Anonymity network will pay hackers who find flaws

The nonprofit behind the largest online anonymity network said Tuesday it was launching a reward program for researchers who uncover vulnerabilities in Tor applications.

The “bug bounty” program was announced during the Tor Project’s “State of the Onion” talk at the Chaos Communication Congress, an annual technology and politics conference in Hamburg, Germany. “Onion routing” is the technical method used to encrypt and hide communications on the Tor network.

ADVERTISEMENT
Vice Media's Motherboard first reported the new program.

“This program will encourage people to look at our code, find flaws in it, and help us to improve it,” Nick Mathewson, co-founder of the Tor Project, told Motherboard.

Tor’s program follows in the footsteps of major tech companies like Facebook, Google and Microsoft. United Airlines also made headlines recently when it became the first airline to launch its own bug bounty program, eventually awarding millions of frequent flier miles to hackers.

The Tor Project’s move is an attempt to strengthen the security of its network. For years, Tor has relied on a handful of researchers examining its code, but more people are turning to the Tor network for digital privacy and security.

“We’re growing, we’re really really growing,” said Roger Dingledine, one of the original developers of Tor, during Tuesday’s talk. “More and more people [are] just doing regular things with Tor, protecting themselves.”

Law enforcement officials have also cracked the anonymity of numerous Tor users in several massive digital raids over the past year. The sting took down dark Web markets selling drugs and other illegal goods and services.

The Tor Project has long expressed frustration with officials’ reluctance to explain whether they had discovered major vulnerabilities during their investigation.

After the crackdowns, many feared Tor had been widely compromised, potentially threatening its usefulness for those who rely on it to avoid persecution, such as political dissidents and journalists working under oppressive regimes.

The bug bounty program is an attempt to discover and fix any vulnerabilities before they are exploited.

Tor will pay researchers anywhere from a few hundred dollars to tens of thousands of dollars for turning over security shortcomings, Motherboard reported.

The Open Technology Fund, a nonprofit that advances human rights through technology, will help fund the program, which will begin as an invite-only initiative.