With the deprecation of V2 onion services right around the corner, it is a good time to talk about V3 onion services. This post will discuss the most important privacy improvements provided by V3 onion services as well as their limitations. Aware of those limitations, our research group at the Institute of Network and Security at JKU Linz conducted an experiment that extracts information about how V3 onion services are being used from the Tor network.
In our last article, published in RIPE's website, we described the work that happened in 2020 related to giving IPv6 support to the Tor network. Tor 0.4.5.1-alpha is the first release that includes all the work described in the RIPE article. Relays running 0.4.5.1-alpha are the first to report IPv6 bandwidth statistics.
As you might have heard, some onion services have been experiencing issues with denial-of-service (DoS) attacks over the past few years. In this post, we would like to present you with two options that we believe can provide a long-term defense to the problem while maintaining the usability and security of onion services.
This blog post aims to give some more context about an attack that happened earlier this year on the Tor network and what we have done to address this type of attack. We also want to share some information about the Tor Project’s capacity right now and some of our plans for the future.
At the beginning of August 2019, we asked you to help us build our very first Bug Smash Fund. This fund will ensure that the Tor Project has a healthy reserve earmarked for maintenance work and smashing the bugs necessary to keep Tor Browser, the Tor network, and the many tools that rely on Tor strong, safe, and running smoothly. We want to share a final update on the work the 2019 Bug Smash Fund made possible.
So far, we’ve marked 77 tickets with BugSmashFund. As of today, 56 of those tickets have been closed, and 21 of them are still in progress. With this reserve, we’ve been able to fix bugs and complete necessary maintenance on core tor, bridgedb, Snowflake, and Metrics, as well as complete the Tor Browser ESR 68 migration.
The biggest change introduced thanks to this project is a generic publish-subscribe mechanism for delivering messages internally. It is meant to help us improve the modularity of our code by avoiding direct coupling between modules that don't actually need to invoke one another.