Hello Tor!

The context for our vision

There is a unique opportunity ahead for Tor. Today, the world-wide debate about privacy and the collection and use of behavioral data has reached a new frenzy. On a societal level, we are starting to feel the chilling effects of data collection and its abuse.

Less than a decade ago, conversations about preserving privacy often lead to the rebuttal, 'I have nothing to hide, why do I need privacy?' Today, this is changing. People are beginning to understand that privacy isn't about hiding bad things--but it’s about what defines us as human beings, who we are. Our day-to-day behavior, our personality, our fears, our relationships, and our vulnerabilities.

We’re watching the tide of public awareness turn. The demand for privacy isn’t going away, and the industry can’t hide from it. We are also hearing that during discussions inside of the big tech companies in Silicon Valley, Tor comes up quite often, as we offer a holistic solution to meet these demands.

Our standards are higher. We offer privacy by design—and we’ve been doing so for more than a decade. We are known for building transparent, ethical, reliable privacy technology.

Leaders in the tech industry have started to look at Tor to meet their user’s expressed needs for these exact reasons. Cloudflare and Brave's integration of Tor technology, Facebook's onion service, file sharing tools like OnionShare and SecureDrop (and their adoption by some of the most important newsrooms in the world[1]), and our ongoing conversations with Mozilla about a possible Tor integration in Firefox, are all examples of how Tor can be the underlying technology for a diverse set of solutions with privacy by design.

Where Tor is right now

When I wrote my first email to tor-project as ED nine months ago[2], we were finalizing a long phase of work to bring a new user experience to Tor users. We put together an ambitious project to meet our users where they are to learn how to improve Tor for them. Every team inside of Tor did something to improve their users’ experience; the Metrics team redesigned their site and merged services like Atlas into the data to make it easier for the user to get what they want. The OONI team went mobile to reach more users and start to improve their end-to-end user experience. The Network team improved the experience of connecting to Tor for users on mobile devices. And of course, changes to Tor Browser, made by the Browser and UX teams, are quite visible, and so are the ongoing improvements to our website. And we created the Anti-Censorship team to make it easier for users who are under censorship to route around that censorship.

Making Tor easier to use for our dedicated user base was a big step for us, because it required the creation of an iterative feedback loop that centers the user at every step of our development process. This has fundamentally changed how we work with one another as a team and community, improved usability for our core users, and set us up to prepare Tor for mainstream adoption.

User experience improvements will make Tor more understandable for more people, and they further our goal of getting Tor into the hands of everybody who choose privacy tools. But it’s not the end of our work.

Preparing Tor for mainstream use also means that we must be able to handle more users and meet speed and usability standards they expect. This is not an easy task; we have a lot of challenges ahead of us. Each team has their own challenges, and all require laying groundwork before we can start building and rolling out improvements. Adequate preparation is necessary to successfully ensure that Tor can meet these new standards.

*That said, we do have an opportunity ahead of us to show the world that our vision of real privacy online is possible, and that is extremely exciting.* I believe that in about two years, we will have successfully laid the groundwork for us to release improvements that will show the impact of this work—more people will have easier, faster access to privacy tools.

Realizing Tor’s Vision

How are we going to get there? The same way we worked as a team to shift our development processes to incorporate user feedback into it. Each team will look at what they can do to drive their area of work towards this unified vision.

For instance, we are all following the Network team efforts to scale the network and improve its performance metrics. This is not an easy task, we had to bring in the Metrics team, researchers, and other stakeholders to build a strategy, broken into phases, to get there. For the next year or so we will be focused on phase 0 and 1 of this strategy, which means we will have a pipeline to drive ideas/research questions into experimentation and validation, so we can release changes that will bring impact to the metrics we have selected to measure this project.

The Anti-Censorship team is working on circumvention solutions that are difficult and expensive for censors to block but relatively easy and inexpensive for us to deploy and to scale, like Snowflake. Beyond that, the team is creating user-friendly experiences to make it easier for censored users to discover their circumvention solutions. Another challenge we face is building more reliable reachability checks in regions where it is quite risky for us to collect these measurements.

On the Browser side, the team wants to shift away from ESR releases, so our users can benefit from getting the latest features, web platform improvements, and security updates sooner. The team is also planning on making browser performance improvements (one of the main pain points for users) and to start experimenting with new ideas :) For instance the idea of offering some add-ons or utilities within Tor Browser, like OnionShare. Another direction we are going with Tor Browser’s UI is continuing to blend our features with the normal mainstream browser experience. This includes things like placing configuration options where the user expects them, like the security options inside of browser preference configurations just like Firefox does.

A lot of this work is directly connected with the Community and UX teams. Right now, the Community team is a one person team, so we must build a strategy to make things work with such limited resources. The main focus will be to build collaboration with volunteers to “help us help others.” And on that point, one of the goals of the team over the next year is to organize user support. Improved user support is an important part of scaling our user base, and it’s work that’s in need of some love. This team will continue to organize security trainings in the Global South and with our UX team to collect user feedback on all the changes made by other teams.

None of this work will be easy, in part because some of our teams are small. Capacity is one of Tor's main challenges right now--and we have to work hard to increase it.

And is why it's very important that we also are dedicating time and energy to our fiscal growth. As Roger says, “Tor does the work of a $100M organization with $4M budget.” That's why we have a team at Tor focused on growing our base of support. The ‘Money Machine’ team just participated in a great training that helped us build tools to organize and manage our strategies. This team has already been kicking ass since its formation around nine months ago, and now has a new boost to be even more efficient at building and executing fundraising strategies.

I am glossing over many other things that folks at Tor know are important too. I am not even getting into the need for collaboration and support between sister projects like the Guardian Project, Tails, and Freedom of the Press Foundation, to name a few. This letter is just to give context to where we are, and why we are moving in a certain direction. But none of this came from my head alone. It came from you. All I am doing is organizing some collective thoughts. Let's enjoy this opportunity we have ahead of us and make the best of it.

Like I said before, these are exciting times for Tor. We can have a big influence on the privacy debate and show that our vision is possible. It will take a lot of work and we have a lot of challenges ahead of us. But it will be worth it. Not for us, but for what we believe the internet should be.

cheers, isabela

[1] https://securedrop.org/directory/ [2] https://lists.torproject.org/pipermail/tor-project/2018-November/002061.html