For the average Internet users, Tor is easily the most-effective tool for maintaining anonymity and bypassing government censorship, and this is due in large part to the fact that the Tor Project works to hard to maintain the service and ensure that bugs and vulnerabilities are always being patched. The problem is, the group of people that helps the Tor Project find these bugs is very small, and while the organization expressed its gratitude to them, it also made it clear that it needs more people looking for bugs if it wants to maintain Tor properly. To do this, the Tor Project will be launching its first bug bounty program this week.
Found a bit of rot in one of the anonymizing layers of the Tor service? It well might be worth something – something monetary, that is, beyond just good karma with the pro-privacy population. The Tor Project on Monday announced that as of the New Year, it will be paying bug bounties. The bounty program was announced at the State of the Onion address at the annual Chaos Communication Congress art, politics and security conference in Germany, according to Motherboard. The reference to onion, of course, is that Tor is short for “The Onion Router,” because it shuffles traffic around randomly inside its network, wrapping each step in its own layer of encryption, in the way that an onion is made up of concentric layers. Nick Mathewson, co-founder, researcher, and chief architect of the Tor Project, told the publication that when it comes to scouring code, it’s time to get more people on board: “We are grateful to the people who have looked over our code over the years, but the only way to continue to improve is to get more people involved.”