Volunteer Spotlight: Alec Helps Companies Activate Onion Services

Tor is a labor of love built by a small group of committed individuals, but we’re lucky to have...
Tor is a labor of love built by a small group of committed individuals, but we’re lucky to have...
The free and open internet was under attack in 2017, but Tor was there to fight for privacy and security every step of the way.
We are hyped to present the next generation of onion services! We've been working on this project non-stop for the past 4 years and we officially launched it two weeks ago by publishing our first alpha releases. All in all, the new system is a well needed improvement that fixes many shortcomings of the old design, and builds a solid foundation for future onion work.
This post explores how Tor onion services can be integrated into existing web services, making them more secure. This integration will use the “publish / subscribe” pattern over Tor to trigger re-builds of the txtorcon documentation (which is hosted on an onion service). We will use Tor to transport the published messages so the network-location of the machine hosting the onion service remains hidden. We will use a messaging system called “Web Application Messaging Protocol” or WAMP.
We’re looking for technical people to come help us test next-gen onion services. They’ve been fully merged into tor-0.3.2.1-alpha, and the latest version of Tor Browser supports them. We're still in the testing phase, though -- keep an eye on this blog for the official launch.
Hello! We found a security issue in the onion service code (CVE-2017-0380, TROVE-2017-008) that can cause sensitive information to be written to your logs if you have set the SafeLogging option to 0. If you are not running an onion service, or you have not changed the SafeLogging option from its default, you are not affected. If you are running 0.2.5, you are not affected. (0.2.4, 0.2.6, and 0.2.7 are no longer supported.) For more information, including workaround steps, see the advisory.
The goal of our study is to understand your expectations, assumptions, and habits when browsing onion services. For example, we are wondering: How do you keep track of onion domains? How do you discover new onion services? How do you know an onion service is legitimate and not an impersonation? By answering these questions, we can identify usability issues and build better anonymity technology.
While the majority of people use Tor to reach ordinary websites more safely, Tor can also be used to access websites and services that live inside the Tor network. We call those onion services (formerly: hidden services).
Hello again, this blog post is the second issue of the Cooking with Onions series which aims to...
During the month of December, we're highlighting other organizations and projects that rely on...