Many PI partners work in challenging environments, with massive state surveillance and/or ongoing censorship programmes. Giving them an ability to securely browse the web (both clear and onion) in a way which allows them to evade dragnet surveillance also allows them to conduct investigations securely.
Hello! We found a security issue in the onion service code (CVE-2017-0380, TROVE-2017-008) that can cause sensitive information to be written to your logs if you have set the SafeLogging option to 0. If you are not running an onion service, or you have not changed the SafeLogging option from its default, you are not affected. If you are running 0.2.5, you are not affected. (0.2.4, 0.2.6, and 0.2.7 are no longer supported.) For more information, including workaround steps, see the advisory.
The goal of our study is to understand your expectations, assumptions, and habits when browsing onion services. For example, we are wondering: How do you keep track of onion domains? How do you discover new onion services? How do you know an onion service is legitimate and not an impersonation? By answering these questions, we can identify usability issues and build better anonymity technology.