Tor Adds a Bug Bounty Program
The Tor Project, which is best known for its secure, anonymous browser, has launched a new bug bounty program on HackerOne under the hashtag #HackTor. "Millions of people around the world depend on Tor to browse the internet privately and securely every day, so our security is critical," the organization said. "Bugs in our code pose one of the biggest threats to our users' safety; they allow skilled attackers to bypass Tor's protections and compromise the safety of Tor users."
Tor will pay up to $4,000 for disclosed bugs. In particular it is seeking any flaws that enable remote code execution, local privilege escalation, unauthorized access of user data, or the leakage of cryptographic material of relays or clients.
Recently, the FBI used an undisclosed Tor vulnerability to unmask child pornographers using the network. However, the case was dropped when the law enforcement agency refused to explain how it obtained the information.