Every two years the Hackers On Planet Earth (HOPE) conference is held at the Hotel Pennsylvania in New York City. The Tor Project has held a panel discussion on the state of the Tor Project at each HOPE called The Onion Report, during which the new developments at the Tor Project are discussed. At this year’s HOPE, The Onion Report featured a panel made up of Steph Whited, the Communications Director for the Tor Project, Alison Macrina, the Community Team Lead for the Tor Project, and developers for the Tor Project, David Goulet, George, and Matthew Finkel. Macrina is also the founder and Executive Director of the Library Freedom Project, an organization of librarians which helps libraries promote the protection of privacy rights.
The Communications Director for the Tor Project spoke about how the project now has a new campaign to onionize the web, by getting more sites to offer their site as a Tor hidden service. The project is particularly encouraging news sites and non-profit organizations to onionize their websites. Whited said that the Tor Project developers were working on making the Tor Browser easier for “regular people” to use. Alison Macrina noted that the Tor Project was redesigning their website as easier to use and navigate and focusing on helping new users. The Tor Project has created a new page on their website for helping users troubleshoot problems at https://support.torproject.org which has a list of the most frequently asked questions.
Also speaking on the Tor Report panel at HOPE were Tor developers David Goulet and George, both of whom head up the Tor Project’s Network Team. George told attendees that DDoS attacks on the Tor network were brought under control. The attacks had become a problem in December but the developers modified relays to prevent DDoS attacks. This fix has caused the performance of the Tor network to return to normal. George also announced that the Tor Project had an add-on for onion services available the day of the talk, called Vanguards; designed to protect against a deanonymization threat posed to the new version of the onion service protocol, called a guard discovery attack.
One new development announced at this year’s Tor Report was that the Tor Project is beginning to develop a mobile version of the Tor Browser. Tor Browser developer Matthew Finkel explained some of the new mobile. Currently a separate group known as The Guardian Project develops a mobile browser, called OrFox, that operates similar to the Tor Browser. While OrFox is a pretty good mobile browser to access the Tor network, it does not completely replicate all of the features found in the Tor Project’s desktop Tor Browser bundle. The Tor Project will now have full time developers working on the mobile version of the Tor Browser. When the Tor Browser for Android is released, it will have features from the desktop version of the browser that The Guardian Project’s OrFox browser currently does not have, such as circuit isolation so that each site that is visited uses a different circuit.
An alpha version of Tor Browser for the Android mobile operating system is expected to be released very soon. Finkel explained that it will be much harder to build a version of Tor Browser for iOS because of restrictions with that mobile operating system. The Tor Project’s Application Team is working on releasing a new version of the Tor Browser which uses Mozilla’s latest ESR release of Firefox. The developers of Tor Browser have made changes to Firefox for the Tor Browser which Mozilla is now incorporating into Firefox itself, and so all users of Firefox benefit from the Tor Project through incorporation of their code into the main releases of Firefox. Finkel mentioned how the Tor Project is “eagerly watching” how Brave and Cliqz incorporate Tor into their private browsing modes, thus helping to make private browsing features actually private. “As more patches are upstreamed, we’re very excited to get to a state where we hopefully won’t actually be maintaining our own browser, and everyone will just benefit from a private browser mode that actually is a private browser mode,” Finkel said to attendees.