Tor Project Joined HackerOne to Launch Bug Bounty Program

Updated on:
TOR on black cubes background
The Tor Project announces a bug bounty program with HackerOne, which has run similar programs to handsomely reward users who identify bugs in software.

Within the world of technology, those who create new programs and software solutions put their products through rigorous tests before releasing them to the public.

But times have changed. Now, technology companies have improved their capabilities to such an extent that they challenge users to detect bugs in their programs and they pay them for it.

And there are many instances of companies doling out millions of dollars under such schemes, which are popularly called “bug bounty programs.”

The latest to join this trend is the Tor Project, which has roped in HackerOne as its partner in this endeavor.

Together, they’re prepared to reward the users of Tor (The Onion Router), if they can find out deficiencies in the browser.

A Little About Tor & HackerOne

The Tor browser’s uniqueness lies in the fact that it doesn’t leave any track of the sites visited by the computer user.

Your TOR usage is being watched

It is more or less like the incognito feature on Chrome or the Private Window option on the other browsers, but with some extra privacy boosts.

This is one reason why Tor is the preferred browser for people who access darknet sites or for internet users in investigative professions.

But Tor is not limited for use on the dark web alone.

It is understood that more than a million people accessed Facebook each month in the last year through the Tor browser. This is how popular the program is.

Similarly, HackerOne has had its own set of successes in helping developers locate bugs and run these bounty offering campaigns.

The company has already done this before for many other organizations including Twitter, Uber, and many others. HackerOne even partners with United States government departments, including the Department of Defense.

Records indicate that this agency has paid out a staggering $18.7 million running 852 such bug bounty programs. The number of bugs fixed stands at close to 50,000.

This new arrangement with Tor falls on similar lines with HackerOne’s previous work—the organization will lead the bug bounty program on behalf of Tor.

The Actual Project

In an announcement, the Tor Project said it envisions a two-stage rollout for the program.

Initially, it may invite internet security researchers to participate, along with hackers of the ethical, “White Hat” variety. But the program will be open to the public at large as well.

In most such bounty programs, the developer opines that it is advisable to have positive-minded experts detect the errors and bugs, rather than a mischief-maker exploiting the loophole for devious purposes.

The bounty offered can be as high as $4,000 per report if the fault reported is genuine and worthy of the reward.

Minor issues reported may be rewarded as low as $100 to $200. Even others who report just minor issues may receive some rewards in the form of t-shirts or similar items.

Tor’s Previous Bug Bounty Efforts

TOR on Variegated Puzzle on White Background
The bounty program will be open to the public

The current bounty program, in association with HackerOne, is expected to be a large-scale operation. But this isn’t the first Tor has undergone in its history.

The Tor Project ran a limited program in early 2016 as well, but it was meant to include only a closed group of experts.

In that sense, this program can be considered the first major, wide-scale bug bounty attempt by Tor throughout its 15-year existence.

Tor Serves an Exclusive Club of Users

The Tor browser offers its users the ability to conceal his or her location. This is made possible by routing traffic through a multiplicity of layers.

Some of the positive users of this facility offered by Tor include whistleblowers and those who are working to investigate crimes and scandals within government setups.

These can also be investigative journalists who may want to gather and even share information without being observed or monitored by the prying eyes of intelligence agencies working on behalf of the government.

The other set of users of the Tor browser can be categorized as being criminally-minded, like those dealing in all sorts of illicit online transactions, particularly through darknet sites.

Write for us


The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.


  1. Anonymous

    With this version I get the “security could be compromised” message so I have to load 6.5 version. I thought I found their “contact us” page and unloaded my problem only to get an answer from Stack Overflow saying I sent it to the wrong place. I find it impossible to get help but it is free, however if it does not work for me it is worthless.

  2. Anonymous

    You mean the error when logging into .onion and non https? That is how 7.0+ is designed, to warn users when entering data on non https sites, it throws the error on .onion because they typically have no SSL/TLS certificate (https) but that’s because they don’t need one, they are end-to-end encrypted just like regular https sites, in-fact, .onion sites are even more secure than clearnet https enabled sites because they aren’t susceptible to things like MITM attacks and certificate spoofing/hacked certificate authorities (the kind of attacks that National Security Letters give Governments the ability to carry out at will).


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.