Tor

Tor is an open source computer software designed as a network of virtual tunnels that can be used by a wide range of people and organizations who want to improve their security and safety while surfing the Internet.

Defend yourself against traffic analyzers and network surveillance

When one says Tor, it may refer to the actual application or the entire network of computers that form this project. With Tor, users will be able to defend themselves against traffic analyzers and network surveillance.

The project protects your privacy and secures your top secret documents from pesky government institutions, such as NSA (National Security Agency). It prevents hackers from learning your browsing habits or discover your current location.

Supports mainstream web browsers and operating systems

It works well with any web browser, instant messaging client, and many other applications that access the network. It’s supported on Linux, Android, Microsoft Windows and Mac OS X operating systems.

How does it work?

In order to understand better how Tor works, you should know that when you are connected to the Tor network and you want to access a certain website with your favorite web browser, the connection will be redirected from one computer to another before it reaches its destination. Once the application is installed, configured and started, it will automatically route all the network traffic from your computer transparently over the Tor network.

Tor work as a distributed, anonymous network comprised of all the computers where it is installed and active. For example, if you install the application in your computer, you will automatically become part of the Tor virtual network, every time you use it. This way, no one will know your IP address, location, etc., and random IP address will be displayed to those who try to track you. It’s best to use Tor when you really want to hide your online activity from someone, but especially when you are in public networks.

What is new in this release:

• Minor features (compilation):
• When building Tor, prefer to use Python 3 over Python 2, and more recent (contemplated) versions over older ones. Closes ticket 26372.
• Minor features (geoip):
• Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 Country database. Closes ticket 26674.

What is new in version 0.3.3.7:

• Directory authority changes:
• Add an IPv6 address for the "dannenberg" directory authority. Closes ticket 26343.
• Minor features (geoip):
• Update geoip and geoip6 to the June 7 2018 Maxmind GeoLite2 Country database. Closes ticket 26351.
• Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha):
• Work around a change in OpenSSL 1.1.1 where return values that would previously indicate "no password" now indicate an empty password. Without this workaround, Tor instances running with OpenSSL 1.1.1 would accept descriptors that other Tor instances would reject. Fixes bug 26116; bugfix on 0.2.5.16.
• Minor bugfixes (compilation, backport from 0.3.4.2-alpha):
• Silence unused-const-variable warnings in zstd.h with some GCC versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha.
• Minor bugfixes (controller, backport from 0.3.4.2-alpha):
• Improve accuracy of the BUILDTIMEOUT_SET control port event's TIMEOUT_RATE and CLOSE_RATE fields. (We were previously miscounting the total number of circuits for these field values.) Fixes bug 26121; bugfix on 0.3.3.1-alpha.
• Minor bugfixes (hardening, backport from 0.3.4.2-alpha):
• Prevent a possible out-of-bounds smartlist read in protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha.
• Minor bugfixes (path selection, backport from 0.3.4.1-alpha):
• Only select relays when they have the descriptors we prefer to use for them. This change fixes a bug where we could select a relay because it had _some_ descriptor, but reject it later with a nonfatal assertion error because it didn't have the exact one we wanted. Fixes bugs 25691 and 25692; bugfix on 0.3.3.4-alpha.

What is new in version :

• Major bugfixes (KIST, scheduler):
• The KIST scheduler did not correctly account for data already enqueued in each connection's send socket buffer, particularly in cases when the TCP/IP congestion window was reduced between scheduler calls. This situation lead to excessive per-connection buffering in the kernel, and a potential memory DoS. Fixes bug 24665; bugfix on 0.3.2.1-alpha.
• Minor features (geoip):
• Update geoip and geoip6 to the December 6 2017 Maxmind GeoLite2 Country database.
• Minor bugfixes (hidden service v3):
• Bump hsdir_spread_store parameter from 3 to 4 in order to increase the probability of reaching a service for a client missing microdescriptors. Fixes bug 24425; bugfix on 0.3.2.1-alpha.
• Minor bugfixes (memory usage):
• When queuing DESTROY cells on a channel, only queue the circuit-id and reason fields: not the entire 514-byte cell. This fix should help mitigate any bugs or attacks that fill up these queues, and free more RAM for other uses. Fixes bug 24666; bugfix on 0.2.5.1-alpha.
• Minor bugfixes (scheduler, KIST):
• Use a sane write limit for KISTLite when writing onto a connection buffer instead of using INT_MAX and shoving as much as it can. Because the OOM handler cleans up circuit queues, we are better off at keeping them in that queue instead of the connection's buffer. Fixes bug 24671; bugfix on 0.3.2.1-alpha.

What is new in version 0.3.1.8:

• Directory authority changes:
• Add "Bastet" as a ninth directory authority to the default list. Closes ticket 23910.
• The directory authority "Longclaw" has changed its IP address. Closes ticket 23592.
• Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
• Fix a timing-based assertion failure that could occur when the circuit out-of-memory handler freed a connection's output buffer. Fixes bug 23690; bugfix on 0.2.6.1-alpha.
• Minor features (directory authorities, backport from 0.3.2.2-alpha):
• Remove longclaw's IPv6 address, as it will soon change. Authority IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves 3/8 directory authorities with IPv6 addresses, but there are also 52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
• Minor features (geoip):
• Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2 Country database.
• Minor bugfixes (compilation, backport from 0.3.2.2-alpha):
• Fix a compilation warning when building with zstd support on 32-bit platforms. Fixes bug 23568; bugfix on 0.3.1.1-alpha. Found and fixed by Andreas Stieger.
• Minor bugfixes (compression, backport from 0.3.2.2-alpha):
• Handle a pathological case when decompressing Zstandard data when the output buffer size is zero. Fixes bug 23551; bugfix on 0.3.1.1-alpha.
• Minor bugfixes (directory authority, backport from 0.3.2.1-alpha):
• Remove the length limit on HTTP status lines that authorities can send in their replies. Fixes bug 23499; bugfix on 0.3.1.6-rc.
• Minor bugfixes (hidden service, relay, backport from 0.3.2.2-alpha):
• Avoid a possible double close of a circuit by the intro point on error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610; bugfix on 0.3.0.1-alpha.
• Minor bugfixes (memory safety, backport from 0.3.2.3-alpha):
• Clear the address when node_get_prim_orport() returns early. Fixes bug 23874; bugfix on 0.2.8.2-alpha.
• Minor bugfixes (unit tests, backport from 0.3.2.2-alpha):
• Fix additional channelpadding unit test failures by using mocked time instead of actual time for all tests. Fixes bug 23608; bugfix on 0.3.1.1-alpha.

What is new in version 0.3.0.9:

• Major bugfixes (hidden service, relay, security, backport from 0.3.1.3-alpha):
• Fix a remotely triggerable assertion failure when a hidden service handles a malformed BEGIN cell. Fixes bug 22493, tracked as TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
• Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha.
• Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
• When performing the v3 link handshake on a TLS connection, report that we have the x509 certificate that we actually used on that connection, even if we have changed certificates since that connection was first opened. Previously, we would claim to have used our most recent x509 link certificate, which would sometimes make the link handshake fail. Fixes one case of bug 22460; bugfix on 0.2.3.6-alpha.
• Major bugfixes (relays, key management, backport from 0.3.1.3-alpha):
• Regenerate link and authentication certificates whenever the key that signs them changes; also, regenerate link certificates whenever the signed key changes. Previously, these processes were only weakly coupled, and we relays could (for minutes to hours) wind up with an inconsistent set of keys and certificates, which other relays would not accept. Fixes two cases of bug 22460; bugfix on 0.3.0.1-alpha.
• When sending an Ed25519 signing->link certificate in a CERTS cell, send the certificate that matches the x509 certificate that we used on the TLS connection. Previously, there was a race condition if the TLS context rotated after we began the TLS handshake but before we sent the CERTS cell. Fixes a case of bug 22460; bugfix on 0.3.0.1-alpha.
• Major bugfixes (hidden service v3, backport from 0.3.1.1-alpha):
• Stop rejecting v3 hidden service descriptors because their size did not match an old padding rule. Fixes bug 22447; bugfix on tor-0.3.0.1-alpha.
• Minor features (fallback directory list, backport from 0.3.1.3-alpha):
• Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in December 2016 (of which ~126 were still functional) with a list of 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May 2017. Resolves ticket 21564.
• Minor bugfixes (configuration, backport from 0.3.1.1-alpha):
• Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes bug 22252; bugfix on 0.2.9.3-alpha.
• Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
• Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
• Minor bugfixes (link handshake, backport from 0.3.1.3-alpha):
• Lower the lifetime of the RSA->Ed25519 cross-certificate to six months, and regenerate it when it is within one month of expiring. Previously, we had generated this certificate at startup with a ten-year lifetime, but that could lead to weird behavior when Tor was started with a grossly inaccurate clock. Mitigates bug 22466; mitigation on 0.3.0.1-alpha.
• Minor bugfixes (memory leak, directory authority, backport from 0.3.1.2-alpha):
• When directory authorities reject a router descriptor due to keypinning, free the router descriptor rather than leaking the memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.

What is new in version 0.3.0.8:

• Major bugfixes (hidden service, relay, security, backport from 0.3.1.3-alpha):
• Fix a remotely triggerable assertion failure when a hidden service handles a malformed BEGIN cell. Fixes bug 22493, tracked as TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
• Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha.
• Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
• When performing the v3 link handshake on a TLS connection, report that we have the x509 certificate that we actually used on that connection, even if we have changed certificates since that connection was first opened. Previously, we would claim to have used our most recent x509 link certificate, which would sometimes make the link handshake fail. Fixes one case of bug 22460; bugfix on 0.2.3.6-alpha.
• Major bugfixes (relays, key management, backport from 0.3.1.3-alpha):
• Regenerate link and authentication certificates whenever the key that signs them changes; also, regenerate link certificates whenever the signed key changes. Previously, these processes were only weakly coupled, and we relays could (for minutes to hours) wind up with an inconsistent set of keys and certificates, which other relays would not accept. Fixes two cases of bug 22460; bugfix on 0.3.0.1-alpha.
• When sending an Ed25519 signing->link certificate in a CERTS cell, send the certificate that matches the x509 certificate that we used on the TLS connection. Previously, there was a race condition if the TLS context rotated after we began the TLS handshake but before we sent the CERTS cell. Fixes a case of bug 22460; bugfix on 0.3.0.1-alpha.
• Major bugfixes (hidden service v3, backport from 0.3.1.1-alpha):
• Stop rejecting v3 hidden service descriptors because their size did not match an old padding rule. Fixes bug 22447; bugfix on tor-0.3.0.1-alpha.
• Minor features (fallback directory list, backport from 0.3.1.3-alpha):
• Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in December 2016 (of which ~126 were still functional) with a list of 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May 2017. Resolves ticket 21564.
• Minor bugfixes (configuration, backport from 0.3.1.1-alpha):
• Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes bug 22252; bugfix on 0.2.9.3-alpha.
• Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
• Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
• Minor bugfixes (link handshake, backport from 0.3.1.3-alpha):
• Lower the lifetime of the RSA->Ed25519 cross-certificate to six months, and regenerate it when it is within one month of expiring. Previously, we had generated this certificate at startup with a ten-year lifetime, but that could lead to weird behavior when Tor was started with a grossly inaccurate clock. Mitigates bug 22466; mitigation on 0.3.0.1-alpha.
• Minor bugfixes (memory leak, directory authority, backport from 0.3.1.2-alpha):
• When directory authorities reject a router descriptor due to keypinning, free the router descriptor rather than leaking the memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.