Tor, an acronym of “The Onion Router,” is downloadable software that directs traffic through a volunteer-run network of relays. It’s typically used by whistleblowers and activists or those living under strict government regimes. Major tech companies and media outlets also embrace Tor, with Facebook last year revealing that 1 million people access Facebook via Tor each month.
Bug bounties are big business in general — Google has paid out millions of dollars in awards, while Facebook revealed last year that it had paid out $5 million in five years. Apple launched its first bug bounty program last August.
Founded in 2012, HackerOne’s platform helps companies identify weaknesses in their online systems by offering cash incentives to security researchers and “white hat hackers.” The general idea is that it’s better to have the good guys find security glitches before the bad guys get a sniff. Many well-known companies offer “bug bounty” programs through HackerOne, including Twitter, which paid out more than $300,000 in prizes between 2014 and 2016, and Airbnb, Uber, Yelp, and even the U.S. Department of Defense (DoD).
Through HackerOne, the Tor Project said that it’s looking to award up to $4,000 per report, though it could be as little as $100, depending on the severity of the issue. The bug bounty program was launched with support from the Open Technology Fund.