Tor Project To Launch Bug Bounty Program

Tor would soon be launching a bounty program which would reward any person who finds a vulnerability in one of the most popular anonymity programs these days.

This was announced during “State of the Onion” talk at Chaos Communication Congress, an art, politics, and security conference that is held annually in Hamburg, Germany.

“We are grateful to the people who have looked over our code over the years, but the only way to continue to improve is to get more people involved,” Nick Mathewson, co-founder, researcher, and chief architect of the Tor Project told Motherboard. The program will start in the New Year.

The idea behind this program is to remove all the vulnerabilities which are most of the time found by the hackers and are sold to the government for launching attacks. So, what the program will do is encourage researchers and hackers to find vulnerabilities in return for the reward.

This sort of strategy has been widely employed by nearly all the big companies from around the globe like United Airlines, PayPal, Microsoft, Google etc and has paid a dividend too.

New Exploit Company Zerodium will pay $30,000 to anyone who finds a vulnerability in Tor Browser as it paid $1 million to a group of researchers who found a vulnerability in the latest iOS operating system.

Rewards for bounties range from few hundred dollars to thousands of dollars. Facebook alone spent $1.3 million in bounties in 2014.

“We have a sponsor, OTF , who is paying HackerOne, a company that specializes in this, to help us do it,” Roger Dingledine, co-founder and research director of the Tor Project, told Motherboard.


HackerOne is a perfect platform for the researchers and the companies because it allows companies to put up their programs on the test and for the researchers to gear up for the new challenges. HackerOne rose over $25 million from the private funds this year.

While briefing on the program leading developer for Tor Mike Perry said: “The program will start out invite-only,” and added “specific to our applications” would fall into the program.

So are you ready to earn some big bucks?

Related Posts