Tor Project sessions at RightsCon Costa Rica (2023)

Join us at RightsCon Costa Rica! The Tor Project will be present from June 5th to 8th, 2023.

During this event, we will engage in various sessions, sharing insights on Tor, Internet Freedom, and ways to circumvent Internet censorship. We have compiled a list of sessions, including online, offline, and hybrid formats, to ensure you can actively participate with us.

Rights Con Costa Rica

The role of free and open source software for digital resilience of civil society

June 6, 2023 | 3:45 - 4:45pm

In today’s digital age, after ten years of Snowden revelation and the growing digital authoritarianism, protecting the security and privacy of civil society organizations is more critical than ever. However, many organizations in the Global South struggle to find the right tools and resources to do so. This session will explore the use of free and open-source software (FLOSS) as a solution for digital security in civil society. We will explore the benefits of FLOSS, including its transparency, flexibility, and community-driven development. We will discuss how FLOSS can help organizations protect their work and data from cyber threats, defend against government surveillance and censorship, and improve their overall digital security culture. This session will explore real-world examples of FLOSS in action, highlighting the successes and challenges faced by organizations in the Global South that have adopted it.

This session will also discuss the development of FLOSS and how it can be targeted at the needs of civil society in the Global South. The needs and behaviors of this target audience are often distinct from more privileged users. We will discuss how to take that into account and hear from the participants about their perspectives during the dialogue. Overall, this session will provide a comprehensive look at the benefits and challenges of using and developing FLOSS for digital security in civil society and will offer concrete examples and actionable insights for organizations looking to improve their digital security posture.

Host institution: The Tor Project

Speakers: Isabela Fernandes, Cathy Richards, Brian Byaruhanga, Rafael Bonifaz. Facilitator: Raya Sharbain

Showcasing the ISOC Net Loss Calculator: measuring the economic impact of internet shutdowns

June 6, 2023 | 6:15 - 7:15pm

Current approaches to measuring the cost of Internet shutdowns do not adequately take into account several factors that could affect economic output. They also often rely on a simple formula to compute a quick and easily digestible estimate. ISOC has developed a new economic impact assessment methodology which we intend to preview exclusively at RightsCon 2023. The aim of the session is to discuss key factors that affect the economic loss of Internet Shutdowns with a group of experts, with a sneak peek at ISOC’s Cost of Internet Shutdowns Calculator. A facilitator will lead the session from the Internet Society together with 3-4 speakers, one each from academia, the private sector, policy, and advocacy, the Internet technical community, or civil society. They will be invited to provide specific feedback, drawing from their own experiences and potential use cases for the tool. Participants will engage in discussions around the techniques to measure the economic impacts of Internet shutdowns globally.

The session will encourage participants to engage with our methodology to “measure” the economic impact of Internet shutdowns, and take a poll on factors they think would be most likely associated with shutdowns. We will then synthesize key suggestions from panelists and participants to improve the accuracy of our calculator. We will also collect participant feedback using an anonymized post-session survey form.

Speakers: Anirudh Tagat, Wairagala Wakabi, Raya Sharbain, Udbhav Tiwari.

An onion a day keeps the police away: resisting surveillance with Tor and onion services

June 7, 2023 | 1:15 - 2:15pm

Onion services are websites or online services that are only available through the Tor network; i.e. they’re websites whose URL ends in “.onion” and can only be accessed through Tor Browser. Many human rights organizations and news media outlets make use of onion services today to provide a way for their readers and audiences to access the content they publish safely and anonymously. But onion services are often referred to as “the dark web”, a term used to speak negatively about encryption specifically in the context of governments encouraging encryption backdoors. During the session we will present the Tor network, explain what onion services are, and how they work.

The session will aim to demystify the “deep/dark web” illusion and focus on the benefits of onion services for protecting freedom of expression, safety, and online privacy. We will also highlight how onion services further protection against prosecution. There will be a hands-on demonstration to illustrate how simple it is to setup an onion service via OnionShare, an open source tool that lets users safely share files and host websites via the Tor Network. Participants will be encouraged to download OnionShare and try for themselves. The session will provide an opportunity for participants to share their perspectives on Tor, onion services, and these technologies’ role in combating network censorship and surveillance. Finally the session aims to spark a discussion on censorship and surveillance resistant technologies: how can we reasonably advocate for the use of Tor and onion services in various contexts?

Host institution: The Tor Project

Lost (and found) in translation: lessons in localizing privacy and safety resources

June 7, 2023 | 6:15 - 7:15pm

It is essential to ensure everyone — especially those at most risk — has necessary privacy and security knowledge to engage online and stay safe in today’s digital world. Communities such as journalists, activists, LGBTQ people, abortion rights advocates, among many others, are facing unique challenges in protecting their safety on and offline across cultures. Design and localizing for each scenario is far beyond simple language translation of the material. To adequately inform non-English speakers on how to protect themselves online and across digital devices, we need to replace the one-way, top-down translating model with a co-design system that prioritizes cultural context, adapting for mediums, engagement behaviors, nuances in power dynamics, and more.

This workshop examines findings from experiences to scale digital safety tools and educational materials and evaluates how changes in content and resources can be adapted to multilingual environments. We will start with the case study of Consumer Reports’ Security Planner, a free and easy-to-use online safety guide for individuals in both English and Spanish. We will share lessons from years of developing and sharing multilingual privacy and security resources with audience testing on how English and Spanish-speaking audiences engage with content. Participants will co-create criteria on how to develop and review a localization process to best support the communities they intend to reach that can be shared and used after RightsCon.

Host institution: Access Now | Digital Defenders Partnership | Localization Lab | PEN America | The Tor Project | Consumer Reports

Please note: In order to ensure a more interactive, hands-on experience, this online workshop is capped at 50 participants and seats will be filled on a first-come, first served basis. The link to enter the waiting room for the session will be made available 5 minutes before the start time, and you will be notified by the technical moderator if you have been admitted.

If all the seats are taken, don’t worry! There are plenty of other sessions and spaces in the program for you to explore.

Speakers: Amira Dhalla, Yael Grauer, Sage Cheng, Raya Sharbain, Elodie Vialle

Are we endangering victims instead of protecting them? Tips for safe documentation in the MENA region

June 7, 2023 | 6:15 - 7:15pm

As civic space continues to shrink in the MENA, activists and CSOs are often forced to conduct human rights documentation from outside the region. This poses a number of issues: by seeking to assist victims of abuses by documenting and speaking out on their situation, we put them at risk (arrest, torture, prosecution, travel ban etc.). Cases of cybersurveillance have demonstrated the importance of human rights practitioners and tech workers to work together.

The session will bring together specialists from both fields to learn from each other and identify solutions to ensure safer human rights documentation. After mapping out the hurdles to documentation, we will look into three tools and invite companies representatives to answer the following questions: - Social media platform: While Mastodon has been presented as an alternative to Twitter (the latter being increasingly risky with, e.g., its infiltration by Saudi spies and the Saudi Kingdom Holding being its second biggest investor), it remains underused and not known by MENA users. What are the pros of using Mastodon, and how can the safety of users be guaranteed? - An email service. Encrypted emails like ProtonMail remain underused in the MENA. What are the benefits of such a tool? - A messaging app. With messaging apps such as Signal being most used when doing documentation, what are the efforts being taken to enhance the safety of users?

Host institution: MENA Rights Group

Under the radar: secure tools, tactics, and networks to evade surveillance

June 8, 2023 | 1:15 - 2:15pm | Online

Contribuye a la red Tor para tener un mejor anonimato en línea / Contribute to the Tor Network for better online anonymity

La red Tor permite a las personas utilizar Internet de una manera segura y anónima. En el año 2018, Derechos Digitales y el proyecto Tor trabajaron en conjunto en la campaña Torrificate. La misma tenía el objetivo de incrementar la contribución de América Latina a la red Tor, investigar la legislación sobre ejecutar nodos de salida en ciertos países y promocionar la adopción de Tor por más personas. En la campaña se trabajo sobre desde lo más básico sobre como utilizar Tor, hasta niveles más avanzados sobre como ejecutar nodos y contribuir a la red. En la actualidad Latinoamérica contribuye con menos del 1% de los nodos en la red. En esta sesión se mostrará y se explicará como utilizar Snowflake, una nueva tecnología que permite contribuir a la red Tor al permitir a personas alrededor del mundo evadir la censura a la red. Para contribuir con Snowflake se puede instalar una extensión en el navegador web o se puede ejecutar un servidor propio de Snowflake. ¡Ven, aprende y colabora!

The Tor network allows people to use the Internet in a secure and anonymous way. In year 2018, Derechos Digitales and the Tor Project worked together on the “Torrificate” campaign. It had the purpose of contribute to the the Tor in Latin America region, research the legal status of running Tor exit nodes in some countries and promoting the adoption of tor for new users. It was from the basics on how to connect to the Tor Network, to more technical on how to run Tor nodes and contribute to the strength of the Network. Latin America is only contributing with less than 1% of this share. In this session we will show and explain how to use Snowflake, a new technology that contributes to the Tor network by helping people around the world to avoid censorship to the network. To contribute with Snowflake you can start by installing a plugin in your web browser or you can run your own standalone Snowflake proxy.

Come, learn and contribute!

Host institution: Derechos Digitales | The Tor Project

Tor booth

June 8th, 9am - 12:30pm (in-person) @ Community Village
Do you want some Tor swag and stickers? We will have a Tor booth on June 8th, between 9 AM till 12:30pm. Come to say hi to us!


Investigar seguridad digital en América Latina no debería ser un crimen

June 8, 2023 | 12 - 1pm -03

Digital security research in Latin America should not be a crime In the digital security space, it is widely accepted that independent research is key to finding and patching security vulnerabilities. States, governments and corporations, however are not always on board with these independent researchers disclosing vulnerabilities and exploits. Independent ad-honorem researches are often criminalized while “for profit researchers” and firms don’t face legal problems. This hinders the ability of research to help the civil society to be more secure, because the access to exploits is control by brokers, governments and corporations. For this reason it is important for governments and lawmakers to incorporate safe mechanisms for independent researchers.

This session will explore the legal and political risks a researcher, a hacktivist or a civil society organization could face when conducting research in digital security or privacy and reporting vulnerabilities, incident and data breaches. Even if some states and enterprises have bug bounty programs in place, the legal frameworks of almost every country don’t include exceptions for ethical hacking and in Latin America there is additional political risk, particularly when the websites, apps or infrastructure analyzed belong to government institutions. We will also explore which resources and strategies could be deployed to reduce those risks from civil society perspective, with good organizational approaches, choice of risk-less technical analysis methodologies or using other organizations like “proxies” for example. We would like to share experiences from LATAM civil society and to talk about those issues through an open perspective and a panel of participants including diversity in countries, genders and perspectives.


En el mundo de la seguridad digital, se reconoce que la investigación independiente es clave para encontrar y resolver vulnerabilidades. Estados, gobiernos y empresas, sin embargo no siempre están de acuerdo con estos investigadores independientes divulgando vulnerabilidades y “exploits”. Investigadores independientes ad-honorem muchas veces son criminalizados mientras los que lo hacen por plata y las empresas no. Esto dificulta la capacidad de la investigación para ayudar a la sociedad civil, porque el acceso a los “exploits” es controlado por vendedores, gobiernos y corporaciones. Por esto, es importante que los poderes ejecutivos y legislativos incorporen mecanismos seguros para los investigadores independientes.

Esta sesión quiere explorar riesgos legales y políticos que investigadores, “hacktivistas” o organizaciónes de la sociedad civil pueden enfrentar cuando investigan en seguridad digital o reportan vulnerabilidades, incidentes y violaciones de datos. Aunque algunos estados y empresas tienen programas “bug bounty”, el marco legal de casi todos los países no incluye excepciones para el “hacking ético” y en America Latina, se suma el riesgo político, en particular cuando los sitios webs, las aplicaciones o la infraestructuras analizadas pertenecen a instituciones gubernamentales. También exploraremos los recursos y estrategias que se pueden implementar para reducir estos riesgos desde la sociedad civil, con buenos acercamientos organizacionales, elección de metodologías de análisis poco arriesgadas o usando otras organizaciones cómo “proxies” por ejemplo. Quisiéramos compartir experiencias desde la sociedad civil latinoamericana y hablar acerca de estos temas en una perspectiva abierta y con una panel de participantes con diversidad de países, género y perspectivas.

Host institution: Access Now | Fundación Karisma