All contributions made to the Tor Project's Open Collective go towards our Bug Smash Fund. This fund ensures that the Tor Project has a healthy reserve earmarked for maintenance work and smashing the bugs necessary to keep Tor Browser, the Tor network, and the many tools that rely on Tor strong, safe, and running smoothly. Below we are sharing an update, which is a modified version of the a Tor blog post originally published February 12, 2021.

We want to share an update on some of the work the Bug Smash Fund has made possible.

Since 2019, we’ve marked 134 tickets with BugSmashFund. As of today, 97 of those tickets have been closed, and 37 of them are still in progress. This year, we've used the Bug Smash Fund to work on continuous integration tooling, Tor Browser improvements, defense against DDoS on onion services v3, GetTor, Arti, and security fixes. We have also used the Bug Smash Fund to create a new status.torproject.org page, which will act as a landing place for network and service status updates.

Thanks for supporting this work!

Below is a list of many of the tickets we’ve closed so far.

Continuous integration tooling

When we made the transition from Trac to GitLab for issue tracking, we moved our CI tooling into GitLab CI and Appveyor. Because this work is critical--but not covered by a grant--the Bug Smash Fund helped us to fix the CI pipeline in GitLab and improve the infrastructure we use to develop Tor. See all CI tickets.

• Fix issue when using FALLTHROUGH with ALL_BUGS_ARE_FATAL #40241
• Travis chutney tests are borked by two bad commits #40204
• Nightly Windows build failures on both 32-bit and 64-bit #40199
• Parallelize several tests to make hardened-build CI faster. #40098
• Remove AppVeyor VS2015 build #40091
• Assertion buf->tail failed in buf_assert_ok at src/lib/buf/buffers.c:919 #40076
• Use stale bot to close old pull requests #33629
• factor out supporting shell scripts from CI configs #32943
• Remove 0.2.9 from the jenkins builders #32776
• Remove Jenkins tor master jobs which don't have OpenSSL 1.1.1 #32773
• update .gitlab-ci.yml to remove broken cruft and add a complete test suite #32193
• Wrap our Travis commands with travis_retry, to mitigate network timeouts #31921
• Add a beta RUST_VERSION build to Travis CI #31862
• Should we CI-build with --disable-module-dirauth and -O0? #31560
• Run clang's scan-build in Tor's CI #30225
• update travis CI to ubuntu xenial image when available #27859
• Debian Hardened CI failures due to lack of ptrace #40275
• Run sandbox tests on Xenial and Bionic #32817
• Make the seccomp sandbox work with Ubuntu Xenial and Bionic #32722
• Define ExecuteBash in the Appveyor error block #31884

Tor Browser

The Bug Smash Fund helps us to resolve issues in Tor Browser that are not part of a grant or sponsored project, including fixing AV1 playback. It has also helped us make updates to Tor Browser's custom UI.

• Include bridge configuration into about:preferences - tpo/applications/tor-browser #31286
• Disable tracking protection UI in FF67-esr - tpo/applications/tor-browser #26345
• AV1 playback doesn't work on Windows #40321
• Firefox icon is shown for Tor Browser on Windows 10 start menu #22654
• Prep 10.5a10 (Windows) #40227

GetTor

GetTor is a tool that allows users to download Tor Browser in places where https://torproject.org is censored. GetTor responds to emails from users with the files they need to install Tor Browser. The Bug Smash Fund helped us to make sure GetTor logs are scrubbed of personal info (#34058).

Network Health

Over the last month, overload bugs on the directory authorities have caused v3 onion services to become unreliable. The Bug Smash Fund was critical here--it allowed us to pivot from other work to address these issues.

• Rebuild fallbackdir list January 2021 #40265
• Extend the DoS subsystem to block addrs that connect too often too #40253
• Assist dir auths with vote visibility #40245
• Exits should block reentry into the tor network #2667

Tor Network Status

We were in need of a clear, easy-to-read place to share updates on the status of the Tor network when there have been disruptions. The Bug Smash Fund allowed us to set up status.torproject.org. Let us know what you think! We also fixed Schleuder, a tool we use to communicate with encrypted email to/from [email protected] (#40002).

Thank you to everybody who made a contribution to the Bug Smash Fund. This work is critical in helping us to provide safer tools for millions of people around the world exercising their human rights to privacy and freedom online.