The Tor Project Joined the $500,000 DuckDuckGo Privacy Challenge 2018

by steph | March 13, 2018

*Note: The Tor Project's postal address has changed since this post was published. Find the most current address in our FAQ.

 

The Tor Project has joined The $500,000 DuckDuckGo Privacy Challenge 2018, a fundraising competition on CrowdRise, the largest crowdfunding platform for good. The $500,000 DuckDuckGo Privacy Challenge 2018 is dedicated to helping organizations committed to protecting the privacy of personal information on the internet.  Participating organizations will compete for $500,000 in prize money. The Tor Project has joined the challenge on CrowdRise in hopes of raising money to support the development of privacy and internet freedom software.

The Tor Project develops free and open source software that defends users against tracking, censorship, and surveillance online. Donations to the Tor Project will help port Tor to mobile, make critical usability improvements to Tor Browser, and make the Tor network faster, stronger, and more decentralized.

"The Tor Project is excited to participate in DuckDuckGo's first online privacy challenge," said Shari Steele, the Tor Project's Executive Director. "This is a fun way to help people learn about and support Tor, the world's strongest online anonymity tool."

The $500,000 DuckDuckGo Privacy Challenge 2018 launched on CrowdRise on Tuesday, March 13th, 2018 at 12pm ET and runs through Tuesday, April 10th, 2018 at 1:59:59pm ET. The team that raises the most during the Challenge wins a $50,000 donation to their cause. Second place wins $40,000, third wins $35,000, fourth wins $30,000, fifth wins $25,000, sixth wins $20,000, seventh wins $15,000, eighth wins $10,000, ninth wins $5,000, tenth wins $5,000, eleventh wins $3,000, twelfth wins $3,000, thirteenth wins $3,000, fourteenth wins $3,000, fifteenth wins $3,000, and sixteenth wins $3,000. Weekly Bonus Challenges enable charities to win up to another $247,000.

CrowdRise Challenges are innovative fundraising competitions for charitable organizations designed to build capacity, create massive engagement and leverage, and use the power of the crowd to provide new meaningful funding streams for organizations in every sector.

To help the Tor Project win The $500,000 DuckDuckGo Privacy Challenge 2018, head to https://www.crowdrise.com/o/en/campaign/tor-project.

ABOUT THE TOR PROJECT
The Tor Project is a US 501(c)(3) non-profit organization advancing human rights and freedoms by creating and deploying free and open source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding.

ABOUT DUCKDUCKGO
DuckDuckGo (https://duckduckgo.com) is an Internet privacy company that empowers you to seamlessly take control over your personal information online. We believe the Internet shouldn’t feel so creepy, and getting the privacy you deserve should be as simple as closing the blinds. With our roots as the search engine that doesn’t track you, we’ve expanded what we do to protect you no matter where you go on the Internet.

ABOUT CROWDRISE
CrowdRise is the world’s largest crowdfunding platform dedicated exclusively to charitable fundraising. Used by millions of individuals, tens of thousands of charities, hundreds of companies and many of the most famous artists and athletes in the world, CrowdRise enables people to creatively leverage their resources and networks to unlock the power of the crowd to support positive social missions and create massive impact.

Founded by actor Edward Norton, film producer Shauna Robertson and Robert and Jeffrey Wolfe, CrowdRise has conceived, implemented and powered campaigns that have raised hundreds of millions of dollars to date. For more information visit www.CrowdRise.com. In January 2017, CrowdRise merged with GoFundMe to offer both people and organizations the best fundraising tools for any cause they care passionately about.

# # #
Media Contact:
Steph Whited
press (at) torproject.org

Comments

Please note that the comment area below has been archived.

March 14, 2018

Permalink

i put this bull shit onmy compter and thats my mistake whatthe hell camein from thedarknet was concering me 4 Real im sayin ohhhh shit

You installed something (not a Tor Project product) on your computer? And then something scary happened?

Be more cautious next time, I suppose:

Read these:

https://decvnxytmk.oedi.net/about/overview.html.en#stayinganonymous

https://decvnxytmk.oedi.net/download/download-easy.html.en#warning

Download Tor Browser from decvnxytmk.oedi.net. Verify the tarball using the detached signature and the valid Tor Project signing key. Unpack the tarball on your computer. Start Tor Project with the provided script. Surf wisely!

March 15, 2018

Permalink

Is this address still good?

> The Tor Project
> 217 1st Ave South #4903
> Seattle, WA 98194 USA

I have some reason to think that some mail sent to TP may not have been received.

March 16, 2018

In reply to t0mmy

Permalink

Can't. If you have an account at Calyx I can try to use Tor Messenger and OTR chat to explain.

March 15, 2018

Permalink

and the others organizations (MGM ?)
what are their names (?)
startpage (ixquick) , ricochet (tor), onionshare(tor) , cryptocat , tox , user.js tweaked ° , elude.in(tor) firefox , thunderbird (fr military complex), protonmail (israeli contract) , codecrypt (quantum resistant) could win unless they do not participate.
btw where is the test from eff about the 2018 most secure app ?
privacy is one side , security another ... without security , privacy is a kid toy for silly girls : that's the original clients of microsoft.
afaik , u.s.a & e.u bring since 60 years a constant violation of the elementary rights which this capacity to wear the clothes of the person whom they steal the physical & mental integrity.
where is the list of the others candidates ?

No offense, but I'm curious. Shannon's famous example of the output of a second order Markov chain (using English words chosen by their digram frequency, not letters) was:

> The head and in frontal attack on an English writer that the character of this point is therefore another method for the letters that the time of who ever told the problem for an unexpected.

As you see, this "locally" makes sense, but globally wanders and doesn't really wind up forming a grammatical or sensical English sentence.

Your post is different in at least two ways:

1. It does not make sense even "locally", as far as I can see.

2. Shannon's example is funny, possibly precisely because it locally makes sense but is globally nonsensical.

Assuming you were using Tor Browser when you saw this error message, you would need to provide more information about what happened. Were you using Tor Browser 7.5.1? What site did you visit? Did you change the security slider?

March 20, 2018

Permalink

I use Tor for everything and encourage everyone who can to donate to Tor (also to Freedom of the Press Foundation, Tails).

That said, this should be of interest to many readers of this blog:

theintercept.com
The NSA Worked to “Track Down” Bitcoin Users, Snowden Documents Reveal
Sam Biddle
20 Mar 2018

> Internet paranoiacs drawn to bitcoin have long indulged fantasies of American spies subverting the booming, controversial digital currency. Increasingly popular among get-rich-quick speculators, bitcoin started out as a high-minded project to make financial transactions public and mathematically verifiable — while also offering discretion. Governments, with a vested interest in controlling how money moves, would, some of bitcoin’s fierce advocates believed, naturally try and thwart the coming techno-libertarian financial order.
>
> It turns out the conspiracy theorists were onto something. Classified documents provided by whistleblower Edward Snowden show that the National Security Agency indeed worked urgently to target bitcoin users around the world — and wielded at least one mysterious source of information to “help track down senders and receivers of Bitcoins,” according to a top-secret passage in an internal NSA report dating to March 2013. The data source appears to have leveraged the NSA’s ability to harvest and analyze raw, global internet traffic while also exploiting an unnamed software program that purported to offer anonymity to users, according to other documents.

"Unnamed software program that purported to offer anonymity to users"?

There are quite a few Tor-imitators or VPN services this could refer to, but I hope TP will examine the documents published with the above story to try to assess whether they hint at any vulnerabilities in Tor Project software.

March 20, 2018

Permalink

This blockbuster story of yet another NSA dragnet surveillance program will of interest to Tor contributors who use electronic currencies to donate funds to Tor Project:

https://theintercept.com/2018/03/20/the-nsa-worked-to-track-down-bitcoi…
The NSA Worked to “Track Down” Bitcoin Users, Snowden Documents Reveal
Sam Biddle
20 Mar 2018

The story describes how NSA used "full take" data collection from an unnamed "anonymization service" via the main EU cybersurveillance facility, the ETC (in Wiesbaden, DE), to try to track users of electronic currencies, with an emphasis on identifying and tracking transactions by individual bitcoin users. The NSA codename for the anonymization service was MONKEYROCKET.

> MONKEYROCKET is also described in the documents as a “non-Western Internet anonymization service” with a “significant user base” in Iran and China, with the program brought online in summer 2012.

So not Tor. (Tor has been around since well before 2012, and would likely not be described as "non-Western" by NSA.)

> It is unclear what exactly this product was, but it would appear that it was promoted on the internet under false pretenses: The NSA notes that part of its “long-term strategy” for MONKEYROCKET was to “attract targets engaged in terrorism, [including] Al Qaida” toward using this “browsing product,” which “the NSA can then exploit.” The scope of the targeting would then expand beyond terrorists. Whatever this piece of software was, it functioned a privacy bait and switch, tricking bitcoin users into using a tool they thought would provide anonymity online but was actually funneling data directly to the NSA.

Once again we see that the use of "false-flag" and sting operations by USG are hardly a "conspiracy theory".

> [The cryptographer and privacy advocate Matthew] Green told The Intercept he believes the “browsing product” component of MONKEYROCKET sounds a lot like a virtual private network, or VPN. VPNs encrypt and reroute your internet traffic to mask what you’re doing on the internet. But there’s a catch: You have to trust the company that provides you a VPN, because they provide both software and an ongoing networking service that potentially allows them to see where you’re going online and even intercept some of your traffic. An unscrupulous VPN would have complete access to everything you do online.
> ...
> Green said he is “pretty skeptical” that using Tor, the popular anonymizing browser, could thwart the NSA in the long term. In other words, even if you trust bitcoin’s underlying tech (or that of another coin), you’ll still need to be able to trust your connection to the internet — and if you’re being targeted by the NSA, that’s going to be a problem.

Depends upon what you mean by "thwarting" NSA. For example, if everyone used Tor, NSA's dragnet surveillance system would likely simply break down under the pressure of trying to do all the extra work their (many many many) computers must (probably) do to track Tor users individually. Even if Tor were totally useless (which I don't think is the case at all), using it would still allow the voiceless to at least express their strong commitment to privacy.

I studied the Snowden-leaked documents published by The Intercept in the cited story, and the most striking point which emerges is how vividly they confirm a point which Tor users should always state whenever someone claims that against a global adversary such as NSA, no ordinary citizen stands a chance. To wit, the documents show repeated failures of NSA's electronic currency tracking dragnet, with the system snarfing a huge number of transactions when it was up, but it was mostly down. The problems included

o hard drives filling up and borking the system, because no-one was paying attention,

o server hardware failures which went unfixed for more than a week, because the one guy who could fix the problem was busy with a higher priority project, despite cries of dismay issuing from the currency trackers,

o data transmission failures which interrupted the feed into NSA's computers in the USA,

o difficulties in dealing with the many kinds of electronic currencies (since they share the blockchain concept, this would appear to imply NSA needs to attack more than the blockchain itself, even when some "partner" gives it full access to the ledger),

o (implied) personality conflicts or other friction between NSA operatives and their "partners" in the un-named European company which allowed NSA to snarf data.

All in all, the impression one gets reinforces the description offered by insiders, that NSA's dragnet surveillance systems more closely resembles a cluttered machinery space full of dust balls and rat turds, with shaky equipment held together by duck tape and bailing wire, than they resemble the clean and efficient bridge of Starship Enterprise.

In other words: we have many adversaries, the most dangerous probably being NSA. But NSA has problems of its own. We can exploit those to make everything more difficult for them, thus making life a little less dangerous for the most endangered people on the planet, such as environmental activists or dissident politicians in places like Brazil or Russia.