe Flash|Flash]] application pinging a
>> user's IP address directly back to an FBI server,<ref>{{cite web
>>
>> |date=16 July 2015 |title=Feds bust through huge Tor-hidden child porn
>> site using questionable malware
>> |url=https://arstechnica.com/tech-policy/2015/07/feds-bust-through-huge-tor-hidden-child-porn-site-using-questionable-malware/
>> |website=Ars Technica |access-date=26 July 2018 |archive-date=24 March
>> 2020
>> |archive-url=https://web.archive.org/web/20200324213851/https://arstechnica.com/tech-policy/2015/07/feds-bust-through-huge-tor-hidden-child-porn-site-using-questionable-malware/
>> |url-status=live }}</ref><ref>{{cite web |title=FBI Tor busting 227 1
>>
>> |url=https://www.documentcloud.org/documents/2124281-fbi-tor-busting-227-1.html
>> |access-date=26 July 2018 |archive-date=2 July 2018
>> |archive-url=https://web.archive.org/web/20180702204642/https://www.documentcloud.org/documents/2124281-fbi-tor-busting-227-1.html
>> |url-status=live }}</ref><ref>{{Cite journal |last1=Miller
>>
>> |first1=Matthew |last2=Stroschein |first2=Joshua |last3=Podhradsky
>> |first3=Ashley |date=25 May 2016 |title=Reverse Engineering a NIT That
>> Unmasks Tor Users
>> |url=https://commons.erau.edu/adfsl/2016/wednesday/10/ |journal=Annual
>> ADFSL Conference on Digital Forensics, Security and Law
>> |access-date=26 July 2018 |archive-date=2 July 2018
>> |archive-url=https://web.archive.org/web/20180702204544/https://commons.erau.edu/adfsl/2016/wednesday/10/
>> |url-status=live }}</ref><ref>{{Cite magazine |date=16 December 2014
>>
>> |title=The FBI Used the Web's Favorite Hacking Tool to Unmask Tor
>> Users |url=https://www.wired.com/2014/12/fbi-metasploit-tor/
>> |magazine=Wired |access-date=26 July 2018 |archive-date=22 February
>> 2019
>> |archive-url=https://web.archive.org/web/20190222011924/https://www.wired.com/2014/12/fbi-metasploit-tor/
>> |url-status=live }}</ref> and resulted in revealing at least 25 US
>>
>> users as well as numerous users from other countries.<ref
>> name="WiredDeFoggi">{{Cite magazine |date=27 August 2014
>>
>> |title=Federal Cybersecurity Director Found Guilty on Child Porn
>> Charges
>> |url=https://www.wired.com/2014/08/federal-cybersecurity-director-guilty-child-porn-charges/
>> |magazine=Wired |access-date=26 July 2018 |archive-date=23 February
>> 2019
>> |archive-url=https://web.archive.org/web/20190223085543/https://www.wired.com/2014/08/federal-cybersecurity-director-guilty-child-porn-charges/
>> |url-status=live }}</ref> McGrath was sentenced to 20 years in prison
>>
>> in early 2014, with at least 18 other users including a former Acting
>> [[United States Department of Health and Human Services|HHS]] Cyber
>> Security Director being sentenced in subsequent cases.<ref>{{cite web
>>
>> |date=5 January 2015 |title=Former Acting HHS Cyber Security Director
>> Sentenced to 25 Years in Prison for Engaging in Child Pornography
>> Enterprise
>> |url=https://www.justice.gov/opa/pr/former-acting-hhs-cyber-security-director-sentenced-25-years-prison-engaging-child
>> |url-status=live
>> |archive-url=https://web.archive.org/web/20180702233127/https://www.justice.gov/opa/pr/former-acting-hhs-cyber-security-director-sentenced-25-years-prison-engaging-child
>> |archive-date=2 July 2018 |publisher=US Department of
>> Justice}}</ref><ref>{{cite web |date=17 December 2015 |title=New York
>>
>> Man Sentenced to Six Years in Prison for Receiving and Accessing Child
>> Pornography
>> |url=https://www.justice.gov/opa/pr/new-york-man-sentenced-six-years-prison-receiving-and-accessing-child-pornography
>> |url-status=live
>> |archive-url=https://web.archive.org/web/20180705062657/https://www.justice.gov/opa/pr/new-york-man-sentenced-six-years-prison-receiving-and-accessing-child-pornography
>> |archive-date=5 July 2018 |publisher=US Department of Justice}}</ref>
>>
>>
>> In August 2013 it was discovered<ref>{{Cite
>>
>> magazine|last=Poulsen|first=Kevin|date=2013-08-05|title=Feds Are
>> Suspects in New Malware That Attacks Tor
>> Anonymity|magazine=Wired|url=https://www.wired.com/2013/08/freedom-hosting/|access-date=12
>> March 2017|archive-date=29 April
>> 2014|archive-url=https://web.archive.org/web/20140429202100/http://www.wired.com/2013/08/freedom-hosting/|url-status=live}}</ref><ref>{{cite
>>
>> web|last=Krebs|first=Brian|date=2013-08-13|title=Firefox Zero-Day Used
>> in Child Porn
>> Hunt?|url=https://krebsonsecurity.com/2013/08/firefox-zero-day-used-in-child-porn-hunt/|access-date=2020-12-26|website=Krebs
>> on Security|archive-date=13 December
>> 2020|archive-url=https://web.archive.org/web/20201213180903/https://krebsonsecurity.com/2013/08/firefox-zero-day-used-in-child-porn-hunt/|url-status=live}}</ref>
>>
>> that the [[Firefox]] browsers in many older versions of the Tor
>> Browser Bundle were vulnerable to a JavaScript-deployed [[shellcode]]
>> attack, as NoScript was not enabled by default.<ref
>> name="guardian-peeling" /> Attackers used this vulnerability to
>>
>> extract users' MAC and IP addresses and Windows computer names.<ref
>> name="iw-info-stealing" /><ref name="wired-feds-are-suspects" /><ref
>>
>> name="ghowen-fby-analysis" /> News reports linked this to an [[Federal
>>
>> Bureau of Investigation]] (FBI) operation targeting [[Freedom
>> Hosting]]'s owner, Eric Eoin Marques, who was arrested on a
>> provisional extradition warrant issued by a United States' court on 29
>> July.<ref>{{Cite
>>
>> news|last=O'Faolain|first=Aodhan|date=2013-08-08|title=Man sought in
>> US on child porn charges further remanded in custody|newspaper=The
>> Irish
>> Times|url=https://www.irishtimes.com/news/ireland/irish-news/man-sought-in-us-on-child-porn-charges-further-remanded-in-custody-1.1488624|access-date=2020-12-26|archive-date=9
>> August
>> 2013|archive-url=https://web.archive.org/web/20130809222019/http://www.irishtimes.com/news/ireland/irish-news/man-sought-in-us-on-child-porn-charges-further-remanded-in-custody-1.1488624|url-status=live}}</ref>
>>
>> The FBI extradited Marques from Ireland to the state of Maryland on 4
>> charges: distributing; conspiring to distribute; and advertising
>> [[child pornography]], as well as aiding and abetting advertising of
>> child
>> pornography.<ref>[https://www.theguardian.com/us-news/2021/sep/16/man-behind-worlds-biggest-source-of-child-abuse-imagery-is-jailed-for-27-years
>>
>> Man behind world's biggest source of child abuse imagery is jailed for
>> 27 years], the guardian.com, 2021/09/16</ref> The warrant alleged that
>>
>> Marques was "the largest facilitator of child porn on the planet".<ref
>> name="mirror-marques" /><ref name="torproject-old-vulnerable"
>>
>> />{{qn|date=December 2016}} The FBI acknowledged the attack in a 12
>>
>> September 2013 court filing in [[Dublin]];<ref
>> name="wired-fbi-controlled" /> further technical details from a
>>
>> training presentation leaked by [[Edward Snowden]] revealed the code
>> name for the exploit as "EgotisticalGiraffe".<ref
>> name="guardian-how-nsa" />
>>
>>
>> === Tor Messenger ===
>> {{Infobox software
>> | name = Tor Messenger
>> | logo = [[File:Tor-messenger.svg|128px]]
>> | logo alt =
>> | screenshot = <!-- Image name is enough -->
>>
>> | caption =
>> | author =
>> | developer = The Tor Project
>> | released = {{Start date and age|2015|10|29|df=yes}}<ref
>> name="auto">{{cite web |last=Singh |first=Sukhbir |date=29 October
>>
>> 2015 |title=Tor Messenger Beta: Chat over Tor, Easily
>> |url=https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily
>> |access-date=31 October 2015 |website=The Tor Blog |publisher=The Tor
>> Project |archive-date=30 October 2015
>> |archive-url=https://web.archive.org/web/20151030223028/https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily
>> |url-status=live }}</ref>
>>
>> | discontinued = yes
>> <!-- NOTE: While 0.5.0-beta-1 is a preview release, it is specified in
>> "latest release version" so that
>> it is correctly displayed as the final release.
>> -->| latest release version = 0.5.0-beta-1
>>
>> | latest release date = {{Start date and
>> age|2017|09|28|df=yes}}<ref>{{cite web |last=Singh |first=Sukhbir
>>
>> |date=28 September 2017 |title=Tor Messenger 0.5.0b1 is released
>> |url=https://blog.torproject.org/tor-messenger-050b1-released
>> |access-date=6 October 2017 |website=sukhbir's blog |publisher=The Tor
>> Project |archive-date=6 October 2017
>> |archive-url=https://web.archive.org/web/20171006112837/https://blog.torproject.org/tor-messenger-050b1-released
>> |url-status=live }}</ref><ref name=sunset-tormes>{{cite web
>>
>> |last=Singh |first=Sukhbir |date=2 April 2018 |title=Sunsetting Tor
>> Messenger |url=https://blog.torproject.org/sunsetting-tor-messenger
>> |access-date=9 April 2020 |archive-date=2 April 2020
>> |archive-url=https://web.archive.org/web/20200402233906/https://blog.torproject.org/sunsetting-tor-messenger
>> |url-status=live }}</ref>
>>
>> | repo = https://gitweb.torproject.org/tor-messenger-build.git
>> | programming language = [[C/C++]], [[JavaScript]], [[Cascading Style
>> Sheets|CSS]], [[XUL]]
>> | operating system = {{flatlist|
>> * [[Windows XP]] and later
>> * [[Unix-like]] (inc. [[macOS]])}}
>> | size =
>> | language = English
>> | genre =
>> | license =
>> | website =
>> {{URL|https://trac.torproject.org/projects/tor/wiki/doc/TorMessenger}}
>> }}
>>
>> On 29 October 2015, the Tor Project released Tor Messenger Beta, an
>> instant messaging program based on [[Instantbird]] with Tor and
>> [[Off-the-Record Messaging|OTR]] built in and used by default.<ref
>> name="auto" /> Like [[Pidgin (software)|Pidgin]] and [[Adium]], Tor
>>
>> Messenger supports multiple different instant messaging protocols;
>> however, it accomplishes this without relying on ''libpurple'',
>> implementing all chat protocols in the memory-safe language JavaScript
>> instead.<ref>{{cite web |date=13 July 2015 |title=Tor Messenger Design
>>
>> Document
>> |url=https://trac.torproject.org/projects/tor/wiki/doc/TorMessenger/DesignDoc
>> |access-date=22 November 2015 |website=The Tor Project
>> |archive-date=22 November 2015
>> |archive-url=https://web.archive.org/web/20151122170840/https://trac.torproject.org/projects/tor/wiki/doc/TorMessenger/DesignDoc
>> |url-status=live }}</ref><ref>{{cite web |title=Sunsetting Tor
>>
>> Messenger {{!}} Tor Project
>> |url=https://blog.torproject.org/sunsetting-tor-messenger/
>> |access-date=2022-05-07 |website=blog.torproject.org}}</ref>
>>
>>
>> According to Lucian Armasu of Toms Hardware, in April 2018, the Tor
>> Project shut down the Tor Messenger project for three reasons: the
>> developers of "Instabird" {{sic}} discontinued support for their own
>> software, limited resources and known metadata problems.<ref>{{cite
>>
>> web |last=Aemasu |first=Lucian |date=3 April 2018 |title=Tor Project
>> Shuts Down Development Of Tor Messenger
>> |url=http://www.tomshardware.com/news/tor-project-ends-tor-messenger,36811.html
>> |access-date=3 April 2018 |website=Tom's Hardware |language=en}}</ref>
>>
>> The Tor Messenger developers explained that overcoming any
>> vulnerabilities discovered in the future would be impossible due to
>> the project relying on outdated software dependencies.<ref>{{cite web
>>
>> |last=Sharwood |first=Simon |date=3 April 2018 |title=Tor 'sunsets'
>> secure Messenger that never exited beta
>> |url=https://www.theregister.co.uk/2018/04/03/tor_messenger_sunset/
>> |url-status=live
>> |archive-url=https://web.archive.org/web/20180715115016/https://www.theregister.co.uk/2018/04/03/tor_messenger_sunset/
>> |archive-date=15 July 2018 |access-date=2 October 2019 |website=The
>> Register |language=en}}</ref>
>>
>>
>> ===Tor Phone===
>> {{See also|Tor Phone}}
>> In 2016, Tor developer Mike Perry announced a prototype tor-enabled
>> smartphone bases on [[CopperheadOS]].<ref>{{Cite web |last=Staff
>>
>> |first=Ars |date=2016-11-22 |title=Tor phone is antidote to Google
>> "hostility" over Android, says developer
>> |url=https://arstechnica.com/information-technology/2016/11/tor-phone-prototype-google-hostility-android-open-source/
>> |access-date=2022-08-13 |website=Ars Technica |language=en-us}}</ref>
>>
>> It was meant as a direction for tor on mobile. The project was called
>> 'Mission Improbable'. Copperhead's then lead developer Daniel Micah
>> welcomed the prototype.
>>
>> ===Third-party applications===
>> The [[Vuze]] (formerly Azureus) [[BitTorrent]] client,<ref
>> name="vuze-tor" /> [[Bitmessage]] anonymous messaging system,<ref
>>
>> name="bitmessage-faq" /> and [[TorChat]] instant messenger include Tor
>>
>> support. OnionShare allows users to share files using Tor.<ref
>> name="Hassan2016">{{cite book |last1=Hassan |first1=Nihad
>>
>> |last2=Hijazi |first2=Rami |title=Data Hiding Techniques in Windows
>> OS: A Practical Approach to Investigation and Defense |year=2016
>> |publisher=Syngress |isbn=978-0-12-804496-4 |page=184
>> |url=https://books.google.com/books?id=sy2lCgAAQBAJ&pg=PA184}}</ref>
>>
>>
>> [[Guardian Project (software)|The Guardian Project]] is actively
>> developing a free and open-source suite of applications and firmware
>> for the [[Android (operating system)|Android operating system]] to
>> improve the security of mobile communications.<ref
>> name="guardianproject-about" /> The applications include the
>>
>> [[ChatSecure]] instant messaging client,<ref
>> name="guardianproject-chatsecure" /> [[Orbot]] Tor implementation<ref
>>
>> name="guardianproject-orbot" /> (also available for
>>
>> iOS),<ref>{{Citation |title=Orbot iOS |date=2022-08-25
>>
>> |url=https://github.com/guardianproject/orbot-ios |publisher=Guardian
>> Project |access-date=2022-08-25}}</ref> Orweb (discontinued)
>>
>> privacy-enhanced mobile browser,<ref name="guardianproject-orweb"
>> /><ref name="n8fr8">{{cite web |last=n8fr8 |date=30 June 2015
>>
>> |title=Orfox: Aspiring to bring Tor Browser to Android
>> |url=https://guardianproject.info/2015/06/30/orfox-aspiring-to-bring-tor-browser-to-android/
>> |access-date=17 August 2015 |website=guardianproject.info |quote=Our
>> plan is to actively encourage users to move from Orweb to Orfox, and
>> stop active development of Orweb, even removing to from the Google
>> Play Store. |archive-date=13 September 2015
>> |archive-url=https://web.archive.org/web/20150913130030/https://guardianproject.info/2015/06/30/orfox-aspiring-to-bring-tor-browser-to-android/
>> |url-status=live }}</ref> Orfox, the mobile counterpart of the Tor
>>
>> Browser, ProxyMob [[Firefox add-on]],<ref
>> name="guardianproject-proxymob" /> and ObscuraCam.<ref
>>
>> name="guardianproject-obscuracam" />
>>
>>
>> [[Onion Browser]]<ref>[https://mtigas/OnionBrowser/blob/2.X/LICENSE
>>
>> Endless / Onion Browser License (OBL)]</ref> is open-source,
>>
>> privacy-enhancing web browser for [[iOS]], which uses Tor.<ref>{{cite
>>
>> web|title=Tor at the Heart: Onion Browser (and more iOS Tor)
>> |publisher=The Tor Blog
>> |url=https://blog.torproject.org/blog/tor-heart-onion-browser-and-more-ios-tor|format=|access-date=|last=|date=|year=|language=|pages=}}</ref>
>>
>> It is available in the iOS [[App
>> Store]],<ref>[https://apps.apple.com/en/app/onion-browser/id519296448
>>
>> Onion Browser on the App Store]</ref> and source code is available on
>>
>> [[GitHub]].<ref name="github-OnionBro">{{cite
>>
>> web|title=OnionBrowser/OnionBrowser|periodical=GitHub|url=https://github.com/OnionBrowser/OnionBrowser|format=|access-date=|last=|date=2021-06-30|language=en|pages=}}</ref>
>>
>>
>> [[Brave (web browser)|Brave]] added support for [[Tor (anonymity
>> network)|Tor]] in its desktop browser's [[private
>> browsing|private-browsing]] mode.<ref>{{cite
>>
>> web|last=Shankland|first=Stephen|title=Brave advances browser privacy
>> with Tor-powered
>> tabs|url=https://www.cnet.com/news/brave-advances-browser-privacy-with-tor-powered-tabs/|publisher=CNET|date=28
>> June 2018|access-date=27 September 2018|archive-date=27 September
>> 2018|archive-url=https://web.archive.org/web/20180927204204/https://www.cnet.com/news/brave-advances-browser-privacy-with-tor-powered-tabs/|url-status=live}}</ref>
>>
>> Users can switch to Tor-enabled browsing by clicking on the hamburger
>> menu on the top right corner of the browser.<ref>{{cite
>>
>> web|last=Brave|date=2020-10-05|title=Brave.com now has its own Tor
>> Onion Service, providing more users with secure access to
>> Brave|url=https://brave.com/new-onion-service/|access-date=2021-01-22|website=Brave
>> Browser|archive-date=6 October
>> 2020|archive-url=https://web.archive.org/web/20201006004823/https://brave.com/new-onion-service/|url-status=live}}</ref>
>>
>>
>> <gallery>
>>
>> File:Orbot-logo.svg|Orbot logo
>> File:Onion Browser Icon 2017.png|Onion Browser logo
>> File:Onion Browser on iPad.png|Onion Browser on [[iPad]]
>> File:Onion Browser 2.8.1 on iPhone.png|Onion Browser 2.8.1 on [[iPhone]]
>> </gallery>
>>
>>
>> ===Security-focused operating systems===
>> Several [[security-focused operating system]]s make or made extensive
>> use of Tor. These include [[Hardened Linux From Scratch]], [[Incognito
>> (operating system)|Incognito]], [[Security-focused operating
>> system#Liberté Linux|Liberté Linux]], [[Qubes OS]], [[Subgraph
>> (operating system)|Subgraph]], [[Tails (operating system)|Tails]],
>> Tor-ramdisk, and [[Whonix]].<ref name="xakep-whole-hog" />
>>
>>
>> == Reception, impact, and legislation ==
>> [[File:TorPluggable transports-animation.webm|thumb|A very brief
>> animated primer on Tor pluggable transports,<ref name="Tor Project:
>> Pluggable Transports">{{cite web |title=Tor Project: Pluggable
>>
>> Transports
>> |url=https://www.torproject.org/docs/pluggable-transports.html.en
>> |access-date=5 August 2016 |website=torproject.org |archive-date=13
>> August 2016
>> |archive-url=https://web.archive.org/web/20160813004757/https://www.torproject.org/docs/pluggable-transports.html.en
>> |url-status=live }}</ref> a method of accessing the anonymity
>>
>> network.]]
>>
>> Tor has been praised for providing privacy and anonymity to vulnerable
>> Internet users such as political activists fearing surveillance and
>> arrest, ordinary web users seeking to circumvent censorship, and
>> people who have been threatened with violence or abuse by
>> stalkers.<ref>{{Cite news |last=Brandom |first=Russell |date=9 May
>>
>> 2014 |title=Domestic violence survivors turn to Tor to escape abusers
>> |work=The Verge
>> |url=https://www.theverge.com/2014/5/9/5699600/domestic-violence-survivors-turn-to-tor-to-escape-abusers
>> |access-date=30 August 2014 |archive-date=2 September 2014
>> |archive-url=https://web.archive.org/web/20140902093440/http://www.theverge.com/2014/5/9/5699600/domestic-violence-survivors-turn-to-tor-to-escape-abusers
>> |url-status=live }}</ref><ref>{{Cite news |last=Gurnow |first=Michael
>>
>> |date=1 July 2014 |title=Seated Between Pablo Escobar and Mahatma
>> Gandhi: The Sticky Ethics of Anonymity Networks |work=Dissident Voice
>> |url=http://dissidentvoice.org/2013/06/seated-between-pablo-escobar-and-mahatma-gandhi/
>> |access-date=17 July 2014 |archive-date=6 October 2014
>> |archive-url=https://web.archive.org/web/20141006101844/http://dissidentvoice.org/2013/06/seated-between-pablo-escobar-and-mahatma-gandhi/
>> |url-status=live }}</ref> The U.S. National Security Agency (NSA) has
>>
>> called Tor "the king of high-secure, low-latency Internet
>> anonymity",<ref name="guardian-nsa-target" /> and ''[[BusinessWeek]]''
>>
>> magazine has described it as "perhaps the most effective means of
>> defeating the online surveillance efforts of intelligence agencies
>> around the world".<ref name=bw-tor-vs /> Other media have described
>>
>> Tor as "a sophisticated privacy tool",<ref>{{Cite magazine
>>
>> |last=Zetter |first=Kim |date=1 June 2010 |title=WikiLeaks Was
>> Launched With Documents Intercepted From Tor |magazine=Wired
>> |url=https://www.wired.com/2010/06/wikileaks-documents/
>> |access-date=30 August 2014 |archive-date=12 August 2014
>> |archive-url=https://web.archive.org/web/20140812114104/http://www.wired.com/2010/06/wikileaks-documents/
>> |url-status=live }}</ref> "easy to use"<ref>{{Cite news |last=Lee
>>
>> |first=Timothy B. |date=10 June 2013 |title=Five ways to stop the NSA
>> from spying on you |newspaper=[[The Washington Post]]
>> |url=https://www.washingtonpost.com/blogs/wonkblog/wp/2013/06/10/five-ways-to-stop-the-nsa-from-spying-on-you/
>> |access-date=30 August 2014 |archive-date=4 October 2014
>> |archive-url=https://web.archive.org/web/20141004072624/http://www.washingtonpost.com/blogs/wonkblog/wp/2013/06/10/five-ways-to-stop-the-nsa-from-spying-on-you/
>> |url-status=live }}</ref> and "so secure that even the world's most
>>
>> sophisticated electronic spies haven't figured out how to crack
>> it".<ref name="thecable">{{Cite news |last1=Harris |first1=Shane
>>
>> |last2=Hudson |first2=John |date=4 October 2014 |title=Not Even the
>> NSA Can Crack the State Department's Favorite Anonymous Service
>> |work=[[Foreign Policy]]
>> |url=http://thecable.foreignpolicy.com/posts/2013/10/04/not_even_the_nsa_can_crack_the_state_departments_online_anonymity_tool
>> |access-date=30 August 2014 |archive-date=20 July 2014
>> |archive-url=https://web.archive.org/web/20140720045913/http://thecable.foreignpolicy.com/posts/2013/10/04/not_even_the_nsa_can_crack_the_state_departments_online_anonymity_tool
>> |url-status=live }}</ref>
>>
>>
>> Advocates for Tor say it supports [[freedom of expression]], including
>> in countries where the Internet is censored, by protecting the privacy
>> and anonymity of users. The mathematical underpinnings of Tor lead it
>> to be characterized as acting "like a piece of [[infrastructure]], and
>> governments naturally fall into paying for infrastructure they want to
>> use".<ref>{{cite web |last=Norton |first=Quinn |date=9 December 2014
>>
>> |title=Clearing the air around Tor
>> |url=http://pando.com/2014/12/09/clearing-the-air-around-tor/
>> |website=[[PandoDaily]] |access-date=10 December 2014 |archive-date=25
>> May 2019
>> |archive-url=https://web.archive.org/web/20190525115617/https://pando.com/2014/12/09/clearing-the-air-around-tor/
>> |url-status=live }}</ref>
>>
>>
>> The project was originally developed on behalf of the U.S.
>> intelligence community and continues to receive U.S. government
>> funding, and has been criticized as "more resembl[ing] a spook project
>> than a tool designed by a culture that values accountability or
>> transparency".<ref name="pando">{{Cite
>>
>> news|last=Levine|first=Yasha|date=16 July 2014|title=Almost everyone
>> involved in developing Tor was (or is) funded by the US
>> government|work=Pando
>> Daily|url=http://pando.com/2014/07/16/tor-spooks/|url-status=live|access-date=21
>> April
>> 2016|archive-url=https://web.archive.org/web/20160411185901/https://pando.com/2014/07/16/tor-spooks/|archive-date=11
>> April 2016}}</ref> {{as of|2012}}, 80% of The Tor Project's $2M annual
>>
>> budget came from the [[United States government]], with the [[U.S.
>> State Department]], the [[Broadcasting Board of Governors]], and the
>> [[National Science Foundation]] as major contributors,<ref
>> name="boston-free-speech-tech" /> aiming "to aid democracy advocates
>>
>> in authoritarian states".<ref name="NDR">{{Cite news|date=3 July
>>
>> 2014|title=NSA targets the
>> privacy-conscious|work=Panorama|publisher=Norddeutscher
>> Rundfunk|url=http://daserste.ndr.de/panorama/aktuell/nsa230_page-1.html|url-status=live|access-date=4
>> July
>> 2014|archive-url=https://web.archive.org/web/20140703215350/http://daserste.ndr.de/panorama/aktuell/nsa230_page-1.html|archive-date=3
>> July 2014|vauthors=Appelbaum J, Gibson A, Goetz J, Kabisch V, Kampf L,
>> Ryge L}}</ref> Other public sources of funding include [[DARPA]], the
>>
>> [[United States Naval Research Laboratory|U.S. Naval Research
>> Laboratory]], and the [[Government of Sweden]].<ref
>> name="torproject-sponsors" /><ref name="wsj-anonymous-contraversial"
>>
>> /> Some have proposed that the government values Tor's commitment to
>>
>> free speech, and uses the darknet to gather intelligence.<ref>Moore,
>>
>> Daniel; Rid, Thomas. "Cryptopolitik and the Darknet". Survival.
>> Feb2016, Vol. 58 Issue 1, p7-38. 32p.</ref>{{Request quotation |
>>
>> date=July 2018}} Tor also receives funding from [[Non-governmental
>> organization|NGOs]] including [[Human Rights Watch]], and private
>> sponsors including [[Reddit]] and [[Google]].<ref>Inc., The Tor
>>
>> Project,. "Tor: Sponsors". www.torproject.org. Retrieved 28 October
>> 2016.</ref> Dingledine said that the [[United States Department of
>>
>> Defense]] funds are more similar to a [[research grant]] than a
>> [[procurement|procurement contract]]. Tor executive director Andrew
>> Lewman said that even though it accepts funds from the U.S. federal
>> government, the Tor service did not collaborate with the NSA to reveal
>> identities of users.<ref name="wp-feds-pay" />
>>
>>
>> Critics say that Tor is not as secure as it claims,<ref>{{Cite news
>>
>> |date=2 September 2013 |title=Tor is Not as Safe as You May Think
>> |work=Infosecurity magazine
>> |url=http://www.infosecurity-magazine.com/news/tor-is-not-as-safe-as-you-may-think/
>> |access-date=30 August 2014 |archive-date=27 August 2014
>> |archive-url=https://web.archive.org/web/20140827203552/http://www.infosecurity-magazine.com/news/tor-is-not-as-safe-as-you-may-think/
>> |url-status=live }}</ref> pointing to U.S. law enforcement's
>>
>> investigations and shutdowns of Tor-using sites such as web-hosting
>> company [[Freedom Hosting]] and online marketplace [[Silk Road
>> (marketplace)|Silk Road]].<ref name="pando" /> In October 2013, after
>>
>> analyzing documents leaked by Edward Snowden, ''The Guardian''
>> reported that the NSA had repeatedly tried to crack Tor and had failed
>> to break its core security, although it had had some success attacking
>> the computers of individual Tor users.<ref name="guardian-nsa-target"
>> /> ''The Guardian'' also published a 2012 NSA classified slide deck,
>>
>> entitled "Tor Stinks", which said: "We will never be able to
>> de-anonymize all Tor users all the time", but "with manual analysis we
>> can de-anonymize a very small fraction of Tor users".<ref>{{Cite news
>>
>> |date=4 October 2014 |title='Tor Stinks' presentation – read the full
>> document |work=The Guardian
>> |url=https://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document
>> |access-date=30 August 2014 |archive-date=29 August 2014
>> |archive-url=https://web.archive.org/web/20140829193451/http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document
>> |url-status=live }}</ref> When Tor users are arrested, it is typically
>>
>> due to human error, not to the core technology being hacked or
>> cracked.<ref>{{cite web |last=O'Neill |first=Patrick Howell |date=2
>>
>> October 2014 |title=The real chink in Tor's armor
>> |url=http://www.dailydot.com/crime/silk-road-tor-arrests/ |website=The
>> Daily Dot |access-date=3 October 2014 |archive-date=25 May 2019
>> |archive-url=https://web.archive.org/web/20190525124144/https://www.dailydot.com/crime/silk-road-tor-arrests/
>> |url-status=live }}</ref> On 7 November 2014, for example, a joint
>>
>> operation by the FBI, ICE Homeland Security investigations and
>> European Law enforcement agencies led to 17 arrests and the seizure of
>> 27 sites containing 400 pages.<ref name="arrests" />{{Dubious |
>>
>> reason=The operation is so successful most likely because of Tor's
>> protocol weakness. Not a good example. (See "Relay early traffic
>> confirmation attack" above.) |date=July 2018}} A late 2014 report by
>> ''[[Der Spiegel]]'' using a new cache of Snowden leaks revealed,
>> however, that {{as of|2012|lc=y}} the NSA deemed Tor on its own as a
>> "major threat" to its mission, and when used in conjunction with other
>> privacy tools such as [[Off-the-Record Messaging|OTR]], Cspace,
>> [[ZRTP]], [[RedPhone]], [[Tails (operating system)|Tails]], and
>> [[TrueCrypt]] was ranked as "catastrophic," leading to a "near-total
>> loss/lack of insight to target communications, presence..."<ref
>> name="spiegel1" /><ref name="spiegel2" />
>>
>>
>> === 2011 ===
>> In March 2011, The Tor Project received the [[Free Software
>> Foundation]]'s 2010 Award for Projects of Social Benefit. The citation
>> read, "Using free software, Tor has enabled roughly 36 million people
>> around the world to experience freedom of access and expression on the
>> Internet while keeping them in control of their privacy and anonymity.
>> Its network has proved pivotal in dissident movements in both [[Iran]]
>> and more recently [[Egypt]]."<ref name="fsf-award" />
>>
>>
>> === 2012 ===
>> In 2012, ''[[Foreign Policy]]'' magazine named Dingledine, Mathewson,
>> and Syverson among its Top 100 Global Thinkers "for making the web
>> safe for whistleblowers".<ref name="fp-top100-thinkers" />
>>
>>
>> === 2013 ===
>> In 2013, [[Jacob Appelbaum]] described Tor as a "part of an ecosystem
>> of software that helps people regain and reclaim their autonomy. It
>> helps to enable people to have agency of all kinds; it helps others to
>> help each other and it helps you to help yourself. It runs, it is open
>> and it is supported by a large community spread across all walks of
>> life."<ref name="verge-applebaum" />
>>
>>
>> In June 2013, whistleblower [[Edward Snowden]] used Tor to send
>> information about [[PRISM (surveillance program)|PRISM]] to ''[[The
>> Washington Post]]'' and ''[[The Guardian]]''.<ref name="erste-darknet"
>> />
>>
>>
>> === 2014 ===
>> In 2014, the Russian government offered a $111,000 contract to "study
>> the possibility of obtaining technical information about users and
>> users' equipment on the Tor anonymous network".<ref name="ars-111k"
>> /><ref name="pcw-111k" />
>>
>>
>> In September 2014, in response to reports that [[Comcast]] had been
>> discouraging customers from using the Tor Browser, [[Comcast]] issued
>> a public statement that "We have no policy against Tor, or any other
>> browser or software."<ref>{{cite web
>>
>> |url=https://corporate.comcast.com/comcast-voices/setting-the-record-straight-on-tor
>> |title=Setting the Record Straight on Tor |first=Jason |last=Livingood
>> |date=2014-09-15 |quote=The report may have generated a lot of clicks
>> but is totally inaccurate. Comcast is not asking customers to stop
>> using Tor, or any other browser for that matter. We have no policy
>> against Tor, or any other browser or software. Customers are free to
>> use their Xfinity Internet service to visit any website, use any app,
>> and so forth. ... Comcast doesn't monitor our customer's browser
>> software, web surfing or online history. |access-date=5 January 2021
>> |archive-date=4 January 2021
>> |archive-url=https://web.archive.org/web/20210104165011/https://corporate.comcast.com/comcast-voices/setting-the-record-straight-on-tor
>> |url-status=live }}</ref>
>>
>>
>> In October 2014, The Tor Project hired the public relations firm
>> Thomson Communications to improve its public image (particularly
>> regarding the terms "Dark Net" and "hidden services," which are widely
>> viewed as being problematic) and to educate journalists about the
>> technical aspects of Tor.<ref>{{cite web |last=O'Neill |first=Patrick
>>
>> Howell |date=26 March 2015 |title=Tor's great rebranding
>> |url=http://www.dailydot.com/politics/tor-media-public-relations-perception/
>> |access-date=19 April 2015 |website=The Daily Dot |archive-date=12
>> April 2015
>> |archive-url=https://web.archive.org/web/20150412172355/http://www.dailydot.com/politics/tor-media-public-relations-perception/
>> |url-status=live }}</ref>
>>
>>
>> === 2015 ===
>> In June 2015, the [[United Nations special rapporteur|special
>> rapporteur]] from the United Nations' [[Office of the High
>> Commissioner for Human Rights]] specifically mentioned Tor in the
>> context of the debate in the U.S. about allowing so-called [[backdoor
>> (computing)|backdoors]] in encryption programs for law enforcement
>> purposes<ref>{{Cite news |last=Peterson |first=Andrea |date=28 May
>>
>> 2015 |title=U.N. report: Encryption is important to human rights — and
>> backdoors undermine it
>> |url=https://www.washingtonpost.com/blogs/the-switch/wp/2015/05/28/un-report-encryption-is-important-to-human-rights-and-backdoors-undermine-it
>> |newspaper=The Washington Post |access-date=17 September 2017
>> |archive-date=23 June 2015
>> |archive-url=https://web.archive.org/web/20150623030700/http://www.washingtonpost.com/blogs/the-switch/wp/2015/05/28/un-report-encryption-is-important-to-human-rights-and-backdoors-undermine-it/
>> |url-status=live }}</ref> in an interview for ''The Washington Post''.
>>
>>
>> In July 2015, the Tor Project announced an alliance with the [[Library
>> Freedom Project]] to establish exit nodes in public
>> libraries.<ref>{{cite web |title=Tor Exit Nodes in Libraries – Pilot
>>
>> (phase one)
>> |url=https://blog.torproject.org/blog/tor-exit-nodes-libraries-pilot-phase-one
>> |access-date=15 September 2015 |website=Tor Project.org
>> |archive-date=8 September 2015
>> |archive-url=https://web.archive.org/web/20150908012811/https://blog.torproject.org/blog/tor-exit-nodes-libraries-pilot-phase-one
>> |url-status=live }}</ref><ref>{{cite web |title=Library Freedom
>>
>> Project |url=https://libraryfreedomproject.org/ |access-date=15
>> September 2015 |website=libraryfreedomproject.org |archive-date=19
>> September 2015
>> |archive-url=https://web.archive.org/web/20150919100044/https://libraryfreedomproject.org/
>> |url-status=live }}</ref> The pilot program, which established a
>>
>> middle relay running on the excess bandwidth afforded by the Kilton
>> Library in [[Lebanon, New Hampshire]], making it the first library in
>> the U.S. to host a Tor node, was briefly put on hold when the local
>> city manager and deputy sheriff voiced concerns over the cost of
>> defending search warrants for information passed through the Tor exit
>> node. Although the <abbr title="US. Department of Homeland
>> Security">DHS</abbr> had alerted New Hampshire authorities to the fact
>>
>> that Tor is sometimes used by criminals, the Lebanon Deputy Police
>> Chief and the Deputy City Manager averred that no pressure to
>> strong-arm the library was applied, and the service was re-established
>> on 15 September 2015.<ref>{{cite web |last=Doyle-Burr |first=Nora
>>
>> |date=16 September 2015 |title=Despite Law Enforcement Concerns,
>> Lebanon Board Will Reactivate Privacy Network Tor at Kilton Library
>> |url=http://www.vnews.com/photos/inthenews/18620952-95/despite-law-enforcement-concerns-lebanon-board-will-reactivate-privacy-network-tor-at-kilton-library
>> |url-status=dead
>> |archive-url=https://web.archive.org/web/20150918031540/http://www.vnews.com/photos/inthenews/18620952-95/despite-law-enforcement-concerns-lebanon-board-will-reactivate-privacy-network-tor-at-kilton-library
>> |archive-date=18 September 2015 |access-date=20 November 2015
>> |website=Valley News}}</ref> U.S. Rep. [[Zoe Lofgren]] (D-Calif)
>>
>> released a letter on 10 December 2015, in which she asked the <abbr
>> title="US. Department of Homeland Security">DHS</abbr> to clarify its
>>
>> procedures, stating that "While the Kilton Public Library's board
>> ultimately voted to restore their Tor relay, I am no less disturbed by
>> the possibility that <abbr title="US. Department of Homeland
>> Security">DHS</abbr> employees are pressuring or persuading public and
>>
>> private entities to discontinue or degrade services that protect the
>> privacy and anonymity of U.S. citizens."<ref>{{cite web |date=10
>>
>> December 2015 |title=Lofgren questions DHS policy towards Tor Relays
>> |url=https://lofgren.house.gov/news/documentsingle.aspx?DocumentID=398038
>> |url-status=dead
>> |archive-url=https://web.archive.org/web/20160603144959/https://lofgren.house.gov/news/documentsingle.aspx?DocumentID=398038
>> |archive-date=3 June 2016 |access-date=4 June 2016
>> |website=house.gov}}</ref><ref>{{cite web |last=Geller |first=Eric
>>
>> |date=11 December 2015 |title=Democratic lawmaker wants to know if DHS
>> is sabotaging plans for Tor exit relays
>> |url=http://www.dailydot.com/politics/tor-libraries-dhs-zoe-lofgren-letter/
>> |access-date=4 June 2016 |website=The Daily Dot |archive-date=10 June
>> 2016
>> |archive-url=https://web.archive.org/web/20160610194930/http://www.dailydot.com/politics/tor-libraries-dhs-zoe-lofgren-letter/
>> |url-status=live }}</ref><ref name="Kopstein2015">{{cite web
>>
>> |last=Kopfstein |first=Janus |date=12 December 2015
>> |title=Congresswoman Asks Feds Why They Pressured a Library to Disable
>> Its Tor Node
>> |url=https://motherboard.vice.com/read/congresswoman-asks-feds-why-they-pressured-a-library-to-disable-its-tor-node
>> |url-status=live
>> |archive-url=https://web.archive.org/web/20151222171028/http://motherboard.vice.com/read/congresswoman-asks-feds-why-they-pressured-a-library-to-disable-its-tor-node
>> |archive-date=22 December 2015 |website=Motherboard}}</ref> In a 2016
>>
>> interview, Kilton Library IT Manager Chuck McAndrew stressed the
>> importance of getting libraries involved with Tor: "Librarians have
>> always cared deeply about protecting privacy, intellectual freedom,
>> and [[access to information]] (the freedom to read). Surveillance
>> has a very well-documented chilling effect on intellectual freedom. It
>> is the job of librarians to remove barriers to
>> information."<ref>{{Cite news |date=4 August 2016 |title=Tor crusader
>>
>> discuss privacy, freedom with ExpressVPN |language=en-US |work=Home of
>> internet privacy
>> |url=https://www.expressvpn.com/blog/chuck-mcandrew-defends-tor/
>> |access-date=11 September 2017 }}</ref> The second library to host a
>>
>> Tor node was the Las Naves Public Library in [[Valencia]], Spain,
>> implemented in the first months of 2016.<ref>{{Cite news |last=Gonzalo
>>
>> |first=Marilín |date=26 January 2016 |title=Esta biblioteca valenciana
>> es la segunda del mundo en unirse al proyecto Tor |language=es
>> |work=El Diario
>> |url=http://www.eldiario.es/cultura/tecnologia/privacidad/biblioteca-Valencia-primera-Unidos-Tor_0_476303147.html
>> |access-date=4 March 2016 |archive-date=7 March 2016
>> |archive-url=https://web.archive.org/web/20160307091514/http://www.eldiario.es/cultura/tecnologia/privacidad/biblioteca-Valencia-primera-Unidos-Tor_0_476303147.html
>> |url-status=live }}</ref>
>>
>>
>> In August 2015, an [[IBM]] security research group, called "X-Force",
>> put out a quarterly report that advised companies to block Tor on
>> security grounds, citing a "steady increase" in attacks from Tor exit
>> nodes as well as botnet traffic.<ref>{{cite web |last=Broersma
>>
>> |first=Matthew |date=26 August 2015 |title=IBM Tells Companies To
>> Block Tor Anonymisation Network
>> |url=http://www.techweekeurope.co.uk/security/ibm-companies-tor-175468
>> |access-date=15 September 2015 |website=TechWeekEurope UK
>> |archive-date=10 September 2015
>> |archive-url=https://web.archive.org/web/20150910211854/http://www.techweekeurope.co.uk/security/ibm-companies-tor-175468
>> |url-status=live }}</ref>
>>
>>
>> In September 2015, Luke Millanta created OnionView, a web service that
>> plots the location of active Tor relay nodes onto an interactive map
>> of the world. The project's purpose was to detail the network's size
>> and escalating growth rate.<ref>{{Cite magazine |last=Greenberg
>>
>> |first=Andy |date=14 September 2015 |title=Mapping How Tor's Anonymity
>> Network Spread Around the World
>> |url=https://www.wired.com/2015/09/mapping-tors-anonymity-network-spread-around-world/
>> |magazine=Wired |access-date=9 February 2016 |archive-date=3 February
>> 2016
>> |archive-url=https://web.archive.org/web/20160203154307/http://www.wired.com/2015/09/mapping-tors-anonymity-network-spread-around-world
>> |url-status=live }}</ref>
>>
>>
>> In December 2015, [[Daniel Ellsberg]] (of the [[Pentagon
>> Papers]]),<ref>{{cite web |date=26 December 2015 |title=This is What a
>>
>> Tor Supporter Looks Like: Daniel Ellsberg
>> |url=https://blog.torproject.org/blog/what-tor-supporter-looks-daniel-ellsberg
>> |access-date=4 June 2016 |website=The Tor Blog |archive-date=4 March
>> 2016
>> |archive-url=https://web.archive.org/web/20160304100212/https://blog.torproject.org/blog/what-tor-supporter-looks-daniel-ellsberg
>> |url-status=live }}</ref> [[Cory Doctorow]] (of [[Boing
>>
>> Boing]]),<ref>{{cite web |date=18 December 2015 |title=This is What a
>>
>> Tor Supporter Looks Like: Cory Doctorow
>> |url=https://blog.torproject.org/blog/what-tor-supporter-looks-cory-doctorow
>> |access-date=4 June 2016 |website=The Tor Blog |archive-date=16 June
>> 2016
>> |archive-url=https://web.archive.org/web/20160616210816/https://blog.torproject.org/blog/what-tor-supporter-looks-cory-doctorow
>> |url-status=live }}</ref> [[Edward Snowden]],<ref>{{cite web |date=30
>>
>> December 2015 |title=This is What a Tor Supporter Looks Like: Edward
>> Snowden
>> |url=https://blog.torproject.org/blog/what-tor-supporter-looks-edward-snowden
>> |access-date=4 June 2016 |website=The Tor Blog |archive-date=9 April
>> 2016
>> |archive-url=https://web.archive.org/web/20160409024736/https://blog.torproject.org/blog/what-tor-supporter-looks-edward-snowden
>> |url-status=live }}</ref> and artist-activist [[Molly
>>
>> Crabapple]],<ref>{{cite web |date=9 December 2015 |title=This is what
>>
>> a Tor Supporter looks like: Molly Crabapple
>> |url=https://blog.torproject.org/blog/what-tor-supporter-looks-molly-crabapple
>> |access-date=4 June 2016 |website=The Tor Blog |archive-date=16 June
>> 2016
>> |archive-url=https://web.archive.org/web/20160616210748/https://blog.torproject.org/blog/what-tor-supporter-looks-molly-crabapple
>> |url-status=live }}</ref> amongst others, announced their support of
>>
>> Tor.
>>
>> === 2016 ===
>> In March 2016, New Hampshire state representative [[Keith Ammon]]
>> introduced a bill<ref>{{cite web |date=10 March 2016 |title=House Bill
>>
>> 1508: An Act allowing public libraries to run certain privacy software
>> |url=http://www.gencourt.state.nh.us/bill_status/billText.aspx?id=796&txtFormat=html
>> |access-date=4 June 2016 |website=New Hampshire State Government
>> |archive-date=11 April 2017
>> |archive-url=https://web.archive.org/web/20170411043230/http://www.gencourt.state.nh.us/bill_status/billText.aspx?id=796&txtFormat=html
>> |url-status=live }}</ref> allowing public libraries to run privacy
>>
>> software. The bill specifically referenced Tor. The text was crafted
>> with extensive input from [[Alison Macrina]], the director of the
>> [[Library Freedom Project]].<ref name="Proposed New Hampshire
>> bill">{{cite web |last=O'Neill |first=Patrick Howell |date=18 February
>>
>> 2016 |title=New Hampshire bill allows for libraries' usage of
>> encryption and privacy software
>> |url=http://www.dailydot.com/politics/new-hampshire-tor-library-legislation/
>> |access-date=10 March 2016 |website=The Daily Dot |archive-date=11
>> March 2016
>> |archive-url=https://web.archive.org/web/20160311073326/http://www.dailydot.com/politics/new-hampshire-tor-library-legislation/
>> |url-status=live }}</ref> The bill was passed by the House
>>
>> 268–62.<ref>{{cite web |title=New Hampshire HB1508 – 2016 – Regular
>>
>> Session |url=https://legiscan.com/NH/text/HB1508/id/1288060
>> |access-date=4 June 2016 |website=legiscan.com |archive-date=29 July
>> 2016
>> |archive-url=https://web.archive.org/web/20160729171429/https://legiscan.com/NH/text/HB1508/id/1288060
>> |url-status=live }}</ref>
>>
>>
>> Also in March 2016, the first Tor node, specifically a middle relay,
>> was established at a library in Canada, the Graduate Resource Centre
>> (GRC) in the Faculty of Information and Media Studies (FIMS) at the
>> [[University of Western Ontario]].<ref name="Western FIMS
>> relay">{{cite web |date=14 March 2016 |title=Library in FIMS joins
>>
>> global network fighting back against digital surveillance, censorship,
>> and the obstruction of information
>> |url=http://www.fims.uwo.ca/news/2016/library_in_fims_joins_global_network_fighting_back_against_digital_surveillance_censorship_and_the_obstruction_of_information.html
>> |access-date=16 March 2016 |website=FIMS News |archive-date=20 March
>> 2016
>> |archive-url=https://web.archive.org/web/20160320112332/http://www.fims.uwo.ca/news/2016/library_in_fims_joins_global_network_fighting_back_against_digital_surveillance_censorship_and_the_obstruction_of_information.html
>> |url-status=live }}</ref> Given that the running of a Tor exit node is
>>
>> an unsettled area of Canadian law,<ref name="Legality of running a Tor
>> exit node in Canada">{{cite web |last=Pearson |first=Jordan |date=25
>>
>> September 2015 |title=Can You Be Arrested for Running a Tor Exit Node
>> In Canada?
>> |url=https://motherboard.vice.com/read/can-you-be-arrested-for-running-a-tor-exit-node-in-canada
>> |access-date=16 March 2016 |website=Motherboard |archive-date=23 March
>> 2016
>> |archive-url=https://web.archive.org/web/20160323231601/https://motherboard.vice.com/read/can-you-be-arrested-for-running-a-tor-exit-node-in-canada
>> |url-status=live }}</ref> and that in general institutions are more
>>
>> capable than individuals to cope with legal pressures, Alison Macrina
>> of the Library Freedom Project has opined that in some ways she would
>> like to see intelligence agencies and law enforcement attempt to
>> intervene in the event that an exit node were established.<ref
>> name="Fighting the Feds on running a Tor node">{{cite web
>>
>> |last=Pearson |first=Jordan |date=16 March 2016 |title=Canadian
>> Librarians Must Be Ready to Fight the Feds on Running a Tor Node
>> |url=https://motherboard.vice.com/en_ca/read/canadian-librarians-must-be-ready-to-fight-the-feds-on-running-a-tor-node-western-library-freedom-project
>> |access-date=16 March 2016 |website=Motherboard |archive-date=19 March
>> 2016
>> |archive-url=https://web.archive.org/web/20160319083936/http://motherboard.vice.com/en_ca/read/canadian-librarians-must-be-ready-to-fight-the-feds-on-running-a-tor-node-western-library-freedom-project
>> |url-status=live }}</ref>
>>
>>
>> On 16 May 2016, [[CNN]] reported on the case of core Tor developer
>> isis agora lovecruft,<ref name="lovecruft 2020 tweet">{{cite web
>>
>> |url=https://twitter.com/isislovecruft/status/1258515495851921408
>> |last=lovecruft |first=isis agora |title=May 7, 2020 Tweet
>> |date=2020-05-07 |quote=my name is isis agora lovecruft not Isis Agora
>> Lovecruft}}</ref> who had fled to Germany under the threat of a
>>
>> subpoena by the FBI during the Thanksgiving break of the previous
>> year. The [[Electronic Frontier Foundation]] legally represented
>> lovecruft.<ref name="Harassment of Isis Agora Lovecruft">{{cite web
>>
>> |last=Pagliery |first=Jose |date=17 May 2016 |title=Developer of
>> anonymous Tor software dodges FBI, leaves US
>> |url=https://money.cnn.com/2016/05/17/technology/tor-developer-fbi/index.html
>> |access-date=17 May 2016 |website=CNN |archive-date=17 May 2016
>> |archive-url=https://web.archive.org/web/20160517153400/http://money.cnn.com/2016/05/17/technology/tor-developer-fbi/index.html
>> |url-status=live }}</ref>
>>
>>
>> On 2 December 2016, ''[[The New Yorker]]'' reported on burgeoning
>> [[digital privacy]] and security workshops in the [[San Francisco Bay
>> Area]], particularly at the [[hackerspace]] [[Noisebridge]], in the
>> wake of the [[2016 United States presidential election]]; downloading
>> the Tor browser was mentioned.<ref name="Trump Preparerdness">{{Cite
>>
>> magazine |last=Weiner |first=Anna |date=2 December 2016 |title=Trump
>> Preparedness: Digital Security 101
>> |url=https://www.newyorker.com/culture/culture-desk/trump-preparedness-digital-security-101
>> |magazine=The New Yorker |access-date=20 February 2020
>> |archive-date=25 October 2020
>> |archive-url=https://web.archive.org/web/20201025144947/https://www.newyorker.com/culture/culture-desk/trump-preparedness-digital-security-101
>> |url-status=live }}</ref> Also, in December 2016, Turkey has blocked
>>
>> the usage of Tor, together with ten of the most used [[VPN]] services
>> in Turkey, which were popular ways of accessing banned social media
>> sites and services.<ref>{{cite web |date=19 December 2016
>>
>> |title=Turkey Partially Blocks Access to Tor and Some VPNs
>> |url=https://www.bleepingcomputer.com/news/government/turkey-partially-blocks-access-to-tor-and-some-vpns/}}</ref>
>>
>>
>> Tor (and [[Bitcoin]]) was fundamental to the operation of the darkweb
>> marketplace [[AlphaBay]], which was taken down in an international law
>> enforcement operation in July 2017.<ref name="forfeit">{{cite web
>>
>> |date=20 July 2017 |title=Forfeiture Complaint
>> |url=https://www.justice.gov/opa/press-release/file/982821/download
>> |publisher=Justice.gov |page=27 |access-date=28 July 2017
>> |archive-date=23 September 2020
>> |archive-url=https://web.archive.org/web/20200923012828/https://www.justice.gov/opa/press-release/file/982821/download
>> |url-status=live }}</ref> Despite federal claims that Tor would not
>>
>> shield a user, however,<ref name="Ten times the size of Silk
>> Road.">{{cite web |last=Leyden |first=John |date=20 July 2017
>>
>> |title=Cops harpoon two dark net whales in megabust: AlphaBay and
>> Hansa : Tor won't shield you, warn Feds
>> |url=https://www.theregister.co.uk/2017/07/20/dark_net_megabust/
>> |access-date=21 July 2017 |website=The Register |archive-date=23 May
>> 2020
>> |archive-url=https://web.archive.org/web/20200523085637/https://www.theregister.co.uk/2017/07/20/dark_net_megabust/
>> |url-status=live }}</ref> elementary [[operational security]] errors
>>
>> outside of the ambit of the Tor network led to the site's
>> downfall.<ref name="Operational Security Nonexistant">{{cite web
>>
>> |last=McCarthy |first=Kieren |date=20 July 2017 |title=Alphabay
>> shutdown: Bad boys, bad boys, what you gonna do? Not use your
>> Hotmail... ...or the Feds will get you ♪
>> |url=https://www.theregister.co.uk/2017/07/20/alphabay_hotmail_fbi/
>> |access-date=21 July 2017 |website=The Register |archive-date=23 May
>> 2020
>> |archive-url=https://web.archive.org/web/20200523085638/https://www.theregister.co.uk/2017/07/20/alphabay_hotmail_fbi/
>> |url-status=live }}</ref>
>>
>>
>> === 2017 ===
>> In June 2017 the [[Democratic Socialists of America]] recommended
>> intermittent Tor usage.<ref>{{cite web
>>
>> |url=https://www.dsausa.org/organize/info_security/ |title=Information
>> Security Memo for Members |date=2017-07-11 |publisher=[[Democratic
>> Socialists of America]] |access-date=20 January 2021 |archive-date=20
>> January 2021
>> |archive-url=https://web.archive.org/web/20210120104155/https://www.dsausa.org/organize/info_security/
>> |url-status=live }}</ref><ref>{{cite web
>>
>> |url=https://www.dsausa.org/files/2017/07/DSAInformationSecurityRecommendations_June2017.pdf
>> |title=INFORMATION SECURITY RECOMMENDATIONS |date=June 2017
>> |publisher=[[Democratic Socialists of America]] |access-date=20
>> January 2021 |archive-date=7 September 2020
>> |archive-url=https://web.archive.org/web/20200907193927/https://www.dsausa.org/files/2017/07/DSAInformationSecurityRecommendations_June2017.pdf
>> |url-status=live }}</ref> And in August 2017, according to reportage
>>
>> cybersecurity firms which specialize in monitoring and researching the
>> dark Web (which relies on Tor as its infrastructure) on behalf of
>> banks and retailers routinely share their findings with the [[FBI]]
>> and with other law enforcement agencies "when possible and necessary"
>> regarding illegal content. The Russian-speaking underground offering a
>> crime-as-a-service model is regarded as being particularly robust.<ref
>> name="Dark Web Mainstream Media Coverage">{{cite web |last=Johnson
>>
>> |first=Tim |date=2 August 2017 |title=Shocked by gruesome crime, cyber
>> execs help FBI on dark web
>> |url=http://www.idahostatesman.com/news/nation-world/national/article164797842.html
>> |website=Idaho Statesman}}</ref>
>>
>>
>> === 2018 ===
>> In June 2018, Venezuela blocked access to the Tor network. The block
>> affected both direct connections to the network and connections being
>> made via bridge relays.<ref name="Venezuela Blocks Tor">{{cite web
>>
>> |last=Brandom |first=Russell |date=25 June 2018 |title=Venezuela is
>> blocking access to the Tor network 16 Just days after new web blocks
>> were placed on local media outlets
>> |url=https://www.theverge.com/2018/6/25/17503680/venezuela-tor-blocked-web-censorship
>> |access-date=26 June 2018 |website=The Verge |archive-date=26 June
>> 2018
>> |archive-url=https://web.archive.org/web/20180626000651/https://www.theverge.com/2018/6/25/17503680/venezuela-tor-blocked-web-censorship
>> |url-status=live }}</ref>
>>
>>
>> On 20 June 2018, Bavarian police raided the homes of the board members
>> of the non-profit Zwiebelfreunde, a member of [[torservers.net]],
>> which handles the European financial transactions of [[riseup]].net in
>> connection with a blog post there which apparently promised violence
>> against the upcoming [[Alternative for Germany]] convention.<ref
>> name="June 2018 Bavarian Raid">{{cite web |last=Grauer |first=Yael
>>
>> |date=4 July 2018 |title=German police raid homes of Tor-linked
>> group's board members One board member described the police's
>> justification for the raids as a "tenuous" link between the privacy
>> group, a blog, and its email address
>> |url=https://www.zdnet.com/article/german-police-raid-homes-of-tor-linked-groups-board-members/
>> |access-date=6 July 2018 |website=ZDNet |archive-date=6 July 2018
>> |archive-url=https://web.archive.org/web/20180706000125/https://www.zdnet.com/article/german-police-raid-homes-of-tor-linked-groups-board-members/
>> |url-status=live }}</ref><ref name="Police searches homes of
>>
>> Zwiebelfreunde board members as well as OpenLab in Augsburg">{{cite
>>
>> web |last=n/a |first=46halbe |date=4 July 2018 |title=Police searches
>> homes of "Zwiebelfreunde" board members as well as "OpenLab" in
>> Augsburg
>> |url=https://www.ccc.de/en/updates/2018/hausdurchsuchungen-bei-vereinsvorstanden-der-zwiebelfreunde-und-im-openlab-augsburg
>> |access-date=6 July 2018 |website=Chaos Computer Club |archive-date=4
>> July 2018
>> |archive-url=https://web.archive.org/web/20180704101613/https://www.ccc.de/en/updates/2018/hausdurchsuchungen-bei-vereinsvorstanden-der-zwiebelfreunde-und-im-openlab-augsburg
>> |url-status=live }}</ref> Tor came out strongly against the raid
>>
>> against its support organization, which provides legal and financial
>> aid for the setting up and maintenance of high-speed relays and exit
>> nodes.<ref name="In Support of Torservers">{{cite web |last=Stelle
>>
>> |first=Sharon |date=5 July 2018 |title=In Support of Torservers
>> |url=https://blog.torproject.org/support-torservers |access-date=6
>> July 2018 |website=TorProject.org |archive-date=7 July 2018
>> |archive-url=https://web.archive.org/web/20180707042439/https://blog.torproject.org/support-torservers
>> |url-status=live }}</ref> According to Torservers.net, on 23 August
>>
>> 2018 the German court at Landgericht München ruled that the raid and
>> seizures were illegal. The hardware and documentation seized had been
>> kept under seal, and purportedly were neither analyzed nor evaluated
>> by the Bavarian police.<ref>{{cite web |date=24 August 2018
>>
>> |title=Gericht urteilt: Durchsuchung bei Zwiebelfreunden war
>> rechtswidrig [Update]
>> |url=https://netzpolitik.org/2018/gericht-urteilt-durchsuchung-bei-zwiebelfreunden-war-rechtswidrig/
>> |access-date=1 December 2019 |archive-date=12 October 2019
>> |archive-url=https://web.archive.org/web/20191012011235/https://netzpolitik.org/2018/gericht-urteilt-durchsuchung-bei-zwiebelfreunden-war-rechtswidrig/
>> |url-status=live }}</ref><ref>{{cite web |title=LG München I:
>>
>> Hausdurchsuchungen bei Verein Zwiebelfreunde waren rechtswidrig
>> |url=https://rsw.beck.de/aktuell/meldung/lg-muenchen-i-hausdurchsuchungen-bei-netzaktivisten-rechtswidrig
>> |website=Aktuell |access-date=1 December 2019 |archive-date=15
>> February 2021
>> |archive-url=https://web.archive.org/web/20210215083404/https://rsw.beck.de/aktuell/daily/meldung/detail/lg-muenchen-i-hausdurchsuchungen-bei-netzaktivisten-rechtswidrig
>> |url-status=live }}</ref>
>>
>>
>> Since October 2018, [[internet in China|Chinese online communities]]
>> within Tor have begun to dwindle due to increased efforts to stop them
>> by the Chinese government.<ref>{{cite web |year=2018 |title=China's
>>
>> clampdown on Tor pushes its hackers into foreign backyards
>> |website=[[The Register]]
>> |url=https://www.theregister.co.uk/2018/10/10/russia_china_hacker_forum_comparison
>> |access-date=10 October 2018 |archive-date=10 October 2018
>> |archive-url=https://web.archive.org/web/20181010184728/https://www.theregister.co.uk/2018/10/10/russia_china_hacker_forum_comparison/
>> |url-status=live }}</ref>
>>
>>
>> === 2019 ===
>> In November 2019, [[Edward Snowden]] called for a full, unabridged
>> [[simplified Chinese]] translation of his autobiography, ''[[Permanent
>> Record (autobiography)|Permanent Record]]'', as the Chinese publisher
>> had violated their agreement by expurgating all mentions of Tor and
>> other matters deemed politically sensitive by the [[Chinese Communist
>> Party]].<ref name="Edward Snowden blew the whistle on how Chinese
>> censors scrubbed his book">{{cite web |last=Stegner |first=Isabella
>>
>> |date=12 November 2019 |title=Edward Snowden blew the whistle on how
>> Chinese censors scrubbed his book
>> |url=https://qz.com/1746780/edward-snowden-calls-out-chinese-censorship-of-his-book/
>> |url-status=live
>> |archive-url=https://web.archive.org/web/20191115103544/https://qz.com/1746780/edward-snowden-calls-out-chinese-censorship-of-his-book/
>> |archive-date=15 November 2019 |access-date=12 November 2019
>> |website=Quartz}}</ref><ref>{{cite web |last=Snowden |first=Edward
>>
>> |date=11 November 2019 |title=The Chinese edition of my new book,
>> #PermanentRecord, has just been censored.
>> |url=https://twitter.com/Snowden/status/1194092273170038784
>> |url-status=live
>> |archive-url=https://web.archive.org/web/20191112032031/https://twitter.com/Snowden/status/1194092273170038784
>> |archive-date=12 November 2019 |access-date=8 December 2019
>> |website=Twitter (@Snowden) |language=en }}</ref>
>>
>>
>> === 2021 ===
>> On 8 December 2021, the Russian government agency [[Federal Service
>> for Supervision of Communications, Information Technology and Mass
>> Media|Roskomnadzor]] announced it has banned Tor and six VPN services
>> for failing to abide by the [[Russian Internet blacklist]].<ref>{{cite
>>
>> web|date=2021-12-08|title=Russia Bans More VPN Products and TOR -
>> December 8,
>> 2021|url=https://dailynewsbrief.com/2021/12/08/russia-bans-more-vpn-products-and-tor/|access-date=2021-12-11|website=Daily
>> NewsBrief|language=en-US}}</ref> Russian ISPs unsuccessfully attempted
>>
>> to block Tor's main website as well as several bridges beginning on 1
>> December 2021.<ref>{{cite web |title=Russia Ratchets up Internet
>>
>> Control by Blocking Privacy Service Tor
>> |url=https://www.usnews.com/news/technology/articles/2021-12-08/russia-ratchets-up-internet-crackdown-with-block-of-privacy-service-tor
>> |website=U.S. News & World Report |access-date=8 December 2021
>> |language=en}}</ref> The Tor Project has appealed to Russian courts
>>
>> over this ban.<ref>{{cite web |title=Tor Project appeals Russian
>>
>> court's decision to block access to Tor
>> |url=https://www.bleepingcomputer.com/news/security/tor-project-appeals-russian-courts-decision-to-block-access-to-tor/
>> |access-date=2022-03-08 |website=BleepingComputer
>> |language=en-us}}</ref>
>>
>>
>> === 2022 ===
>> In response to [[Internet censorship]] in the [[Russo-Ukraine War]]
>> the [[BBC]] and [[VOA]] have directed Russian audiences to
>> Tor.<ref>{{cite web
>>
>> |url=https://www.wsj.com/articles/russia-rolls-down-internet-iron-curtain-but-gaps-remain-11647087321
>> |title=Russia Rolls Down Internet Iron Curtain, but Gaps Remain
>> |work=The Wall Street Journal |last1=Schechner |first1=Sam
>> |last2=Hagey |first2=Keach |date=12 March 2022 |access-date=17 March
>> 2022}}</ref> The Russian government increased efforts to block access
>>
>> to Tor through technical and political means, and the network reported
>> an increase in traffic from Russia using its anti-censorship
>> [[Snowflake (software)|Snowflake tool]].<ref name=wired>{{cite
>>
>> magazine|url=https://www.wired.com/story/tor-browser-russia-blocks/
>> |title=How Tor Is Fighting—and Beating—Russian Censorship |first=Matt
>> |last=Burgess |magazine=[[Wired (magazine)|WIRED]] |date=July 28, 2022
>> |access-date=2022-07-30}}</ref>
>>
>>
>> Iran implemented rolling internet blackouts during the [[Mahsa Amini
>> protests]], and Tor and Snowflake were used to circumvent them.<ref
>> name=skyrocket>{{cite news |last1=Browne |first1=Ryan |title=VPN use
>>
>> skyrockets in Iran as citizens navigate internet censorship under
>> Tehran's crackdown
>> |url=https://www.cnbc.com/2022/10/07/vpn-use-skyrockets-in-iran-as-citizens-navigate-internet-censorship.html
>> |work=CNBC |language=en}}</ref><ref name=FAZ>{{cite news
>>
>> |last1=Küchemann |first1=Fridtjof |title=Per Snowflake ins
>> TOR-Netzwerk: Online-Gasse für Menschen in Iran
>> |url=https://www.faz.net/aktuell/feuilleton/medien/zugang-fuer-iraner-per-snowflake-ins-tor-netzwerk-18346679.html
>> |work=[[Frankfurter Allgemeine Zeitung]] |date=27.09.2022
>> |language=de}}</ref><ref name=rnd>{{cite news |last1=Schwarzer
>>
>> |first1=Matthias |title=Netzsperre im Iran umgehen: Wie "Snowflake"
>> einen Weg ins freie Internet ermöglicht - so kann der Westen helfen
>> |url=https://www.rnd.de/digital/netzsperre-im-iran-umgehen-wie-snowflake-einen-weg-ins-freie-internet-ermoeglicht-so-kann-der-westen-SE3LNI5BKNHJHGJJK2UZHWHXRA.html
>> |access-date=10 October 2022 |work=[[Redaktions Netzwerk Deutschland]]
>> |publisher=www.rnd.de |date=30.09.2022, 09:00 Uhr
>> |language=de}}</ref><ref name=EFF>{{cite web |last1=Quintin
>>
>> |first1=Cooper |title=Snowflake Makes It Easy For Anyone to Fight
>> Censorship
>> |url=https://www.eff.org/deeplinks/2022/10/snowflake-makes-it-easy-anyone-fight-censorship
>> |website=Electronic Frontier Foundation |language=en |date=4 October
>> 2022}}</ref>
>>
>>
>> China, with its highly centralized control of its internet, had
>> effectively blocked Tor.<ref name=wired/>
>>
>>
>> == Improved security ==
>> Tor responded to earlier vulnerabilities listed above by patching them
>> and improving security. In one way or another, human (user) errors can
>> lead to detection. The Tor Project website provides the best practices
>> (instructions) on how to properly use the Tor browser. When improperly
>> used, Tor is not secure. For example, Tor warns its users that not all
>> traffic is protected; only the traffic routed through the Tor browser
>> is protected. Users are also warned to use [[HTTPS]] versions of
>> websites, not to [[BitTorrent|torrent]] with Tor, not to enable
>> browser plugins, not to open documents downloaded through Tor while
>> online, and to use safe bridges.<ref>{{cite web |title=The Tor Project
>>
>> | Privacy & Freedom Online |url=https://torproject.org/
>> |website=torproject.org |access-date=31 October 2019 |archive-date=31
>> October 2019
>> |archive-url=https://web.archive.org/web/20191031195458/https://www.torproject.org/
>> |url-status=live }}</ref> Users are also warned that they cannot
>>
>> provide their name or other revealing information in web forums over
>> Tor and stay anonymous at the same time.<ref name="stayan">{{cite web
>>
>> |title=Tor: Overview – Staying anonymous
>> |url=https://www.torproject.org/about/overview.html.en |access-date=21
>> September 2016 |archive-date=6 June 2015
>> |archive-url=https://web.archive.org/web/20150606002957/https://www.torproject.org/about/overview.html.en
>> |url-status=live }}</ref>
>>
>>
>> Despite intelligence agencies' claims that 80% of Tor users would be
>> de-anonymized within 6 months in the year 2013,<ref
>> name="arstechnica.com">{{cite web |date=31 August 2016 |title=Building
>>
>> a new Tor that can resist next-generation state surveillance
>> |url=https://arstechnica.com/security/2016/08/building-a-new-tor-that-withstands-next-generation-state-surveillance/
>> |access-date=13 September 2016 |website=arstechnica.com
>> |archive-date=11 September 2016
>> |archive-url=https://web.archive.org/web/20160911030754/http://arstechnica.com/security/2016/08/building-a-new-tor-that-withstands-next-generation-state-surveillance/
>> |url-status=live }}</ref> that has still not happened. In fact, as
>>
>> late as September 2016, the FBI could not locate, de-anonymize and
>> identify the Tor user who hacked into the email account of a staffer
>> on [[Hillary Clinton]]'s email server.<ref>{{cite web |last=Francis
>>
>> |first=Elias Groll, David |title=FBI: An Account on Clinton's Private
>> Email Server Was Hacked
>> |url=https://foreignpolicy.com/2016/09/02/fbi-an-account-on-clintons-private-email-server-was-hacked/
>> |access-date=2020-10-28 |website=Foreign Policy |language=en-US
>> |archive-date=31 October 2020
>> |archive-url=https://web.archive.org/web/20201031022316/https://foreignpolicy.com/2016/09/02/fbi-an-account-on-clintons-private-email-server-was-hacked/
>> |url-status=live }}</ref>
>>
>>
>> The best tactic of law enforcement agencies to de-anonymize users
>> appears to remain with Tor-relay adversaries running poisoned nodes,
>> as well as counting on the users themselves using the Tor browser
>> improperly. For example, downloading a video through the Tor browser
>> and then opening the same file on an unprotected hard drive while
>> online can make the users' real IP addresses available to
>> authorities.<ref>{{cite web |date=16 August 2016 |title=Aussie cops
>>
>> ran child porn site for months, revealed 30 US IPs
>> |url=https://arstechnica.com/tech-policy/2016/08/aussie-cops-ran-child-porn-site-for-months-revealed-30-us-ips/
>> |access-date=13 September 2016 |website=arstechnica.com
>> |archive-date=8 September 2016
>> |archive-url=https://web.archive.org/web/20160908002444/http://arstechnica.com/tech-policy/2016/08/aussie-cops-ran-child-porn-site-for-months-revealed-30-us-ips/
>> |url-status=live }}</ref>
>>
>>
>> === Odds of detection ===
>> When properly used, odds of being de-anonymized through Tor are said
>> to be extremely low. Tor project's co-founder [[Nick Mathewson]]
>> explained that the problem of "Tor-relay adversaries" running poisoned
>> nodes means that a theoretical adversary of this kind is not the
>> network's greatest threat:
>>
>> {{quotation|"No adversary is truly global, but no adversary needs to
>> be truly global," he says. "Eavesdropping on the entire Internet is a
>> several-billion-dollar problem. Running a few computers to eavesdrop
>> on a lot of traffic, a selective denial of service attack to drive
>> traffic to your computers, that's like a tens-of-thousands-of-dollars
>> problem." At the most basic level, an attacker who runs two poisoned
>> Tor nodes—one entry, one exit—is able to analyse traffic and thereby
>> identify the tiny, unlucky percentage of users whose circuit happened
>> to cross both of those nodes. In 2016 the Tor network offers a total
>> of around 7,000 relays, around 2,000 guard (entry) nodes and around
>> 1,000 exit nodes. So the odds of such an event happening are one in
>> two million ({{Frac|1|2000}} × {{Frac|1|1000}}), give or take."<ref
>> name="arstechnica.com" />}}
>>
>>
>> Tor does not provide protection against [[Timing attack|end-to-end
>> timing attack]]s: if an attacker can watch the traffic coming out of
>> the target computer, and also the traffic arriving at the target's
>> chosen destination (e.g. a server hosting a .onion site), that
>> attacker can use statistical analysis to discover that they are part
>> of the same circuit.<ref name=stayan/>
>>
>>
>> === Levels of security ===
>> {{More citations needed section|date=December 2021}}
>>
>> Depending on individual user needs, Tor browser offers three levels of
>> security located under the Security Level (the small gray shield at
>> the top-right of the screen) icon > Advanced Security Settings. In
>>
>> addition to encrypting the data, including constantly changing an IP
>> address through a virtual circuit comprising successive, randomly
>> selected Tor relays, several other layers of security are at a user's
>> disposal:
>>
>> # '''Standard (default) – at this security level, all browser features
>> are enabled.'''
>> #* This level provides the most usable experience, and the lowest
>> level of security.
>> # '''Safer – at this security level, the following changes apply:'''
>> #* JavaScript is disabled on non-HTTPS sites.
>> #* On sites where JavaScript is enabled, performance optimizations are
>> disabled. Scripts on some sites may run slower.
>> #* Some mechanisms of displaying math equations are disabled.
>> #* Audio and video (HTML5 media), and WebGL are click-to-play.
>> # '''Safest – at this security level, these additional changes apply:'''
>> #* JavaScript is disabled by default on all sites.
>> #* Some fonts, icons, math symbols, and images are disabled.
>> #* Audio and video (HTML5 media), and WebGL are click-to-play.
>>
>> ==See also==
>> <!-- Please keep entries in alphabetical order & add a short
>> description [[WP:SEEALSO]] -->
>>
>> {{Div col|colwidth=20em|small=yes}}
>> * [[.onion]]
>> * [[Anonymous P2P]]
>> * [[Anonymous web browsing]]
>> * [[Briar (software)|Briar: messaging app on Tor network]]
>> * [[Crypto-anarchism]]
>> * [[Darknet]]
>> * [[Dark web]]
>> * [[Deep web]]
>> * [[Freedom of information]]
>> * [[Freenet]]
>> * [[GNUnet]]
>> * [[I2P]]
>> * [[Internet censorship]]
>> * [[Internet censorship circumvention]]
>> * [[Internet privacy]]
>> * [[Privoxy]]
>> * [[Proxy server]]
>> * [[Psiphon]]
>> * [[Tor2web]]
>> * [[Tor Phone]]
>> * [[torservers.net]]
>> {{div col end}}
>> <!-- Please keep entries in alphabetical order -->
>>
>> {{Portal bar| Anarchism |Free and open-source software |Freedom of
>> speech |Internet }}
>>
>> == Citations ==
>> {{Reflist|refs=
>>
>> <ref name="spiegel2">{{Cite news |date=28 December 2014
>>
>> |title=Presentation from the SIGDEV Conference 2012 explaining which
>> encryption protocols and techniques can be attacked and which not
>> |work=Der Spiegel |url=http://www.spiegel.de/media/media-35535.pdf
>> |access-date=23 January 2015 |archive-date=8 October 2018
>> |archive-url=https://web.archive.org/web/20181008114248/http://www.spiegel.de/media/media-35535.pdf
>> |url-status=live }}</ref>
>>
>>
>> <ref name="spiegel1">{{Cite news |last=SPIEGEL Staff |date=28 December
>>
>> 2014 |title=Prying Eyes: Inside the NSA's War on Internet Security
>> |work=Der Spiegel
>> |url=http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html
>> |access-date=23 January 2015 |archive-date=24 January 2015
>> |archive-url=https://web.archive.org/web/20150124202809/http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html
>> |url-status=live }}</ref>
>>
>>
>> <ref name="01-chercheurs">{{cite web |title=Des chercheurs Francais
>>
>> cassent le reseau d'anonymisation Tor
>> |url=http://pro.01net.com/editorial/544024/des-chercheurs-francais-cassent-le-reseau-danonymisation-tor/
>> |access-date=17 October 2011 |website=01net.com |language=fr
>> |archive-date=16 October 2011
>> |archive-url=https://web.archive.org/web/20111016155325/http://pro.01net.com/editorial/544024/des-chercheurs-francais-cassent-le-reseau-danonymisation-tor/
>> |url-status=live }}</ref>
>>
>>
>> <ref name="andssy-sniper">{{Cite conference |last1=Jansen |first1=Rob
>>
>> |last2=Tschorsch |first2=Florian |last3=Johnson |first3=Aaron
>> |last4=Scheuermann |first4=Björn |year=2014 |title=The Sniper Attack:
>> Anonymously Deanonymizing and Disabling the Tor Network
>> |url=http://www.robgjansen.com/publications/sniper-ndss2014.pdf
>> |conference=21st Annual Network & Distributed System Security
>> Symposium |access-date=28 April 2014 |archive-date=30 June 2014
>> |archive-url=https://web.archive.org/web/20140630044050/http://www.robgjansen.com/publications/sniper-ndss2014.pdf
>> |url-status=live }}</ref>
>>
>>
>> <ref name="ars-111k">{{cite web |last=Gallagher |first=Sean |date=25
>>
>> July 2014 |title=Russia publicly joins war on Tor privacy with
>> $111,000 bounty
>> |url=https://arstechnica.com/security/2014/07/russia-publicly-joins-war-on-tor-privacy-with-111000-bounty/
>> |access-date=26 July 2014 |website=[[Ars Technica]] |archive-date=26
>> July 2014
>> |archive-url=https://web.archive.org/web/20140726214634/http://arstechnica.com/security/2014/07/russia-publicly-joins-war-on-tor-privacy-with-111000-bounty/
>> |url-status=live }}</ref>
>>
>>
>> <ref name="ars-feds-narcotics">{{cite web |last=Goodin |first=Dan
>>
>> |date=16 April 2012 |title=Feds shutter online narcotics store that
>> used Tor to hide its tracks
>> |url=https://arstechnica.com/tech-policy/news/2012/04/feds-shutter-online-narcotics-store-that-used-tor-to-hide-its-tracks.ars?src=fbk
>> |access-date=20 April 2012 |website=[[Ars Technica]] |archive-date=19
>> April 2012
>> |archive-url=https://web.archive.org/web/20120419165308/http://arstechnica.com/tech-policy/news/2012/04/feds-shutter-online-narcotics-store-that-used-tor-to-hide-its-tracks.ars?src=fbk
>> |url-status=live }}</ref>
>>
>>
>> <ref name="ars-ranks-cut">{{cite web |last=Gallagher |first=Sean
>>
>> |date=18 April 2014 |title=Tor network's ranks of relay servers cut
>> because of Heartbleed bug
>> |url=https://arstechnica.com/security/2014/04/tor-networks-ranks-of-relay-servers-cut-because-of-heartbleed-bug/
>> |access-date=28 April 2014 |website=[[Ars Technica]] |archive-date=1
>> May 2014
>> |archive-url=https://web.archive.org/web/20140501163047/http://arstechnica.com/security/2014/04/tor-networks-ranks-of-relay-servers-cut-because-of-heartbleed-bug/
>> |url-status=live }}</ref>
>>
>>
>> <ref name="bitmessage-faq">{{cite web |title=Bitmessage FAQ
>>
>> |url=https://bitmessage.org/wiki/FAQ |access-date=17 July 2013
>> |website=Bitmessage |archive-date=18 August 2013
>> |archive-url=https://web.archive.org/web/20130818092419/https://bitmessage.org/wiki/FAQ
>> |url-status=live }}</ref>
>>
>>
>> <ref name="bbr-cleaning-up">{{cite web |last=Bode |first=Karl |date=12
>>
>> March 2007 |title=Cleaning up Tor
>> |url=http://www.broadbandreports.com/shownews/Cleaning-Up-Tor-82218
>> |access-date=28 April 2014 |website=Broadband.com |archive-date=21
>> October 2013
>> |archive-url=https://web.archive.org/web/20131021185626/http://www.broadbandreports.com/shownews/Cleaning-Up-Tor-82218
>> |url-status=live }}</ref>
>>
>>
>> <ref name="bw-tor-vs">{{Cite news |last=Lawrence |first=Dune |date=23
>>
>> January 2014 |title=The Inside Story of Tor, the Best Internet
>> Anonymity Tool the Government Ever Built |work=[[Bloomberg
>> Businessweek]]
>> |url=http://www.businessweek.com/articles/2014-01-23/tor-anonymity-software-vs-dot-the-national-security-agency
>> |access-date=28 April 2014 |archive-date=29 March 2014
>> |archive-url=https://web.archive.org/web/20140329174719/http://www.businessweek.com/articles/2014-01-23/tor-anonymity-software-vs-dot-the-national-security-agency
>> |url-status=live }}</ref>
>>
>>
>> <ref name="boston-domestic-abuse">{{cite web |last=LeVines
>>
>> |first=George |date=7 May 2014 |title=As domestic abuse goes digital,
>> shelters turn to counter-surveillance with Tor
>> |url=http://betaboston.com/news/2014/05/07/as-domestic-abuse-goes-digital-shelters-turn-to-counter-surveillance-with-tor/
>> |access-date=8 May 2014 |website=[[Boston Globe]] |archive-date=14
>> September 2014
>> |archive-url=https://web.archive.org/web/20140914153110/http://betaboston.com/news/2014/05/07/as-domestic-abuse-goes-digital-shelters-turn-to-counter-surveillance-with-tor/
>> |url-status=live }}</ref>
>>
>>
>> <ref name="boston-free-speech-tech">{{cite web |last=McKim
>>
>> |first=Jenifer B. |date=8 March 2012 |title=Privacy software, criminal
>> use
>> |url=http://articles.boston.com/2012-03-08/business/31136655_1_law-enforcement-free-speech-technology/2
>> |archive-url=https://web.archive.org/web/20120312225054/http://articles.boston.com/2012-03-08/business/31136655_1_law-enforcement-free-speech-technology/2
>> |archive-date=12 March 2012 |website=[[The Boston Globe]]}}</ref>
>>
>>
>> <ref name="ccsw-attacking">{{Cite conference |last1=Herrmann
>>
>> |first1=Dominik |last2=Wendolsky |first2=Rolf |last3=Federrath
>> |first3=Hannes |date=13 November 2009 |title=Website Fingerprinting:
>> Attacking Popular {{sic|hide=y|Privacy Enhancing}} Technologies with
>> the Multinomial Naïve-Bayes Classifier
>> |url=http://epub.uni-regensburg.de/11919/1/authorsversion-ccsw09.pdf
>> |conference=Cloud Computing Security Workshop |location=New York, USA
>> |publisher=[[Association for Computing Machinery]] |access-date=2
>> September 2010 |book-title=Proceedings of the 2009 ACM Cloud Computing
>> Security Workshop (CCSW) |archive-date=22 April 2011
>> |archive-url=https://web.archive.org/web/20110422121714/http://epub.uni-regensburg.de/11919/1/authorsversion-ccsw09.pdf
>> |url-status=live }}</ref>
>>
>>
>> <ref name="cnet-arrested">{{Cite news |last=Soghoian |first=Chris
>>
>> |date=16 September 2007 |title=Tor anonymity server admin arrested
>> |work=[[CNET Networks|CNET News]]
>> |url=http://news.cnet.com/8301-13739_3-9779225-46.html |access-date=17
>> January 2011 |archive-date=10 December 2010
>> |archive-url=https://web.archive.org/web/20101210151708/http://news.cnet.com/8301-13739_3-9779225-46.html
>> |url-status=live }}</ref>
>>
>>
>> <ref name="compaint-ulbricht">{{cite web |last=Turner |first=Serrin
>>
>> |date=27 September 2013 |title=Sealed compaint
>> |url=http://www1.icsi.berkeley.edu/~nweaver/UlbrichtCriminalComplaint.pdf
>> |archive-url=https://web.archive.org/web/20131002221530/http://www1.icsi.berkeley.edu/~nweaver/UlbrichtCriminalComplaint.pdf
>> |archive-date=2 October 2013 |website=United States of America v. Ross
>> William Ulbricht}}</ref>
>>
>>
>> <ref name="cso-black-market">{{cite web |last=Gregg |first=Brandon
>>
>> |date=30 April 2012 |title=How online black markets work
>> |url=http://www.csoonline.com/article/705316/how-online-black-markets-work
>> |access-date=6 August 2012 |website=CSO Online |archive-date=13 August
>> 2012
>> |archive-url=https://web.archive.org/web/20120813131253/http://www.csoonline.com/article/705316/how-online-black-markets-work
>> |url-status=live }}</ref>
>>
>>
>> <ref name="economist-bitcoin">{{Cite news |date=29 September 2012
>>
>> |title=Bitcoin: Monetarists Anonymous |newspaper=[[The Economist]]
>> |url=http://www.economist.com/node/21563752 |access-date=19 May 2013
>> |archive-date=20 October 2013
>> |archive-url=https://web.archive.org/web/20131020192331/http://www.economist.com/node/21563752
>> |url-status=live }}</ref>
>>
>>
>> <ref name="eff-silk-road">{{cite web |last=Higgins |first=Parker
>>
>> |date=3 October 2013 |title=In the Silk Road Case, Don't Blame the
>> Technology
>> |url=https://www.eff.org/deeplinks/2013/10/silk-road-case-dont-blame-technology
>> |access-date=22 December 2013 |website=[[Electronic Frontier
>> Foundation]] |archive-date=26 January 2014
>> |archive-url=https://web.archive.org/web/20140126154932/https://www.eff.org/deeplinks/2013/10/silk-road-case-dont-blame-technology
>> |url-status=live }}</ref>
>>
>>
>> <ref name="eff-ssd-tor">{{cite web |title=Surveillance Self-Defense:
>>
>> Tor |url=https://ssd.eff.org/tech/tor |access-date=28 April 2014
>> |website=[[Electronic Frontier Foundation]] |archive-date=26 June 2014
>> |archive-url=https://web.archive.org/web/20140626031133/https://ssd.eff.org/tech/tor
>> |url-status=live }}</ref>
>>
>>
>> <ref name="erste-darknet">{{Cite news |last=Gaertner |first=Joachim
>>
>> |date=1 July 2013 |title=Darknet – Netz ohne Kontrolle |language=de
>> |work=[[Das Erste]]
>> |url=http://www.daserste.de/information/wissen-kultur/ttt/sendung/br/20130630-ttt-darknet-102.html
>> |url-status=dead |access-date=28 August 2013
>> |archive-url=https://web.archive.org/web/20130704075422/http://www.daserste.de/information/wissen-kultur/ttt/sendung/br/20130630-ttt-darknet-102.html
>> |archive-date=4 July 2013}}</ref>
>>
>>
>> <ref name="fsf-award">{{cite web |title=2010 Free Software Awards
>>
>> announced
>> |url=http://www.fsf.org/news/2010-free-software-awards-announced
>> |access-date=23 March 2011 |website=[[Free Software Foundation]]
>> |archive-date=1 May 2015
>> |archive-url=https://web.archive.org/web/20150501135149/http://www.fsf.org/news/2010-free-software-awards-announced
>> |url-status=live }}</ref>
>>
>>
>> <ref name="fp-top100-thinkers">{{cite web |last=Wittmeyer
>>
>> |first=Alicia P.Q. |date=26 November 2012 |title=The FP Top 100 Global
>> Thinkers
>> |url=https://foreignpolicy.com/articles/2012/11/26/the_fp_100_global_thinkers?page=0,48
>> |url-status=dead
>> |archive-url=https://web.archive.org/web/20121130221322/http://www.foreignpolicy.com/articles/2012/11/26/the_fp_100_global_thinkers?page=0,33
>> |archive-date=30 November 2012 |access-date=28 November 2012
>> |website=[[Foreign Policy]]}}</ref>
>>
>>
>> <ref name="gawker-any-drug">{{cite web |last=Chen |first=Adrian
>>
>> |date=1 June 2011 |title=The Underground Website Where You Can Buy Any
>> Drug Imaginable
>> |url=http://gawker.com/5805928/the-underground-website-where-you-can-buy-any-drug-imaginable
>> |url-status=dead
>> |archive-url=https://web.archive.org/web/20110603015735/http://gawker.com/5805928/the-underground-website-where-you-can-buy-any-drug-imaginable
>> |archive-date=3 June 2011 |access-date=20 April 2012
>> |website=Gawker}}</ref>
>>
>>
>> <ref name="gawker-kiddie-porn">{{cite web |last=Chen |first=Adrian
>>
>> |date=11 June 2012 |title='Dark Net' Kiddie Porn Website Stymies FBI
>> Investigation
>> |url=http://gawker.com/5916994/dark-net-kiddie-porn-website-stymies-fbi-investigation
>> |access-date=6 August 2012 |website=Gawker |archive-date=14 August
>> 2012
>> |archive-url=https://web.archive.org/web/20120814195308/http://gawker.com/5916994/dark-net-kiddie-porn-website-stymies-fbi-investigation
>> |url-status=live }}</ref>
>>
>>
>> <ref name="ghowen-fby-analysis">{{cite web |last=Owen |first=Gareth
>>
>> |title=FBI Malware Analysis
>> |url=http://ghowen.me/fbi-tor-malware-analysis |url-status=dead
>> |archive-url=https://web.archive.org/web/20140417081750/http://ghowen.me/fbi-tor-malware-analysis/
>> |archive-date=17 April 2014 |access-date=6 May
>> 2014}}</ref>{{self-published inline |date=April 2014}}
>>
>>
>> <ref name="guardian-how-nsa">{{Cite news |last=Schneier |first=Bruce
>>
>> |date=4 October 2013 |title=Attacking Tor: how the NSA targets users'
>> online anonymity |work=[[The Guardian]]
>> |url=https://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity
>> |access-date=22 December 2013 |archive-date=7 August 2017
>> |archive-url=https://web.archive.org/web/20170807074531/https://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity
>> |url-status=live }}</ref>
>>
>>
>> <ref name="guardian-nsa-target">{{Cite news |last1=Ball |first1=James
>>
>> |last2=Schneier |first2=Bruce |last3=Greenwald |first3=Glenn |date=4
>> October 2013 |title=NSA and GCHQ target Tor network that protects
>> anonymity of web users |work=[[The Guardian]]
>> |url=https://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption
>> |url-status=live |access-date=5 October 2013
>> |archive-url=https://web.archive.org/web/20190228060200/https://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption
>> |archive-date=28 February 2019}}</ref>
>>
>>
>> <ref name="guardian-peeling">{{Cite news |date=4 October 2013
>>
>> |title=Peeling back the layers of Tor with EgotisticalGiraffe
>> |work=[[The Guardian]]
>> |url=https://www.theguardian.com/world/interactive/2013/oct/04/egotistical-giraffe-nsa-tor-document
>> |access-date=5 October 2013 |archive-date=5 October 2013
>> |archive-url=https://web.archive.org/web/20131005030818/http://www.theguardian.com/world/interactive/2013/oct/04/egotistical-giraffe-nsa-tor-document
>> |url-status=live }}</ref>
>>
>>
>> <ref name="guardianproject-about">{{cite web |title=About
>>
>> |url=https://guardianproject.info/ |access-date=10 May 2011
>> |website=The Guardian Project |archive-date=16 April 2011
>> |archive-url=https://web.archive.org/web/20110416232400/http://guardianproject.info/
>> |url-status=live }}</ref>
>>
>>
>> <ref name="guardianproject-chatsecure">{{cite web |title=ChatSecure:
>>
>> Private Messaging |url=https://guardianproject.info/apps/chatsecure/
>> |access-date=20 September 2014 |website=The Guardian Project
>> |archive-date=24 September 2014
>> |archive-url=https://web.archive.org/web/20140924064840/https://guardianproject.info/apps/chatsecure/
>> |url-status=live }}</ref>
>>
>>
>> <ref name="guardianproject-orbot">{{cite web |title=Orbot: Mobile
>>
>> Anonymity + Circumvention
>> |url=https://guardianproject.info/apps/orbot/ |access-date=10 May 2011
>> |website=The Guardian Project |archive-date=11 May 2011
>> |archive-url=https://web.archive.org/web/20110511074732/https://guardianproject.info/apps/orbot/
>> |url-status=live }}</ref>
>>
>>
>> <ref name="guardianproject-orweb">{{cite web |title=Orweb: Privacy
>>
>> Browser |url=https://guardianproject.info/apps/orweb/ |access-date=10
>> May 2011 |website=The Guardian Project |archive-date=11 May 2011
>> |archive-url=https://web.archive.org/web/20110511074727/https://guardianproject.info/apps/orweb/
>> |url-status=dead }}</ref>
>>
>>
>> <ref name="guardianproject-proxymob">{{cite web |title=ProxyMob:
>>
>> Firefox Mobile Add-on
>> |url=https://guardianproject.info/apps/proxymob-firefox-add-on/
>> |access-date=10 May 2011 |website=The Guardian Project
>> |archive-date=11 May 2011
>> |archive-url=https://web.archive.org/web/20110511074722/https://guardianproject.info/apps/proxymob-firefox-add-on/
>> |url-status=dead }}</ref>
>>
>>
>> <ref name="guardianproject-obscuracam">{{cite web |title=Obscura:
>>
>> Secure Smart Camera |url=https://guardianproject.info/apps/obscuracam/
>> |access-date=19 September 2014 |website=The Guardian Project
>> |archive-date=24 September 2014
>> |archive-url=https://web.archive.org/web/20140924040527/https://guardianproject.info/apps/obscuracam/
>> |url-status=live }}</ref>
>>
>>
>> <ref name="ieee-low-cost">{{Cite conference|last1=Murdoch
>>
>> |first1=Steven J. |last2=Danezis |first2=George |date=19 January 2006
>> |chapter=Low-Cost Traffic Analysis of Tor
>> |chapter-url=http://www.cl.cam.ac.uk/~sjm217/papers/oakland05torta.pdf
>> |access-date=21 May 2007 |conference=IEEE Symposium on Security and
>> Privacy |title=Proceedings of the 2005 IEEE Symposium on Security and
>> Privacy. IEEE CS |archive-date=16 June 2007
>> |archive-url=https://web.archive.org/web/20070616183853/http://www.cl.cam.ac.uk/~sjm217/papers/oakland05torta.pdf
>> |url-status=live }}</ref>
>>
>>
>> <ref name="iw-info-stealing">{{cite web |last=Samson |first=Ted
>>
>> |date=5 August 2013 |title=Tor Browser Bundle for Windows users
>> susceptible to info-stealing attack
>> |url=http://www.infoworld.com/t/data-security/tor-browser-bundle-windows-users-susceptible-info-stealing-attack-224157
>> |access-date=28 April 2014 |website=[[InfoWorld]] |archive-date=29
>> April 2014
>> |archive-url=https://web.archive.org/web/20140429044651/http://www.infoworld.com/t/data-security/tor-browser-bundle-windows-users-susceptible-info-stealing-attack-224157
>> |url-status=live }}</ref>
>>
>>
>> <ref name="jones-forensics">{{Cite book |last=Jones |first=Robert
>>
>> |url=https://archive.org/details/internetforensic0000jone/page/133
>> |title=Internet forensics |publisher=O'Reilly |year=2005
>> |isbn=978-0-596-10006-3
>> |page=[https://archive.org/details/internetforensic0000jone/page/133
>> 133]}}</ref>
>>
>>
>> <ref name="LASTor-2012">{{Cite conference |last1=Akhoondi
>>
>> |first1=Masoud |last2=Yu |first2=Curtis |last3=Madhyastha
>> |first3=Harsha V. |date=May 2012 |title=LASTor: A Low-Latency AS-Aware
>> Tor Client |url=http://lastor.cs.ucr.edu/oakland12.pdf
>> |conference=IEEE Symposium on Security and Privacy |location=Oakland,
>> USA
>> |archive-url=https://web.archive.org/web/20130928003811/http://lastor.cs.ucr.edu/oakland12.pdf
>> |archive-date=28 September 2013 |access-date=28 April 2014
>> |url-status=dead}}</ref>
>>
>>
>> <ref name="lj-portable">{{cite web |last=Knight |first=John |date=1
>>
>> September 2011 |title=Tor Browser Bundle-Tor Goes Portable
>> |url=http://www.linuxjournal.com/content/tor-browser-bundle-tor-goes-portable
>> |access-date=28 April 2014 |website=[[Linux Journal]] |archive-date=29
>> April 2014
>> |archive-url=https://web.archive.org/web/20140429050524/http://www.linuxjournal.com/content/tor-browser-bundle-tor-goes-portable
>> |url-status=live }}</ref>
>>
>>
>> <ref name="manils-compromising">{{Cite conference |last1=Manils
>>
>> |first1=Pere |last2=Abdelberri |first2=Chaabane |last3=Le Blond
>> |first3=Stevens |last4=Kaafar |first4=Mohamed Ali |last5=Castelluccia
>> |first5=Claude |last6=Legout |first6=Arnaud |last7=Dabbous
>> |first7=Walid |date=April 2010 |title=Compromising Tor Anonymity
>> Exploiting P2P Information Leakage
>> |url=http://hal.inria.fr/docs/00/47/15/56/PDF/TorBT.pdf
>> |conference=7th USENIX Symposium on Network Design and Implementation
>> |arxiv=1004.1461 |bibcode=2010arXiv1004.1461M |access-date=28 April
>> 2014 |archive-date=6 September 2014
>> |archive-url=https://web.archive.org/web/20140906211542/http://hal.inria.fr/docs/00/47/15/56/PDF/TorBT.pdf
>> |url-status=live }}</ref>
>>
>>
>> <ref name="mirror-marques">{{Cite news |last=Best |first=Jessica
>>
>> |date=21 January 2014 |title=Man branded 'largest facilitator of child
>> porn on the planet' remanded in custody again |work=[[Daily Mirror]]
>> |url=https://www.mirror.co.uk/news/world-news/eric-eoin-marques-man-branded-3046701
>> |access-date=29 April 2014
>> |archive-url=https://web.archive.org/web/20140529103734/http://www.mirror.co.uk/news/world-news/eric-eoin-marques-man-branded-3046701
>> |archive-date=29 May 2014 |url-status=live }}</ref>
>>
>>
>> <ref name="ml-rejecting">{{Cite mailing list
>>
>> |url=https://lists.torproject.org/pipermail/tor-relays/2014-April/004336.html
>> |title=Rejecting 380 vulnerable guard/exit keys |date=16 April 2014b
>> |mailing-list=tor-relays |last=Dingledine |first=Roger |access-date=28
>> April 2014 |archive-date=19 April 2014
>> |archive-url=https://web.archive.org/web/20140419172640/https://lists.torproject.org/pipermail/tor-relays/2014-April/004336.html
>> |url-status=live }}</ref>
>>
>>
>> <ref name="muckrock-hunting-porn">{{cite web |last=Morisy
>>
>> |first=Michael |date=8 June 2012 |title=Hunting for child porn, FBI
>> stymied by Tor undernet
>> |url=http://www.muckrock.com/news/archives/2012/jun/08/hunting-child-porn-fbi-stymied-tor-undernet/
>> |access-date=6 August 2012 |website=Muckrock
>> |archive-url=https://web.archive.org/web/20120616185438/http://www.muckrock.com/news/archives/2012/jun/08/hunting-child-porn-fbi-stymied-tor-undernet/
>> |archive-date=16 June 2012 |url-status=live }}</ref>
>>
>>
>> <ref name="openhub-tor">{{cite web |url=https://www.openhub.net/p/tor
>>
>> |title=Tor |website=Open HUB |access-date=27 May 2021 |archive-date=3
>> September 2014
>> |archive-url=https://web.archive.org/web/20140903192951/https://www.openhub.net/p/tor
>> |url-status=live }}</ref>
>>
>>
>> <ref name="or-locating">{{cite conference
>>
>> |chapter-url=http://www.onion-router.net/Publications/locating-hidden-servers.pdf
>> |chapter=Locating Hidden Servers |first1=Lasse |last1=Øverlier
>> |first2=Paul |last2=Syverson |title=2006 IEEE Symposium on Security
>> and Privacy (S&P'06) |conference=IEEE Symposium on Security and
>> Privacy |conference-url=http://www.ieee-security.org/TC/SP-Index.html
>> |book-title=Proceedings of the 2006 IEEE Symposium on Security and
>> Privacy |page=1 |publisher=IEEE CS Press |date=21 June 2006
>> |location=Oakland, Calif. |doi=10.1109/SP.2006.24 <!-- URL required
>> |access-date=9 November 2013 --> |isbn=0-7695-2574-1
>>
>> |url=http://www.onion-router.net/Publications/locating-hidden-servers.pdf
>> |archive-date=10 August 2013
>> |archive-url=https://web.archive.org/web/20130810105459/http://www.onion-router.net/Publications/locating-hidden-servers.pdf
>> |url-status=live }}</ref>
>>
>>
>> <ref name="pcw-111k">{{cite web
>>
>> |url=http://www.pcworld.com/article/2458420/russian-government-offers-money-for-identifying-tor-users.html
>> |title=Russian government offers huge reward for help unmasking
>> anonymous Tor users |first=Constantin |last=Lucian |website=[[PC
>> World]] |date=25 July 2014 |access-date=26 July 2014 |archive-date=26
>> July 2014
>> |archive-url=https://web.archive.org/web/20140726073307/http://www.pcworld.com/article/2458420/russian-government-offers-money-for-identifying-tor-users.html
>> |url-status=live }}</ref>
>>
>>
>> <ref name=prealpha>{{cite mailing list
>>
>> |url=http://archives.seul.org/or/dev/Sep-2002/msg00019.html
>> |title=Pre-alpha: run an onion proxy now! |last=Dingledine
>> |first=Roger |mailing-list=or-dev at freehaven.net |date=20 September
>> 2002 |access-date=17 July 2008 |url-status=live |archive-date=26 July
>> 2011 |archive-url=
>> https://web.archive.org/web/20110726062025/http://archives.seul.org/or/dev/Sep-2002/msg00019.html}}</ref>
>>
>>
>> <ref name="register-embassy-passwd">{{cite web |title=Tor at heart of
>>
>> embassy passwords leak |last=Goodin |first=Dan |website=[[The
>> Register]] |date=10 September 2007 |access-date=20 September 2007
>> |url=https://www.theregister.co.uk/2007/09/10/misuse_of_tor_led_to_embassy_password_breach/
>> |archive-url=https://web.archive.org/web/20070925124202/http://www.theregister.co.uk/2007/09/10/misuse_of_tor_led_to_embassy_password_breach/
>> |archive-date=25 September 2007 |url-status=live }}</ref>
>>
>>
>> <ref name="scm-egyptians">{{cite web
>>
>> |url=http://www.scmagazine.com.au/News/246707,egyptians-turn-to-tor-to-organise-dissent-online.aspx
>> |title=Egyptians turn to Tor to organise dissent online |first=Nate
>> |last=Cochrane |website=[[SC Magazine]] |date=2 February 2011
>> |access-date=10 December 2011
>> |archive-url=https://web.archive.org/web/20111213154629/http://www.scmagazine.com.au/News/246707,egyptians-turn-to-tor-to-organise-dissent-online.aspx
>> |archive-date=13 December 2011 |url-status=live }}</ref>
>>
>>
>> <ref name="shining-light">{{cite conference
>>
>> |chapter-url=http://www.cs.washington.edu/homes/yoshi/papers/Tor/PETS2008_37.pdf
>> |chapter=Shining Light in Dark Places: Understanding the Tor Network
>> |first=Damon |last1=McCoy |first2=Kevin |last2=Bauer |first3=Dirk
>> |last3=Grunwald |first4=Tadayoshi |last4=Kohno |first5=Douglas
>> |last5=Sicker |title=Privacy Enhancing Technologies |series=Lecture
>> Notes in Computer Science |conference=8th International Symposium on
>> Privacy Enhancing Technologies |book-title=Proceedings of the 8th
>> International Symposium on Privacy Enhancing Technologies |pages=63–76
>> |publisher=Springer-Verlag |location=Berlin, Germany |year=2008
>> |volume=5134 |isbn=978-3-540-70629-8 |doi=10.1007/978-3-540-70630-4_5
>> |url=http://www.cs.washington.edu/homes/yoshi/papers/Tor/PETS2008_37.pdf
>> |access-date=13 April 2011
>> |archive-url=https://web.archive.org/web/20120515200650/http://www.cs.washington.edu/homes/yoshi/papers/Tor/PETS2008_37.pdf
>> |archive-date=15 May 2012 |url-status=live }}</ref>
>>
>>
>> <ref name="sf-tor-hack">{{cite web
>>
>> |url=http://www.securityfocus.com/news/11447 |title=Tor hack proposed
>> to catch criminals |first=Robert |last=Lemos |website=SecurityFocus
>> |date=8 March 2007 |access-date=3 February 2008 |archive-date=10
>> February 2019 |archive-url=
>> https://web.archive.org/web/20190210044509/https://www.securityfocus.com/news/11447
>> |url-status=live}}</ref>
>>
>>
>> <ref name="smh-hack-of-year">{{cite web
>>
>> |url=https://www.smh.com.au/news/security/the-hack-of-the-year/2007/11/12/1194766589522.html?page=fullpage#contentSwap2
>> |title=The hack of the year |first=Patrick |last=Gray
>> |website=[[Sydney Morning Herald]] |date=13 November 2007
>> |access-date=28 April 2014
>> |archive-url=https://web.archive.org/web/20140418230200/http://www.smh.com.au/news/security/the-hack-of-the-year/2007/11/12/1194766589522.html?page=fullpage#contentSwap2
>> |archive-date=18 April 2014 |url-status=live }}</ref>
>>
>>
>> <ref name="tbb-design-document">{{cite web
>>
>> |url=https://www.torproject.org/projects/torbrowser/design/ |title=The
>> Design and Implementation of the Tor Browser [DRAFT]
>> |first1=Mike |last1=Perry |first2=Erinn |last2=Clark |first3=Steven
>> |last3=Murdoch |website=Tor Project |date=15 March 2013
>> |access-date=28 April 2014 |url-status=live |archive-date=15 August
>> 2014 |archive-url=
>> https://web.archive.org/web/20140815233238/https://www.torproject.org/projects/torbrowser/design/}}</ref>
>>
>>
>> <ref name="thn-compromised">{{cite web
>>
>> |url=http://thehackernews.com/2011/10/tor-anonymizing-network-compromised-by.html
>> |title=Tor anonymizing network compromised by French researchers
>> |website=The Hacker News |date=24 October 2011 |access-date=10
>> December 2011 |archive-date=7 December 2011
>> |archive-url=https://web.archive.org/web/20111207111204/http://thehackernews.com/2011/10/tor-anonymizing-network-compromised-by.html
>> |url-status=live }}</ref>
>>
>>
>> <ref name="torproject-bridges">{{cite web
>>
>> |url=https://www.torproject.org/docs/bridges |title=Tor: Bridges
>> |website=Tor Project |access-date=9 January 2011 |archive-date=12 May
>> 2012
>> |archive-url=https://web.archive.org/web/20120512012603/https://www.torproject.org/docs/bridges
>> |url-status=live }}</ref>
>>
>>
>> <ref name="torproject-conf-hidden">{{cite web
>>
>> |url=https://www.torproject.org/docs/tor-onion-service
>> |title=Configuring Onion Services for Tor |website=Tor Project
>> |access-date=13 December 2018 |archive-date=15 December 2018
>> |archive-url=https://web.archive.org/web/20181215205835/https://www.torproject.org/docs/tor-onion-service
>> |url-status=live }}</ref>
>>
>>
>> <ref name="torproject-corepeople">{{cite web
>>
>> |url=https://www.torproject.org/about/corepeople |title=Tor Project:
>> Core People |website=Tor Project |access-date=17 July 2008
>> |archive-url=https://web.archive.org/web/20110118075745/http://www.torproject.org/about/corepeople
>> |archive-date=18 January 2011 |url-status=dead }}</ref>
>>
>>
>> <ref name="torproject-fail-both-ends">{{cite web
>>
>> |url=https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ?action=recall&rev=554#EntryGuards
>> |title=TheOnionRouter/TorFAQ |access-date=18 September 2007 |quote=Tor
>> (like all current practical low-latency anonymity designs) fails when
>> the attacker can see both ends of the communications channel
>> |archive-date=16 September 2020
>> |archive-url=https://web.archive.org/web/20200916073309/https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ?action=recall&rev=554#EntryGuards
>> |url-status=live }}</ref>
>>
>>
>> <ref name="torproject-faq">{{cite web
>>
>> |url=https://www.torproject.org/docs/faq#WhyCalledTor |title=Tor FAQ:
>> Why is it called Tor? |website=Tor Project |access-date=1 July 2011
>> |archive-date=17 January 2016
>> |archive-url=https://web.archive.org/web/20160117155232/https://www.torproject.org/docs/faq#WhyCalledTor
>> |url-status=live }}</ref>
>>
>>
>> <ref name="torproject-faq-abuse">{{cite web
>>
>> |url=https://www.torproject.org/docs/faq-abuse.html.en#WhatAboutCriminals
>> |title=Doesn't Tor enable criminals to do bad things? |website=Tor
>> Project |access-date=28 August 2013 |archive-date=17 August 2013
>> |archive-url=https://web.archive.org/web/20130817133027/https://www.torproject.org/docs/faq-abuse.html.en#WhatAboutCriminals
>> |url-status=live }}</ref>
>>
>>
>> <ref name="torproject-hidden">{{cite web
>>
>> |url=https://www.torproject.org/docs/onion-services.html |title=Tor:
>> Onion Service Protocol |website=Tor Project |access-date=13 December
>> 2018 |archive-date=23 December 2018
>> |archive-url=https://web.archive.org/web/20181223204417/https://www.torproject.org/docs/onion-services.html
>> |url-status=live }}</ref>
>>
>>
>> <!--ref name="torproject-investigation">{{cite web
>>
>> |url=http://boingboing.net/2013/08/04/anonymous-web-host-shut-down.html
>> |title=Tor web host |website=BoingBoing.com |access-date=5 August
>> 2013}}</ref-->
>>
>>
>> <ref name="torproject-news-20140416">{{cite web
>>
>> |url=https://blog.torproject.org/blog/tor-weekly-news-—-april-16th-2014
>> |title=Tor Weekly News — 16 April 2014 |author=Lunar |website=Tor
>> Project |date=16 April 2014 |access-date=28 April 2014
>> |archive-date=19 April 2014
>> |archive-url=https://web.archive.org/web/20140419165608/https://blog.torproject.org/blog/tor-weekly-news-—-april-16th-2014
>> |url-status=live }}</ref>
>>
>>
>> <ref name="torproject-old-vulnerable">{{cite web
>>
>> |url=https://blog.torproject.org/blog/tor-security-advisory-old-tor-browser-bundles-vulnerable
>> |title=Tor security advisory: Old Tor Browser Bundles vulnerable
>> |first=Roger |last=Dingledine |website=Tor Project |date=5 August 2013
>> |access-date=28 April 2014 |archive-date=26 March 2014
>> |archive-url=https://web.archive.org/web/20140326223617/https://blog.torproject.org/blog/tor-security-advisory-old-tor-browser-bundles-vulnerable
>> |url-status=live }}</ref>
>>
>>
>> <ref name="torproject-one-cell">{{cite web
>>
>> |url=https://blog.torproject.org/blog/one-cell-enough |title=One cell
>> is enough to break Tor's anonymity |first=Roger |last=Dingledine
>> |website=Tor Project |date=18 February 2009 |access-date=9 January
>> 2011 |archive-date=20 September 2010
>> |archive-url=https://web.archive.org/web/20100920113629/http://blog.torproject.org/blog/one-cell-enough
>> |url-status=live }}</ref>
>>
>>
>> <ref name="torproject-openssl-cve">{{cite web
>>
>> |url=https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
>> |title=OpenSSL bug CVE-2014-0160 |first=Roger |last=Dingledine
>> |website=Tor Project |date=7 April 2014a |access-date=28 April 2014
>> |archive-date=10 July 2017
>> |archive-url=https://web.archive.org/web/20170710101031/https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
>> |url-status=live }}</ref>
>>
>>
>> <!-- ref name="torproject-pp">{{cite web
>>
>> |url=https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#WhydoweneedPolipoorPrivoxywithTorWhichisbetter
>> |title=TheOnionRouter/TorFAQ |work=Tor Project |access-date=28
>> December 2010}}</ref> -->
>>
>>
>> <ref name="torproject-rumors-exaggerated">{{cite web
>>
>> |url=https://blog.torproject.org/blog/rumors-tors-compromise-are-greatly-exaggerated
>> |title=Rumors of Tor's compromise are greatly exaggerated |last=phobos
>> |website=Tor Project |date=24 October 2011 |access-date=20 April 2012
>> |archive-date=30 January 2012
>> |archive-url=https://web.archive.org/web/20120130020255/https://blog.torproject.org/blog/rumors-tors-compromise-are-greatly-exaggerated
>> |url-status=live }}</ref>
>>
>>
>> <ref name="torproject-sponsors">{{cite web
>>
>> |url=https://www.torproject.org/about/sponsors.html.en |title=Tor:
>> Sponsors |website=Tor Project |access-date=11 December 2010
>> |archive-date=27 July 2011
>> |archive-url=https://web.archive.org/web/20110727154342/https://www.torproject.org/about/sponsors.html.en
>> |url-status=live }}</ref>
>>
>>
>> <ref name="torstatus">{{cite web
>>
>> |url=https://metrics.torproject.org/networksize.html |title=Tor Server
>> Status |publisher=Tor Project - Metrics |access-date=7 July
>> 2021}}</ref>
>>
>>
>> <ref name="tp-blacklisting">{{cite web
>>
>> |url=http://threatpost.com/tor-begins-blacklisting-exit-nodes-vulnerable-to-heartbleed/105519
>> |title=Tor begins blacklisting exit nodes vulnerable to Heartbleed
>> |first=Michael |last=Mimoso |website=Threat Post |date=17 April 2014
>> |access-date=28 April 2014 |archive-date=19 April 2014
>> |archive-url=https://web.archive.org/web/20140419155907/http://threatpost.com/tor-begins-blacklisting-exit-nodes-vulnerable-to-heartbleed/105519
>> |url-status=live }}</ref>
>>
>>
>> <ref name="twe-zmap">{{cite
>>
>> web|url=http://www.techweekeurope.co.uk/news/zmap-internet-scan-zero-day-125374|title=Zmap's
>> Fast Internet Scan Tool Could Spread Zero Days In
>> Minutes|last=Judge|first=Peter|date=20 August 2013|website=TechWeek
>> Europe|url-status=dead|archive-url=https://web.archive.org/web/20130824142042/http://www.techweekeurope.co.uk/news/zmap-internet-scan-zero-day-125374|archive-date=24
>> August 2013}}</ref>
>>
>>
>> <ref name="usenix-bad-apple">{{cite conference
>>
>> |url=https://www.usenix.org/events/leet11/tech/full_papers/LeBlond.pdf
>> |title=One Bad Apple Spoils the Bunch: Exploiting P2P Applications to
>> Trace and Profile Tor Users |first1=Stevens |last1=Le Blond
>> |first2=Pere |last2=Manils |first3=Abdelberi |last3=Chaabane
>> |first4=Mohamed |last4=Ali Kaafar |first5=Claude |last5=Castelluccia
>> |first6=Arnaud |last6=Legout |first7=Walid |last7=Dabbous
>> |conference=4th USENIX Workshop on Large-Scale Exploits and Emergent
>> Threats (LEET '11) |publisher=National Institute for Research in
>> Computer Science and Control |date=March 2011 |access-date=13 April
>> 2011 |archive-date=27 April 2011
>> |archive-url=https://web.archive.org/web/20110427023454/https://www.usenix.org/events/leet11/tech/full_papers/LeBlond.pdf
>> |url-status=live }}</ref>
>>
>>
>> <ref name="usenix-design">{{cite conference |last1=Dingledine
>>
>> |first1=Roger |last2=Mathewson |first2=Nick |last3=Syverson
>> |first3=Paul |title=Tor: The Second-Generation Onion Router
>> |book-title=Proc. 13th USENIX Security Symposium |place=San Diego,
>> California |date=13 August 2004
>> |url=http://www.usenix.org/events/sec04/tech/dingledine.html
>> |access-date=17 November 2008 |conference= |archive-date=9 August 2011
>> |archive-url=https://web.archive.org/web/20110809060244/http://www.usenix.org/events/sec04/tech/dingledine.html
>> |url-status=live }}</ref>
>>
>>
>> <ref name="vuze-tor">{{cite web |url=http://wiki.vuze.com/w/Tor
>>
>> |title=Tor |website=Vuze |access-date=3 March 2010 |archive-date=30
>> April 2013
>> |archive-url=https://web.archive.org/web/20130430035208/http://wiki.vuze.com/w/Tor
>> |url-status=live }}</ref>
>>
>>
>> <ref name="verge-applebaum">{{cite web
>>
>> |url=https://www.theverge.com/2013/3/11/4091186/interview-uncut-jacob-appelbaum
>> |title=Interview uncut: Jacob Appelbaum |author=Sirius, R. U.
>> |website=theverge.com |date=11 March 2013 |access-date=17 September
>> 2017 |archive-date=20 October 2014
>> |archive-url=https://web.archive.org/web/20141020223354/http://www.theverge.com/2013/3/11/4091186/interview-uncut-jacob-appelbaum
>> |url-status=live }}</ref>
>>
>>
>> <ref name="wired-fbi-controlled">{{cite magazine
>>
>> |url=https://www.wired.com/threatlevel/2013/09/freedom-hosting-fbi/
>> |title=FBI Admits It Controlled Tor Servers Behind Mass Malware Attack
>> |first=Kevin |last=Poulsen |magazine=[[Wired (magazine)|Wired]]
>> |date=13 September 2013 |access-date=22 December 2013 |archive-date=21
>> December 2013
>> |archive-url=https://web.archive.org/web/20131221024649/http://www.wired.com/threatlevel/2013/09/freedom-hosting-fbi/
>> |url-status=live }}</ref>
>>
>>
>> <ref name="wired-feds-are-suspects">{{cite magazine
>>
>> |url=https://www.wired.com/2013/08/freedom-hosting/ |title=Feds Are
>> Suspects in New Malware That Attacks Tor Anonymity |first=Kevin
>> |last=Poulsen |magazine=[[Wired (magazine)|Wired]] |date=8 May 2013
>> |access-date=29 April 2014 |archive-date=29 April 2014
>> |archive-url=https://web.archive.org/web/20140429202100/http://www.wired.com/2013/08/freedom-hosting/
>> |url-status=live }}</ref>
>>
>>
>> <ref name="wired-rogue-nodes">{{cite news
>>
>> |url=https://www.wired.com/politics/security/news/2007/09/embassy_hacks?currentPage=all
>> |title=Rogue Nodes Turn Tor Anonymizer Into Eavesdropper's Paradise
>> |first1=Kim |last1=Zetter |author-link=Kim Zetter |newspaper=[[Wired
>> (magazine)|Wired]] |date=10 September 2007 |access-date=16 September
>> 2007 |archive-date=31 December 2008
>> |archive-url=https://web.archive.org/web/20081231175940/http://www.wired.com/politics/security/news/2007/09/embassy_hacks?currentPage=all
>> |url-status=live }}</ref>
>>
>>
>> <ref name="wp-feds-pay">{{cite news
>>
>> |url=https://www.washingtonpost.com/blogs/the-switch/wp/2013/09/06/the-feds-pays-for-60-percent-of-tors-development-can-users-trust-it/
>> |title=The feds pay for 60 percent of Tor's development. Can users
>> trust it? |first=Brian |last=Fung |work=The Switch
>> |publisher=Washington Post |date=6 September 2013 |access-date=6
>> February 2014 |archive-date=9 September 2013
>> |archive-url=https://archive.today/20130909202619/http://www.washingtonpost.com/blogs/the-switch/wp/2013/09/06/the-feds-pays-for-60-percent-of-tors-development-can-users-trust-it/
>> |url-status=live }}</ref>
>>
>>
>> <ref name="wsj-anonymous-contraversial">{{cite news
>>
>> |url=https://www.wsj.com/articles/SB10001424127887324677204578185382377144280
>> |title=Tor: an anonymous, and controversial, way to web-surf
>> |first=Geoffrey A. |last=Fowler |work=[[Wall Street Journal]] |date=17
>> December 2012 |access-date=19 May 2013 |archive-date=11 March 2015
>> |archive-url=https://web.archive.org/web/20150311064250/http://www.wsj.com/articles/SB10001424127887324677204578185382377144280
>> |url-status=live }}</ref>
>>
>>
>> <ref name="wu8-ubuntu-ppa">{{cite web
>>
>> |url=http://www.webupd8.org/2013/12/tor-browser-bundle-ubuntu-ppa.html
>> |title=Tor Browser Bundle Ubuntu PPA |first=Andrei |last=Alin
>> |website=Web Upd8 |date=2 December 2013 |access-date=28 April 2014
>> |archive-date=21 April 2014
>> |archive-url=https://web.archive.org/web/20140421220450/http://www.webupd8.org/2013/12/tor-browser-bundle-ubuntu-ppa.html
>> |url-status=live }}</ref>
>>
>>
>> <ref name="xakep-whole-hog">{{cite web
>>
>> |url=http://eng.xakep.ru/link/51074/ |title=Включаем Tor на всю
>> катушку |trans-title=Make Tor go the whole hog |first=Антон
>> |last=Жуков |website=Xakep |date=15 December 2009 |access-date=28
>> April 2014 |url-status=dead
>> |archive-url=https://web.archive.org/web/20130901035137/http://eng.xakep.ru/link/51074/
>> |archive-date=1 September 2013 }}</ref>
>>
>>
>> <ref name="arrests">{{Cite news
>>
>> |url=https://www.bbc.co.uk/news/technology-29987373 |title=Dark net
>> experts trade theories on 'de-cloaking' after raids |date=7 November
>> 2014 |access-date=12 November 2014 |newspaper=BBC News |last1=Lee
>> |first1=Dave |archive-date=12 November 2014
>> |archive-url=https://web.archive.org/web/20141112165655/http://www.bbc.co.uk/news/technology-29987373
>> |url-status=live }}</ref>
>>
>>
>> <!--ref name=technologyreview>{{cite news |title=Home Internet with
>>
>> Anonymity Built In |first=Tom |last=Simonite
>> |url=http://www.technologyreview.com/web/26981/?a=f
>> |newspaper=[[Technology Review]] |date=22 December 2010
>> |access-date=14 May 2011}}</ref-->
>>
>>
>> <ref name="tor-gitlab-repoanalytics">{{cite web
>>
>> |url=https://gitlab.torproject.org/tpo/core/tor/-/graphs/main/charts
>> |title=Repository Analytics |website=Tor Project GitLab
>> |access-date=24 August 2022 |url-status=live }}</ref>
>>
>>
>> }}
>>
>> == General and cited references ==
>> {{Refbegin}}
>> * {{Cite book |title=Computer Privacy Handbook |first=Andre
>> |last=Bacard |isbn=978-1-56609-171-8|date=1 January 1995 }}
>> * {{cite journal |last1=Lund |first1=Brady |first2=Matt
>> |last2=Beckstrom |date=2021 |title=The Integration of Tor into Library
>> Services: An Appeal to the Core Mission and Values of Libraries
>> |journal=Public Library Quarterly |volume=40 |issue=1 |pages=60–76
>> |doi=10.1080/01616846.2019.1696078 |s2cid=214213117 }}
>> * {{Cite book |title=Understanding the Usage of Anonymous Onion
>> Services: Empirical Experiments to Study Criminal Activities in the
>> Tor Network |first=Juha |last=Nurmi |isbn=978-952-03-1091-2 |date=24
>> May 2019 }}
>> * {{Cite book |title=Applied Cryptography |first=Bruce |last=Schneier
>> |author-link=Bruce Schneier |isbn=978-0-471-11709-4|date=1 November
>> 1995 }}
>> * {{Cite book |title=Email Security |first=Bruce |last=Schneier
>> |author-link=Bruce Schneier |isbn=978-0-471-05318-7 |date=25 January
>> 1995 |url-access=registration
>> |url=https://archive.org/details/emailsecurityhow0000schn }}
>> {{Refend}}
>>
>> ==External links==
>> {{Commons category|Tor project}}
>> * {{Official website}}
>> * [http://freehaven.net/anonbib/ Anonymity Bibliography]
>> * [https://2019.www.torproject.org Old website]
>> *
>> [https://web.archive.org/web/20171220172642/https://www.torproject.org/getinvolved/mirrors.html.en
>> Archived: Official List of mirror websites]
>> *
>> [https://www.youtube.com/watch?v=JWII85UlzKw&index=1&list=PLwyU2dZ3LJErtu3GGElIa7VyORE2B6H1H
>> Animated introduction]
>> *
>> [https://media.ccc.de/v/31c3_-_6112_-_en_-_saal_2_-_201412301715_-_tor_hidden_services_and_deanonymisation_-_dr_gareth_owen
>> Tor: Hidden Services and Deanonymisation] presentation at the 31st
>> Chaos Computer Conference
>> * [https://torflow.uncharted.software/ TorFlow], a dynamic
>> visualization of data flowing over the Tor network
>> *
>> [https://media.ccc.de/v/32c3-7322-tor_onion_services_more_useful_than_you_think
>> Tor onion services: more useful than you think] in a 2016 presentation
>> at the 32nd Annual [[Chaos Communication Congress]]
>> * [https://www.youtube.com/watch?v=xGIE7KTJiBY A core Tor developer
>> lectures at the] [[Radboud University Nijmegen]] in The Netherlands on
>> anonymity systems in 2016
>> *
>> [https://web.archive.org/web/20161019151220/https://people.torproject.org/~isis/slides/2016-10-13-waterloo-handout.pdf
>> A technical presentation given at the] [[University of Waterloo]] in
>> Canada: Tor's Circuit-Layer Cryptography: Attacks, Hacks, and
>> Improvements
>> * [https://www.youtube.com/watch?v=ShrZ4B9R3NQ A Presentation at the
>> March 2017 BSides Vancouver Conference on security practices on Tor's
>> hidden services given by] [[Sarah Jamie Lewis]]
>>
>> {{Tor project}}
>> {{Tor hidden services}}
>> {{Internet censorship circumvention technologies}}
>> {{Navboxes|list=
>> {{Cryptographic software}}
>> {{Privacy}}
>> {{Routing software}}
>> {{Web browsers|desktop}}
>> }}
>>
>> [[Category:Tor (anonymity network)| ]]
>> [[Category:Tor onion services|.]]
>> [[Category:2002 software]]
>> [[Category:Anonymity networks]]
>> [[Category:Application layer protocols]]
>> [[Category:Computer networking]]
>> [[Category:Cross-platform free software]]
>> [[Category:Cross-platform software]]
>> [[Category:Cryptographic protocols]]
>> [[Category:Cryptographic software]]
>> [[Category:Cryptography]]
>> [[Category:Dark web]]
>> [[Category:File sharing]]
>> [[Category:Free network-related software]]
>> [[Category:Free routing software]]
>> [[Category:Free software programmed in C]]
>> [[Category:Free software programmed in Rust]]
>> [[Category:Hash based data structures]]
>> [[Category:Internet privacy software]]
>> [[Category:Internet properties established in 2002]]
>> [[Category:Internet protocols]]
>> [[Category:Internet security]]
>> [[Category:Internet Standards]]
>> [[Category:Key-based routing]]
>> [[Category:Mix networks]]
>> [[Category:Onion routing]]
>> [[Category:Overlay networks]]
>> [[Category:Proxy servers]]
>> [[Category:Secure communication]]
>> [[Category:Software using the BSD license]]
>