Within the world of technology, those who create new programs and software solutions put their products through rigorous tests before releasing them to the public.
But times have changed. Now, technology companies have improved their capabilities to such an extent that they challenge users to detect bugs in their programs and they pay them for it.
And there are many instances of companies doling out millions of dollars under such schemes, which are popularly called “bug bounty programs.”
The latest to join this trend is the Tor Project, which has roped in HackerOne as its partner in this endeavor.
Together, they’re prepared to reward the users of Tor (The Onion Router), if they can find out deficiencies in the browser.
A Little About Tor & HackerOne
The Tor browser’s uniqueness lies in the fact that it doesn’t leave any track of the sites visited by the computer user.
It is more or less like the incognito feature on Chrome or the Private Window option on the other browsers, but with some extra privacy boosts.
This is one reason why Tor is the preferred browser for people who access darknet sites or for internet users in investigative professions.
But Tor is not limited for use on the dark web alone.
It is understood that more than a million people accessed Facebook each month in the last year through the Tor browser. This is how popular the program is.
Similarly, HackerOne has had its own set of successes in helping developers locate bugs and run these bounty offering campaigns.
The company has already done this before for many other organizations including Twitter, Uber, and many others. HackerOne even partners with United States government departments, including the Department of Defense.
Records indicate that this agency has paid out a staggering $18.7 million running 852 such bug bounty programs. The number of bugs fixed stands at close to 50,000.
This new arrangement with Tor falls on similar lines with HackerOne’s previous work—the organization will lead the bug bounty program on behalf of Tor.
The Actual Project
In an announcement, the Tor Project said it envisions a two-stage rollout for the program.
Initially, it may invite internet security researchers to participate, along with hackers of the ethical, “White Hat” variety. But the program will be open to the public at large as well.
In most such bounty programs, the developer opines that it is advisable to have positive-minded experts detect the errors and bugs, rather than a mischief-maker exploiting the loophole for devious purposes.
The bounty offered can be as high as $4,000 per report if the fault reported is genuine and worthy of the reward.
Minor issues reported may be rewarded as low as $100 to $200. Even others who report just minor issues may receive some rewards in the form of t-shirts or similar items.
Tor’s Previous Bug Bounty Efforts
The current bounty program, in association with HackerOne, is expected to be a large-scale operation. But this isn’t the first Tor has undergone in its history.
The Tor Project ran a limited program in early 2016 as well, but it was meant to include only a closed group of experts.
In that sense, this program can be considered the first major, wide-scale bug bounty attempt by Tor throughout its 15-year existence.
Tor Serves an Exclusive Club of Users
The Tor browser offers its users the ability to conceal his or her location. This is made possible by routing traffic through a multiplicity of layers.
Some of the positive users of this facility offered by Tor include whistleblowers and those who are working to investigate crimes and scandals within government setups.
These can also be investigative journalists who may want to gather and even share information without being observed or monitored by the prying eyes of intelligence agencies working on behalf of the government.
The other set of users of the Tor browser can be categorized as being criminally-minded, like those dealing in all sorts of illicit online transactions, particularly through darknet sites.