Why are you launching this special bounty for Tor Browser?

While Tor network and Tor Browser are fantastic projects that allow legitimate users to improve their privacy and security on the internet, the Tor network and browser are, in many cases, used by ugly people to conduct activities such as drug trafficking or child abuse. We have launched this special bounty for Tor Browser zero-days to help our government customers fight crime and make the world a better and safer place for all.

Are exploits affecting Tor network within the scope?

Exploits requiring control or manipulation of Tor nodes, or exploits/attacks that would cause disruption of legitimate use of the Tor network are not accepted.

I thought that JavaScript was not allowed by default in Tor Browser, is it?

For usability reasons, Tor Project has decided to allow/enable JavaScript by default in Tor Browser. NoScript is installed with Tor Browser but it allows JavaScript to run by default (Security Settings set to: Low (default)).

How many exploits will be acquired by ZERODIUM?

ZERODIUM will acquire all eligible exploits. The bounty will be terminated if the total payout to researchers reaches one million U.S. dollars ($1,000,000.00). Afterwards, ZERODIUM will still be accepting/acquiring exploits through its standard zero-day acquisition Program.

Which payment methods will be used by ZERODIUM?

Acquisitions made by ZERODIUM will be paid by bank/wire transfers or using Bitcoins (in specific cases only).

ZERODIUM will pay all bounties in one or two installments and may require that the research meets a specific lifespan.