Washington D.C.-based exploit prevention company Zerodium Inc. Wednesday announced a new bug bounty program that will pay up to $1 million to security researchers and white hat hackers who identify new exploits in the Tor browser on security-focused Tails Linux and Windows.

Tor is the anonymous network perhaps best known as being the gateway to the dark web of often shady sites. But it’s also used to access the Internet by those who are seeking to not be identified, from the security-conscious to those in totalitarian countries with Internet monitoring or censorship.

The highest bounty in the new program is $250,000 for an exploit that could allow an attacker or government to hack a person using the Tor browser with Javascript turned off, the highest security default setting. Other bounties include $75,000 for exploits that work with Javascript turned on.

“While Tor network and Tor Browser are fantastic projects that allow legitimate users to improve their privacy and security on the internet, the Tor network and browser are, in many cases, used by ugly people to conduct activities such as drug trafficking or child abuse,” Zerodium said in a statement. It also added that “we have launched this special bounty for Tor Browser zero-days to help our government customers fight crime and make the world a better and safer place for all.”

That emphasis is ours, but it’s an interesting twist on the Tor platform. On one hand, Tor was initially developed by the United States Naval Research Laboratory with support from the Defense Advanced Research Projects Agency for protecting U.S. intelligence communications online, and it’s still supported by both organizations today. However, given its use by drug traffickers, child pornographers and other nefarious users, Tor is also hated by some governments, including parts of the U.S. government.

The list of countries that either hate Tor or have attempted to ban it include the usual suspects such as China and Russia. But western governments have also spoken out against it. The U.K. has called for it to be banned multiple times, most recently in 2015. In the U.S., the Federal Bureau of Investigation has gone as far as labeling people who run Tor users as being criminal and threatening to arrest them for doing so.

Zerodium’s bounty program runs until Nov. 30, though the company notes that it reserves the right to close the bounty program earlier if the amount paid out exceeds $1 million.

Image: Privacy Canada