Meet The New TorProject.org

by isabela | March 27, 2019

Two years ago, we launched our styleguide as our first step in creating a consistent visual look and feel across the entire Tor Project ecosystem. Today, we are very happy to announce the launch of our brand new website.

tor-project-website

Besides bringing more consistency to our visual look, which reinforces community identity and helps us to build user trust by identification, our new website is one part of our goal to ensure that everyone on the planet can use Tor. Last year, we worked hard on making important usability improvements to our browser, including bringing a version of it to Android.

But, it is through our homepage that most people first learn about Tor and decide to download our browser. And our previous site was doing a poor job at that. We had way too much information for a person to consume, and none of it was localized. With that in mind, we decided to redesign it to focus on new users and make it mobile-friendly. Most importantly with our new website, we want Tor Browser to be easy to download and its benefits easy to understand.

We want to make sure that people around the world, using Tor in an array of contexts, can use Tor without barriers. Tor Browser itself is available in 24 different languages, but our website isn’t. With this refresh, torproject.org is now available in 7 different languages: English, German, French, Portuguese, Spanish, Italian, and Russian, and there are more on the way. If you would like to help us with translations, here’s how.

In addition to this update, we are also better organizing all the other content into different portals. For instance, last year we launched our support portal to host all the content related to user support. Coming next will be our sgapqzbrdr.oedi.net portal that will feature content related to the different ways you can join our community and spread the word about Tor. The portal for all of our free software projects will soon be dev.torproject.org. If you are looking for any content that existed in the old site and is not on the new one, you can access it here.

These efforts are taking the collaboration of many people across Tor teams and the help of dedicated volunteers. We’re very proud to start rolling these changes out.

We are a group of people united by the belief that everyone should have private access to the open web, and we hope our new site makes that easier to achieve.


To give feedback about the website or report an issue, you can create a ticket on trac or email the UX list.

Comments

Please note that the comment area below has been archived.

March 27, 2019

Permalink

Not a good decision.
One shouldnt assume baby level skill if someone wants to use tor.
The site is horrible in torbrowser default window size. Text is hueg.
Way less information.
Its ok to make tor accessible but please dont remove valuable information and shortcuts for advanced users.

> Also the signature files are gone. I haven't found anywhere how to download the signature for stable tor or tbb.

@ TP: uh oh! Signatures are critically important for Tor users. One of our most important tasks is in fact to teach newbies how to obtain the (public half of the) signing key and to verify detached signatures.

Newbies should be invited warmly at their skill level but then and taught and trained to raise their skill level. Advanced users should not be abandoned, crippled, or patronized down to newbie level in the context of this project. There is always an uphill learning curve. Accept it. But think about what shape it should be.

March 27, 2019

Permalink

Über das Ziel hinausgeschossen.
Seite geht nicht richtig ohne Javascript. (Kommentare)
Seite hat in Torbrowsers standardmäßiger Fenstergröße viel zu großen Text.
Seite geht davon aus ich benutze Android während Desktop TB.
Abkürzungen für versierte User jetzt versteckt.
Babygespräch-Handgehalte. Braucht kein Mensch der ernsthafte Dinge tut.

2/10 Bitte die alte Seite wieder her.

> Seite geht nicht richtig ohne Javascript. (Kommentare)

That is a long-standing issue with this blog, which is actually a different site from decvnxytmk.oedi.net, in part for security reasons I think.

Try setting the security slider to "safer" when you want to post a comment here.

March 27, 2019

Permalink

Why does your website render incorrectly with Javascript disabled?
Why do some parts of the main page lack translation to Russian?

Introduce them to open-source software and cryptography concepts. Free/libre software licenses, copyleft, internationally open development communities, the history of GNU/Linux, how Diffie-Hellman key exchange works, public-key cryptography, elliptic-curve cryptography, Curve25519 and Dual_EC_DRBG, the Advanced Encryption Standard process (USA) that chose Rijndael, NESSIE (Europe), CRYPTREC (Japan), eSTREAM (Europe), the NIST hash function competition (USA), names of well-known cryptographers, names of well-known privacy advocates and software developers, names of whistleblowers who worked in the intelligence-industrial complex, the Electronic Frontier Foundation, the Freedom of the Press Foundation, hacker ethics, hackers' conferences (some are in the "Upcoming Events" side column on this page), hacker and maker history and culture, etc. Here are just two somewhat recent good introductory talks:

Jeremy Smith, author of A Hacker Called "Alien"
https://www.youtube.com/watch?v=2gjwUQ_7ABU

Cory Doctorow: The Fight for a Free, Fair and Open Internet
https://www.youtube.com/watch?v=2-CvOrDODds

Open-source software code can be audited by anyone in the world. Free/libre open source software can accept and review code patches from anyone. The source code of Tor Project is a backbone for many other software and research projects and, as such, is heavily scrutinized by digital security professionals, researchers, and advocates around the world. The Tor network's relays are run by volunteers who choose to configure the software as a server: public and private individuals, organizations, businesses, researchers, and inevitably some state actors. Cryptography, statistics, design, peer review, and openness contribute to protecting its users.

Tor: Overview
Who uses Tor?
https://2019.decvnxytmk.oedi.net/about/torusers.html.en
Tor Blog tag: tor stories
Get Involved: Volunteer
Tor Bug Tracker and Wiki
Tor Project's software development repository browser (examples: tor, tor-browser)

Thanks for your reply! Teaching basic crypto was the first thing I thought of but you gave me some more ideas (youtube links could be especially useful because I don't use that site myself).

I should have mentioned that the people I want to persuade to use Tor are not technically minded, but you reminded me that providing some background on open-source culture is essential. Hmmm... I don't want to overwhelm anyone but I agree it would be good idea to provide a sheet with some of the terms you mention, as background, to help them understand things they might hear if they start reading about digital rights.

This is could be a lot of work but I am all in so I'd be happy to hear more ideas, specifically about overcoming terror at the very suggestion of using crypto or Tor.

March 27, 2019

Permalink

Is in RSS odd?

The pubDate of this article is: Tue, 26 Mar 2019 17:17:24 +0000. But the article was published on Wed, 27 Mar 2019 about 17:20:00 +0000 according to my web crawler for this blog. It isn't a big problem but just I'm anxious.

March 27, 2019

Permalink

@ Isa:

I need to get advice from someone knowledgeable about using Tor to communicate with endangered people in a specific country with few Tor nodes and very low Tor bandwidth, but this should be a private conversation. I don't have email right now but can use Pidgin with Tails. Any suggestions?

More generally, it would be VERY useful to people like me if Tor could post in this blog some effective suggestions for helping people to get past their panic when they hear anyone suggest that Tor could help them keep in touch with people on the outside. Same for disk encryption. It would be good to protect both "data in motion" and "data at rest" but I guess that in some countries the second might irritate the security authorities much less and the first, and I'd be happy to get people to accept the potential risk of using ANY personal encryption.

https://ssd.eff.org/
https://freedom.press/training/
https://2019.decvnxytmk.oedi.net/projects/community.html.en
https://trac.torproject.org/projects/tor/wiki/WikiStart#UnofficialDocum…
https://guardianproject.info

Define your threat model for yourselves and base your choices on it. Tails is great to begin with if everyone understands how to safely install and use it. Look into Tor bridges [1] [2], Tutanota, Protonmail, OnionShare, YubiKeys or similar hardware for 2-factor authentication, encrypted USB drives, KeePass, LUKS or VeraCrypt (difficult), safe configuration and torified use of PGP (difficult), Wire app or desktop but torified (experimental on tor), Cwtch or Tox but torified (experimental). Watch out for protocol leaks such as DNS or UDP leaks from programs that you try to torify. Tails takes care of leaky programs that you can't reconfigure to stop leaking.

Goodness, you saved me from a horrid error, I forgot I need to teach about bridges.

I should have said these are not technical people and anything experimental is probably too hard for me much less for them. Thanks for reminding me of those good links--- I find it very hard to keep handy a list of links and I guess I am not the only one because an up-to-date list of good resources is one important thing I never seem to find ANYWHERE. Fortunately I have a little time yet to do this teaching thing, so please keep the ideas coming!

> I find it very hard to keep handy a list of links and I guess I am not the only one because an up-to-date list of good resources is one important thing I never seem to find ANYWHERE.

Bookmark them in your browser, and give them memorable tags you can search by. Tor Browser is based on Firefox and can import/export bookmark files. However, bookmarks are saved unencrypted in the browser's profile folder on disk. Furthermore, Tails would forget them on shutdown, so you would have to export and save someplace else as you do for other personal files in Tails. Another cross-platform option is web-based bookmark managers if you trust them.

other help sites:
https://riseup.net/en/security

Examples for GnuPG configuration, but check the gpg manual before trusting them:
https://github.com/ioerror/duraconf -- see /configs/gnupg/
https://gitweb.torproject.org/torbirdy.git/tree/gpg.conf
https://gist.github.com/anonymous/3d928a0bcbb3ed92c454 -- search for gpg.conf near the bottom

March 27, 2019

Permalink

Thanks to all who worked on redesigning the home page of torproject.org! My first impressions are good, but I did notice one thing which might not be intentional: the "About Us" section appears HUGE in my Tor Browser (running in current Tails).

I think the simplicity is terribly important and I love how you guys managed to eradicate all the technical stuff which is not going to help desperate or frightened newbies quickly learn what they need to know right now about using Tor for the first time in the next half hour. It's good to see Tor come so far from the early days when it was a toy for MIT students but hard to use for the people who actually need to use Tor, if I might so put it.

March 27, 2019

Permalink

@ Isa:

I hope very much that you are reaching out to Glenn Greenwald in Rio, because he could help endangered people by helping us to grow the Tor community in Brazil (and around the world) by mentioning Tor more often in his writings at The Intercept. I think the major challenge might be that by his own admission he is uncomfortable with computer tech. But Tor is so easy to use now so I hope he will make an effort, if indeed he is not already using Tor for everything on-line.

He and most of the other journalists at The Intercept publish their PGP keys, and PGP is a hell of a lot more uncomfortable than Tor Browser or tor is to use. But you're right that he doesn't talk about it. I don't remember any of them talking about Tor, actually, except for Micah Lee who also develops software related to Tor, but I don't know about Greenwald's Portuguese articles. I really hope Greenwald knows how and isn't asking an IT person to decrypt his messages for him. Snowden went through all the trouble to train him personally before revealing his identity to him.... And Snowden was famously photographed with Tor and EFF stickers on his laptop. But yeah, Greenwald could easily spread the word about trustworthy encryption tools, and that would come back to help projects and development.

I fear he might take offense at my attempt to "volunteer" him as a Tor advocate, but I hope he will see I am sincere and understand how much political danger the Tor community and dissidents generally currently face in both the US and BR. His journalistic ethics are very strong and this is what I most admire about his character, so if he feels he cannot compromise in order to give back more to the privacy-technology community, I will be disappointed but I will understand.

March 27, 2019

Permalink

With a "guard" in Russia how can this even claim to be what it is. I have now lost faith in the TOR project. The Guard should change upon request for a new circuit. Thus providing a true new circuit.

I guess your comment may reflect distrust of the Russian government, and if so I feel the same way. But if you are in Russia, using an entry guard inside Russia can help protect you. Some things about using Tor can seem counterintuitive until you learn more about the arcane technical points involved.

(Hmm... did I just violate a Russian law by hinting at dissatisfaction with certain policies pursued by a certain authoritarian head of state? Or a new law coming soon to another country with its very own authoritarian head of state? Am I extraditable now? Is there an all expenses paid one-way aerial journey in my future? Moscow, get ready, here I come!)

We The People of the world need to stand up to the bad guys because the most hateful and dangerous kind of authoritarianism is spreading.

March 27, 2019

Permalink

It looks great. However, try zooming the page out to exactly 80%. It looks even better that way. Just a heads up.

March 27, 2019

Permalink

I know a lot of sites with more better, less better design. But, sorry, this ...new
design is -especially without JavaScript- most useless only?
I don't want bash the programmer of this experimental(?) design but the (not) 'old' design is much, much more better.
The new blank design looks like boring smartphone design.
Please bring backhttps://2019.decvnxytmk.oedi.net/index.html.en
https://2019.decvnxytmk.oedi.net/index.html.en
to normal. It should be practical like like tor/torbrowser, not ...art.

I have not had problems that I have noticed using the new site with slider set at "safer".

I am not a TP employee but speaking as a long time Tor user: I know that change can initially be hard to accept, but please give the "new look" a chance! I did no work on it but I strongly all support the hard work it took to create the new look. This is why:

The very existence of Tor is under intense political/legal attacks all around the world. Further, the Tor network itself and Tor software is under intense technical attack by various more or less well-funded and capable bad actors. The single most important thing the Tor community can do to counter both kinds of attacks is simple: grow the community of regular Tor users worldwide! And this also happens to be the single most important thing we can do to help ourselves (We the People of the world) to help ourselves in the fact of growing ecological and geopolitical threats. Because, given that fact that our own governments are not helping or even worse are actively opposing our efforts to counter these threats, We the People must look out for own interests, because our governments are acting only in the interests of the elites, the very people most responsible for the ecological/geopolitical crises we are all facing.

My point is that the most important things Tor Project can do to help us grow the Tor community is to

(i) redesign the website to make it easier for newbies to quickly learn what they need to know right this minute (CHECK!!! thanks guys!!!),

(ii) translation (work in progress and much already completed--- thanks guys!!!),

(iii) reach out to truth-telling reporters, like minded NGOs, and even to progressive politicians, to build relationships which can help us counter the "Going Dark" messaging from FBI and similar population-control enabling propaganda from other governments,

(iv) reach out to endangered journalists, activists, medical providers, social workers, and maybe even diplomats and local government officials in various countries to offer Tor training (OnionShare in particular being incredibly useful to anyone who needs to share information safely, and this includes doctors who want to send your medical file to another doctor).

The long awaited website redesign addresses (i), previous posts have described (ii), and I hope we will see future posts about (iii)(iv).

IMO, it is good to see how far TP has come in the past few years.

BTW, I like the art and I hope others will come around. I came across some more great artwork in a digital rights org in another country which is promoting Tor use. Hurrah! Take that, FBI!! You have guns; we have words and art. And we will prevail. Using words and art.

"single most important thing the Tor community can [...] grow the community of regular Tor users worldwide!"

Thats right. But i don't see this in -nearly- any way with this new site.
Especially with no Javascript it looks more like a abandoned site in the net, not like a professional one like the FULL design( https://2019.decvnxytmk.oedi.net/docs/documentation.html.en ).

" make it easier for newbies to quickly learn what they need to know right this minute"

What a newbie could learn on this new one? What? Help us understand.
You NEED the full site when you want to know more than the FAQ.
To make it little bit more smart set a big Non-JavaScript link to https://2019.decvnxytmk.oedi.net/docs/documentation.html.en and
https://2019.decvnxytmk.oedi.net/.
I don't understand why this must be explained?

(i) knowledgeable newbies trust concrete descriptions and open standards. they distrust placative marketing-speak, ie. "military-grade" on commercial websites, or mobile-store eye candy.

(iii, iv) EFF, FOFP, and other groups have been doing that for around 15 years while Tor Project was basically focused on releasing good software. It's good that TP is doing similar outreach events, but they are nowhere near being the first or only one.

I think TP doing its own outreach events is an essential part of growing user trust around the globe, and also will surely help bring in badly needed grassroots contributions from around the globe.

Liasing with like-minded organizations is also very important. In Latin America, one of the most important is Derechos Digitales (Digital Rights; derechosdigitales.org), which is based in Santiago, Chile but also works in other Spanish/Portugese speaking countries.

Speaking of which, about the translation work: we should bear in mind that translation works both ways! One of the best written documents I have seen urging NGOs and individuals to use Tor and even to consider running an exit node was written by Derechos Digitales for Tor promotion in Mexico. This is a lovely poster with terrific artwork (eye candy can attract new friends!) and I urge anyone seeking inspiration to get a copy. It can be found at derechosdigitales.org under Publications (look for "Use Tor!").

With the permission of the moderator, here is my somewhat free translation into English:

Often one associates anonymity with undesirable or even illegal behaviour. However, anonymity guarantees the right to express ourselves freely, to associate freely with others, and to engage in social protest and political dissidence; it allows us communicate and to access information in repressive contexts.

Who could benefit from using a tool like Tor?

o Internet users trying to avoid censorship in their country or region.
o Journalists communicating with at-risk sources.
o People who want to report an illicit act, but fear reprisal.
o People that suffer from a stigmatised illness and who require information and support.
o People opposed to tracking of their on-line activities.
o And many more.

Join Tor!

Install an exit node in your organisation. Internet anonymity allows us to protect privacy, promote freedom of expression and combat censorship.

Tor is both a software and an international community devoted to protect our identity on line.

Why it is important to create more Tor exit nodes in Latin America?

The Tor network is possible thanks to the guards, relay and exit nodes, that pipe information in order to guarantee the anonymity of data transport. The network is more robust to the extent that there are more available nodes and more people surfing through Tor.

In Latin America, where governments are constantly enacting laws fostering monitoring and massive cybersurveillance dragnets, we can defend our privacy rights by promoting anonymous communication between people, anonymized websurfing, and the installation of Tor nodes by individuals, organisations and institutions, because up to now our participation in the world-wide network does not reach 2%. We need to improve this figure.

What is Tor?

Tor is a network of computers (called nodes), distributed around the world and maintained by volunteers, that allows anonymous connection to internet and hides who accesses which information, by means of Tor circuits.

The simplest way to use the Tor network is to use Tor Browser, a browser web that incorporates Tor-enabled anonymity.

Tor is created and maintained by the Tor Project, a nonprofit organization based in the United States.

How does Tor work?

When you visit a website, networking software establishes a direct connection between your device and the server that hosts the content you want to access. Through the IP assigned to our device, is possible to determine from where this connection was made. But when you do this through the Tor network, the connection is enciphered and redirected randomly through three distinct nodes, making it very difficult to determine who is accessing which information and from where.

On behalf of the Tor user, a Tor exit node needs to connect with the requested website. If somebody abuses the Tor network to commit an undue act, the IP of the node could be logged (and provided to authorities). Although the exit node operator cannot reasonably be held responsible in such a situation, it is necessary to be ready for accusations which could arise.

More information

Visit tor.derechosdigitales.org, a website created by Digital Rights which offers valuable information on Tor, its operation and the positive role which the Latin American community can play in promoting digital freedoms.

Install a Tor exit node

The Tor network works thanks to thousands of volunteers who maintain the nodes of which it is comprised, thus helping to defend the right to on-line privacy, freedom of expression, and to combat censorship.

The greater the number of exit nodes, the stronger, faster, and more stable the Tor network becomes. However there are very few exit nodes in Latin America. Thus, the help of organisations and institutions that which defend human rights is fundamental. Can you help out?

What technical capacity is required?

To guarantee the stability of the node, you need:
• at least 10 Mbps bandwidth exclusively for use by the Tor server,
• a fixed public IP address for the node,
• a router that allow open connections, with the capability to designate specific ports for specific services,
• a computer powered up 24/7, with at least 520 MB of RAM and 200 MB of disk space, exclusively for use of the Tor server.
• don't forget to check that your internet provider does not forbid the operation of Tor exit nodes.

Legal considerations

It anonymity legal in Mexico?

• Yes. Both the national Constitution and international agreements to which Mexico is a signatory recognise the right to anonymity, to privacy of the communications, and to freedom of expression.

It is legal to install a node of exit in Mexico?

• Yes. While there is not specific law protecting Tor, the law allows the use of tools for privacy protection and freedom of expression, which are internationally recognised human rights.

Are there any obstacles to the use of anonymity tools?

• No. The use of Tor is not subjected to any type of limitation: encryption tools are recognised as a means to guarantee the security and confidentiality of information. Likewise, internet providers cannot block access to any network, included those that allow the anonymous activity of their users. However, it is necessary to consider that the Federal Law of Telecommunications and Broadcast requires internet providers to store, for a period of 2 years, all the data related to the connection of their customers. This means that all the active connections associated with the IP of the exit node will be logged.

What can happen if an illicit act is committed by someone using the IP of my node of exit?

• In Mexico there exists no law holding the operator of an exit node responsible for any crimes enabled through use of the Tor network. However, a judge can order that computer equipment be confiscated as part of an investigation. The node operator has to cooperate at all times with the authorities and cannot refuse to provide any needed help for an authorized investigation, as this could constitute a crime.

Although it requires of some knowledge and technical capacities, installing a Tor exit node is relatively simple.

Installation in three steps

Install Tor

At tor.derechosdigitales.org you will find indications to install Tor under Debian, but you also can install Tor in other Linux distributions and some versions of BSD.

Configure the node

Assign it a name, a port and a bandwidth.
Indicate that you want your node to function as an Exit and Relay.

Testing the node

Restart and test the node. After of a couple of hours, look for the IP of your node in the public list of nodes available at torproject.org.

Recommendations for the installation

Assign a subdomain to the node: tor-exit.myorganization.org

Afterwards, add a note in the WHOIS registration, explaining that this IP belongs to a Tor exit node.

Create an HTML warning page, stating that this server is a Tor exit node and explaining the type of traffic that is allowed to pass through the node.

Do you have a strong commitment to privacy rights and freedom of expression? Do you want to be part of the Tor project? Maintaining a node can be a great help!

If you need you need more information or support, visit https://tor.derechosdigitales.org or write us at tor@derechosdigitales.org.

Came across a nice list of up to date links on important reports from Citizen Lab, EFF, etc., concerning specific malware suites being used to attack critical elements of civil society:

https://securitywithoutborders.org/resources/targeted-surveillance-repo…
Reports on Targeted Surveillance of Civil Society

> This is a somewhat comprehensive list of reports published by a number of organizations and individuals, that expose the use of targeted surveillance of members of civil society. This list is in chronological order, from older to most recent

(I know very little about SWOB but they are the same outfit which discovered the so-called Exodus Malware apparently sold by an Italian firm with links to Connexa, one of the firms mentioned years ago in this very blog as being involved in the ugly business of malware-as-a-service.)

Seriously, when clicking on windows button to download tor all I am offered is 64 bit regardless of security slider. However clicking "Download in another language" works. Hypothetically could people bork there current install of updating this way?

March 28, 2019

Permalink

Hate, hate, hate, haaaate it. It used to be pretty hard to find the information I needed between all of the torproject.org subsites and partner projects. This revision has made it exponentially harder to find information.

March 28, 2019

Permalink

why "download Them All" not working anymore on windows version ?
it is just disable and we cant download big files

March 28, 2019

Permalink

Why does the new About link in the header not go to the overview anymore? Why is the history on the main About page not on a less prominent History page? The new site gained a massive amount of empty space and pointless ad-like graphics and lost a massive amount of relevant, quickly navigable information.

More than anything, you foolishly broke a mountain of links providing help and publicity to your site that your supporters had taken years to build for you by pasting around the web. Redirect!

March 28, 2019

Permalink

Coming next will be our sgapqzbrdr.oedi.net portal that will feature content related to the different ways you can join our community and spread the word about Tor.

A few suggestions for content you might wish to consider including:

For people living in less dangerous countries who are trying to help endangered people:

o advice on how to persuade people that Tor is for people like them, how to persuade them not to listen to FBI's "Going Dark" hysteria (and similar "messaging" by like minded agencies in other countries).

For people living in countries with a long history of severe CIA sponsored human rights abuses (some of these countries currently have more democratic and less violently oppressive but still somewhat corrupt governments):

o links to some digital rights org websites (if any) in their region,

o links to upcoming Tor training for journalists and human rights workers (in all countries),

o advice (vetted by said orgs?) on safest ways to use Tor (and other tools?) to communicate with people outside (about family matters or more dangerously about economic/political conditions in the country); this could be very useful but ideally would need to be updated every few years which means volunteers all over the world would have to commit to providing the best current information,

o accounts of recent travel experiences: what questions were asked of people entering or leaving the US or dangerous countries? How did security authorities at various borders react to encrypted USBs, laptops, phones? To people who know foreigners who NSA identifies as NGO workers, or even worse, who FBI identifies as BIEs? Were there unexplained delays with customs? Did security authorities follow up with "home visits"? Orders to come into the local cop shop for a "friendly conversation"? What did they say or do?

o politically informed perceptions of current "messaging" by various governments regarding political activity or encryption (FBI "Going Dark" is unsubtle, but other governments phrase things differently).

USG continues to put a great deal of effort into training "security authorities" working for the governments of other nations, including extremely dangerous and repressive governments, in population control methods, mainly aimed at poor people (e.g. indigenous peoples, homeless teens, "peasants" and their 21st century political equivalents). Just as during the days of the "Dirty Wars", this training includes methods of physical surveillance, interrogation, nighttime patrols/raids, and political assassinations. But these days the training also includes hands-on instruction in "harsh interrogation" (torture), hiding embarrassing information from reporters/NGOs, operating US/EU provided surveillance dragnet systems and using advanced malware bought from malware-as-a-service companies (in the US, Israel, Europe, and sometimes even Russia--- no joke: USIC loves Russian voice recognition software which they use under license--- capitalism induced collusion!) for targeted attacks on diplomats, journalists, in-counry and overseas dissidents, activists, union organizers, human rights workers and lawyers. And sometimes in operating drone assassination systems (US provided, or bought from EU, Israel or Iran).

And one major problem we face in trying to help people is that, in my experience, endangered people often have a completely inaccurate notion of how they can best avoid attracting unwanted attention from the security authorities. One misconception is the intensely held belief that if one avoids encryption even in discussing sensitive personal matters and if one strenuously avoids any political involvement whatever, the authorities will view them as "harmless" and leave them alone. But that is not at all how USG is training these security authorities to think and act. Rather, the secret police are paying attention to metadata, and the people we are trying to help may have no idea that someone they know is already "on the radar", which means they are also being watched. Even worse, people may hope that the authorities will forgive and forget decades old issues. But USG is training these authorities to maintain databases which never forget, and USG is training them to never forgive either. Also, people may want to maintain contact with friends in other countries using unencrypted methods they view as "harmless", but USIC is training the security authorities to view the fact of communication by any means as evidence of "potential bad intent", and in countries with few legal protections, that could lead to tragedy.

Thus I think it would be very useful to maintain an onion where Tor Project keeps copies of certain essential reading for the convenience of endangered people who are already using Tor:

o documents from the Snowden leaks, especially about economic espionage (e.g. in VE, BR) and targeted attacks on people such as telecom engineers (or their children) simply because they have a job USIC considers "useful" to NSA global dragnet programs,

o recent FBI memos and Pentagon field manuals explaining their current thinking on population control and "counterinsurgency",

o long since leaked CIA manuals on "counterinsurgency",

o maximally concise summaries of what we think this means for you (the endangered person), e.g.

(i) "there is no single safe place, there is no one behavior which will keep you safe, there are only places which might be safer and behaviors--- possibly not the ones you think of first--- which may keep you safer",

(ii) during the 21st century, there may be little we can do to keep ourselves and our families truly safe (we are after all enduring rapid severe climate change together with possibly the single biggest mass extinction event in the last billion years on Earth, with all the political chaos and human misery that entails), but courageous actions taken today by people like us can provide hope that future generations may find it possible to try to lead much safer and better lives,

(iii) authorities want you to be frightened, paranoid, and passive--- let them think you are, but consider the potential benefits to future generations of being quietly brave and secretly active,

(iv) USIC assisted local security authorities may have great power to do great harm, but they have problems of their own, which gives us hope that while authoritarianism is currently spreading like metastatic cancer, future generations may enjoy the benefits of much better, safer, more responsive (to us) and effective (for us), and much less malicious governments than the ineffective paranoid oppressive governments we have now.

The new community portal should link to the proposed onion in maximally convenient way.

I have long wondered why would Torproject.org not heavily provide a Tor .onion download. Their OLD .onion website when trying to download tor AUTO changed from the .onion to the Torproject.org download https.

But this move leaves nothing really to not be misunderstood. The CIA and NSA love Tor to hide their own actions and need Cattle to be their Shield for covert actions, but they do not like to lose. So thus all avenues of escape must be cut off and the sheep pen shut in for the slaughter.

March 28, 2019

Permalink

I understand that the old site looks old-fashioned and there's a need for a new
site.

However, the new site doesn't play nice with the "Safest" Security Level, which
is a show stopper for me. Many sites don't work well with the "Safest" Security
Level, and I understand that, since they are not designed with Tor Browser in
mind. But really, even the Tor home page doesn't play nice with Tor Browser...

In my opinion, a Tor Browser friendly website should not rely on javascript.
This could be hard to do in practice and I am learning about it too.

Thanks for reading my comment!

I strongly support the redesign project, but I also strongly support anyone who feels, as I do and as I guess you may feel, that the default setting of the security slider should be "safer", and that TP should make an effort to train newbies to think of starting with JS maximally disabled, and dropping down if they really need it.

So many serious compromises begin with breaking the web browser, and so many of those breaks exploit some flaw related to javascript, that I find it frustrating that even TP blog refuses to avoid JS. (Mailchimp is another common software used by many many endangered organizations, and whose cybersecurity and business model I do not consider trustworthy.)

That said, we need to begin somewhere. From the unhappy comments here it seems that the "new look" will need some tweaks but I hope after a time the issues raised will be addressed and everyone will be happy again.

> the default setting of the security slider should be "safer", and that TP should make an effort to train newbies to think of starting with JS maximally disabled, and dropping down if they really need it.

+1
Most popular sites work ok on Safer except for ones that need the "media" checkbox in NoScript, and nearly all popular sites are HTTPS, not HTTP. When loading non-encrypted first-party sites, the browser could throw a message like the one that appears across the top when you maximise the window. "The security level you set in Tor Browser may be blocking some features on this website. If features that you need on this website are disabled, try lowering the security slider in the onion/shield menu and refreshing the page. [OK] [x]" It could be halted in the same way after appearing three times.

March 28, 2019

Permalink

The download page does not work had to go to blog and scroll down when clicking on download tor browser it takes me back to the top of the page..not liking this new set up.

March 28, 2019

Permalink

This is how they(torproject member) respond when you give them your money.

If you want them build Tor with vanguard ASAP, just don't donate them next time.
Donate them after they deliver the product, aka "software".

I hope moderator reading this don't censor this comment as the censorship is not cool at all.

March 29, 2019

Permalink

Where can I find unstable sources + signatures? Sorry, but this new site offends me as a technical user... simplyfication is fine for some, but please let me see everything and be technical. I directly had that iOS feeling, which I dislike....

March 29, 2019

Permalink

I like the redesign in general, as the old sit looked kind of intimidating to new users. However, major point of criticism to phrase it politely: I'm not able to find the signatures??

I'm aware that they can be found on https://2019.decvnxytmk.oedi.net/, but they should be placed prominently on the download page for sure.

Also, the website doesn't work too well with security settings on safest.

March 29, 2019

Permalink

Thank You for adding the Source Tar Ball, however it requires the Source Signature file as well.

Thanks

March 29, 2019

Permalink

When you click Download Tor Browser why not go straight to the Languages tab with the signatures and downloads in different languages? If someone really does not understand English do you think they will be able to navigate the website?

March 29, 2019

Permalink

People can click randomly with success instead 1 click to finding their language of choice now it is 2 clicks which will calculated out as an effective block to many users who English is not a language.

March 29, 2019

Permalink

I like the new layout, have always thought alot can be said for simplicty. Out of curiosity did a women pick the color?

March 29, 2019

Permalink

Love the new web site, could be a more vibrant purple however, it's a bit dull as is, could be brighter and more exciting! Can't please all the people all of the time it seems. ha-ha.

Heads up: I went there to download the 8.5a10 alpha browser using the URL at the top of my page: https://decvnxytmk.oedi.net/download/#downloads-alpha

but the file it gave me was the 8.0.8 browser when I clicked on the Windows icon: https://decvnxytmk.oedi.net/dist/torbrowser/8.0.8/torbrowser-install-win…

Alphas (unstable) are on the Advanced Install Options page linked under the OS icons on the download page.

Why does the link not say "Alpha" or "Unstable" as everyone is familiar with? Advanced used to imply the tor binary or source code. Changing definitions is breaking expected navigation, and even then some things aren't there.

March 29, 2019

Permalink

In

https://decvnxytmk.oedi.net/download/

with security slider set at "safer" (minimal value Tor Project should require at its own site, IMO--- it would be better if the fundamental operation of downloading latest TBB for your OS worked with "safest"), the explanatory text for the circular icons for Windows, Mac, Linux, Android did not appear in my Tor Browser (v. 8.0.8 running in Tails v. 3.13.1), until I clicked on the third circle from left (lucky guess--- it turned out to be the Linux version, the one I need).

Also the detached signatures and signing keys are very important and even newbies should be encouraged to at least try to verify the downloads before installing, IMO.

So: a few glitches, as to be expected when trying to condense the sprawling mess which was the old decvnxytmk.oedi.net site, but overall I hope that newbies all around the world will find the two news pages (the new homepage and the new download page) much less intimidating and easier to grasp.

One point I hope other old time Tor users will bear in mind when they confront the "new look" is that many newbies may not be fluent in English, so we want to use as few words as possible in hope that they stay long enough to see a link to the home page in their own language, or that they stay long enough to figure out what they need to know by reading in a language which is not their native language. And those newbies need Tor, and we old timers need more people to use Tor, so everyone (but the Enemies of the Internet) benefits if we can grow the userbase.

My biggest concern is that the blog certificate still has mysterious features suggesting some kind of MITM to which TP has (I fear) been forced to acquiesce. TP's refusal to make any comment on the strange features of the pantheonsite.io cert only reinforces the impression that something fishy might be going on. I hope not, especially because if there is something wrong, it seems that TP must be collaborating in the MITM, if that is what is going on here.

March 29, 2019

Permalink

At the new download page I find the tarball for current TBB (good) but where did the detached sig go? When I follow the link to "verify" I get the detached signatures for the TESTING version of TBB (not what newbies want!).

Didn't anyone test this thing before you went live? Maybe the naysayers have a point.

March 30, 2019

Permalink

NO mention that Tor and the Tor Browser are Free Software, it's a serious lack of a central piece of information. If I was a new comer I wouldn't feel compelled to install it.
It's a very serious matter to assure people that they are about to download a piece of software that has been studied and modified by not a single entity but a large amount of different people, so they can be confident that there are no backdoors, no malware, nothing of the like.

Apart from that, I was one of the people who enjoyed the old style website, but understand that the modern generation of users are looking for a more "eye candy" experience, and I am not opposed to that. It makes people feel secure that they can use the software without too much hassle.

Just make sure to point out the fact that it's Free Software, as in and for, Freedom!

> the modern generation of users are looking for a more "eye candy" experience,

Actually, as I understand the motivation for the "New Look" (which I support), the goal is to help increase the Tor user base by making it much easier for newcomers to quickly find the information they need to start using Tor Browser (wisely) immediately, and to encourage possibly dubious visitors to consider that as a matter of fact, TB is for people just like them.

Example: some commentators complained about the large fonts (one of them me, refering to the About Us section where someone must have made a typo in a font choice), but some people who might need Tor have some degree of visual impairment, and it's desirable to offer a larger font less crowded home page for them.

A reasonable compromise which can serve both old-timers/expert/power users of Tor products and newcomers would be to rebrand the old page as a "Power User" page or something like that.

To be sure, some of the commments about the "New Look" tryout concern critical omissions/goofs such as the lack of detached signatures and incorrect links to downloads, and I expect those problems with the new home page to be fixed.

I have one more "positive" (as in, add one more thing) suggestion: a link to the onion version of the new homepage. There is no onion version of the new homepage? OK, then, two things to add.

> the goal is to help increase the Tor user base by making it much easier for newcomers to quickly find the information they need to start using Tor Browser (wisely) immediately, and to encourage possibly dubious visitors to consider that as a matter of fact, TB is for people just like them.

Then why were the overview page, the "Want Tor to really work?" warnings, and the "Who Uses Tor?" introduction on the old front page all made harder to find???

March 30, 2019

Permalink

Hey, please add your onion link to your service so Tor users will be able to access your site using a faster connection. It used to be in the footer of your previous website layout, but I can't see it anymore. I used it to download 40+ MB files from your server faster (no exit node). Please publish it again on a visible place.

Thank you!

+1 on this comment. I like the look of the new redesign, but it does seem to be missing some critical information, like detached signature files and the onion link to the tor project website.

The website seems to need a second pass. Seems in beta more than a final version.

Any method of reducing the load on exit nodes is important.

P.S. Maybe the onion version of duckduckgo should be set as the default search engine? It doesn't take much longer to load than the clearnet version, and it would probably help exit node load by quite a bit...

March 31, 2019

Permalink

Is any sort of account required to contribute to translations? If so, how anonymous is the translation system? Also, German is not listed as an option on torproject.org.

According to the link in the post, it looks like an account is required. I don't know if they accept submissions by other methods. Translations are organised on a third-party site, transifex.com. German is listed on torproject.org as Deutsch (de).

March 31, 2019

Permalink

Quite incredulous that there is no link to the signature files for each download on the new website.

Maybe I am missing something, but at the current moment you have to go to the old website to get the signature files. This is completely impossible to find for new users.

The importance of verifying your download to protect against malicious alterations, especially for something as important to your privacy and security as tor browser, should not need to be stated.

Unfortunately, new users will likely not know about how the heck to even find the signature files, as the only link on the download page is a link to https://jqlsbiwihs.oedi.net//tbb/how-to-verify-signature/ , which is completely unhelpful, as it says the signature files are on the https://decvnxytmk.oedi.net/download/ page, which they are not. At which point, most new users will give up in frustration.

This is a critical problem which needs to be fixed as soon as possible.

Plus one. The detached sigs are CRITICAL.

That said, fully support the motivation for the "new look". Some bugs obviously but the sig problem is easy to fix.

Lesson from the bad experience: test more carefully before making future major changes.

Suggest transforming "Old Look" copy to a new "Tor for Experts" page. Start with the existing old website page and remove dangeously outdated information.

The large size of the images has come up before. Many loyal Tor users have slow connections (bad internet is not uncommon even in rich countries) and don't need those large pictures. Maybe the size of some of them can be reduced? TP needs to encourage new users, so we don't want the first thing they experience at decvnxytmk.oedi.net to be an impressive demonstration that "dang! this is slow!".

April 02, 2019

Permalink

Please restore the compactness, info content/overview and quality (smaller fonts, etc) of original web site layout.

April 05, 2019

Permalink

Hello: Does the Tor Browser for android allow other apps to connect to Tor since It doesn't rely on Orbit? Thank you.

April 05, 2019

Permalink

Thank you so much for making the site worse.
Thank you for being unable to download the expert bundle.
Thanks you very for this idiot change nobody asked for.

1.Constructive criticism is not your thing, is it? You can't suit them all you know. In my opinion it looks cool, all information is still there, usually clicking Documentation will come in helpful. It's in the name..

2. That one is on you, the link is there, accessibility leaves room for improvement tho

3.The change was long overdue. The new simplified design is much more welcoming and less confusing for new users and I appreciate the effort to reach out to non-technical folks by lowering the entry barrier. Tor Browser is not some elitist thing, it's for the masses.

Having said that: Hi torproject, please bring back the signatures on the Download page instead of hiding them anywhere in the documentation, even if newbies are notoriously confused by verifying - I consider that as pretty crucial. To be true, I learned from your site how to verify back in the days when I was new to this stuff.. Doesn't help either that your "How to verify" link points back to the Download page.

Also direct links for the 32bit versions won't hurt.

Plus one to all that.

I support the motivation for the New Look, the outreach, the translation effort, the shift to user-funded Tor Project on the EFF model, and the vision being implemented (with some glitches along the way) by Isabela and Shari before her.

That said, there certainly seems to be overwhelming consensus that the detached signatures are critical, and that checking carefully for issues before going live would be a good procedure for the next iteration of the New Look.

I also think I see a growing consensus that TP's site should be usable with security slider at "safest". How can anyone argue that website authors can make their sites work with "safest" if TP itself is not even trying to achieve that goal?

I hope I also see a growing chorus of voices urging TP to try setting the default Tor Browser security slider to "safest" or at least "safer", urging users to move it as needed.

Official guidance from TP at watching youtube videos using Tor Browser would also be very useful to the huge number of potential TB users who rely on Youtube for all their (mis/dis-)information. Countering hate speech and disinformation, especially state-sponsored disinformation, is a huge problem which TP alone clearly cannot fix.

(It seems so counterintuitive that TB potentially making it safer to visit dodgy sites would help the general population be more aware that the site they are visiting is in fact dodgy that this suggestion probably enjoys some validity!)

> I hope I also see a growing chorus of voices urging TP to try setting the default Tor Browser security slider to "safest" or at least "safer", urging users to move it as needed.

Safest breaks too many websites. Safer is good in most places except for videos. Newbies would have to be trained in NoScript if they want to watch videos all over social media and file-sharing websites. We know it's better for security and privacy, but the stereotype of first-timers is that they think it's unappealing at best, repellent at worst. Maybe Tor Project could find out in their usability studies --- BEFORE switching everything, if you know what I mean.

April 06, 2019

Permalink

Where can I download the expert bundle?

I was trying to run tor.exe, but it did not run properly.

The process tor.exe existed, but did nothing...

April 06, 2019

Permalink

On the download Languages and Alpha pages, 32-bit is listed first. I think 64-bit should be listed first, and a sentence at the top saying, "If you aren't sure, then you probably want the 64-bit build."

On the old page, next to the (sig) link was a "What's this?" link to the page explaining how to verify signatures, but there is no help at all on the new sig download pages.

I wonder if you are erroneously calling the bridge "obfs4" because you are using a built-in bridge from the drop-down menu where it is labeled "obfs4". Is that why? UX developers, take note of that.

TL;DR: TBB developers, as of writing this, all but one of the 27 built-in obfs4 bridge lines are offline in Relay Search. Their last-seen time is either 2019-04-12 02:45:06 or 2019-04-12 03:45:06.

obfs4 is not a bridge. It's a pluggable transport [1][2] protocol obfuscation layer that a bridge can accept. A single bridge may allow connections by one or many types of pluggable transport. Learn more about bridges in the new and old TB manuals.

The old manual leads to a probable solution for you:
"Tor Browser now provides some bridges by default. You can enable these easily. Unfortunately, because these bridges are publicly distributed, it is easy for censors to block some of them, so some of them may not work. In this case, you'll need to locate different bridges."

And the new manual tells how to locate bridges by updated methods:
"Visit https://bridges.torproject.org/ and follow the instructions, or
Email bridges@torproject.org from a Gmail, Yahoo, or Riseup email address"

To find why you are having connection issues with your bridge which may help other people, read your tor log:
Onion icon > Tor network settings > Copy Tor Log To Clipboard > paste in an offline text editor.
You will also see the Copy button when you start TB on the progress bar window if TB fails to connect.

Look for the bridge's nickname, fingerprint, or IP address. Its nickname may be in quotation marks. Its fingerprint and IP are described in the old manual's bridges page. Keep those pieces of information secret!! To see if a bridge is running or offline, go to the Tor Metrics Relay Search website operated by Tor Project:
https://metrics.torproject.org/rs.html
Search for the nickname, fingerprint, or IP address of the bridge, and look for a green or red dot next to its nickname. Scroll down to its history graphs to see when it may have been offline in the past. Search results cannot be found for relays that have been offline for several days.

I repeat, keep your bridge's identifying information secret. It's impossible to see or calculate a bridge's hashed fingerprint in TBB. If I understand correctly, hashed fingerprints would be ok to share, but normal fingerprints or the nickname or IP address are not ok to share. Correct me if I'm wrong.

apertium (see Debian repository) does well with English <-> Spanish <-> Italian/French etc. and you can write a simple shell script to pipe the translations.

This software is not intended to translate between distantly related languages such as English and Russian but I hope that won't stop fearless developers from developing English <-> Polish &c.

April 08, 2019

Permalink

does Tor have specific download links for 32 bit & 64 bit or can one use the 64 bit Tor download link on a 32 bit machine?