onion services | Tor Blog

Onion Service version 2 deprecation timeline

dgoulet July 02, 2020

From today (July 2nd, 2020), the Internet has around 16 months to migrate from onion services v2 to v3 once and for all.

Unveiling the new Tor Community portal

Today, we are officially launching our Community portal. This is part of our continuous effort to better organize all of our different content into portals. The Community portal contains six sections: Training, Outreach, Onion Services, Localization, User Research, and Relay Operations. It's about time that the Tor Project has a dedicated place to help you to help Tor!

22 comments

Cooking with Onions: Reclaiming the Onionbalance

Onionbalance is one of the standard ways onion service administrators can load balance onion services, but it didn't work for v3 onions. Until now.

Tor in the Media: 2019

In 2019, mainstream coverage of privacy wins and challenges increased, and with that, so did coverage of the Tor Project.

15 comments

Reflections from Our Stockholm All Hands

Through partnership with our community and our community’s broader connections, we turned limited resources into a safe space to cultivate connections, collaboration, and progress toward the vision and values that we are all working towards at Tor.

16 comments

Strength in Numbers: An Entire Ecosystem Relies on Tor

If the Tor Project, the Tor network, and Tor Browser were to disappear, what would happen? Not only would millions of global, daily users lose access to Tor’s software, but the diverse ecosystem of privacy, security, and anti-censorship applications that rely on the Tor network would cease to function.

11 comments

Announcing the Vanguards Add-On for Onion Services

George Kadianakis July 20, 2018

Fixing the guard discovery problem in Tor itself is an immense project -- primarily because it involves many trade-offs between performance and scalability versus path security, which makes it very hard to pick good defaults for every onion service. Because of this, we have created an add-on that can be used in conjunction with a Tor onion service server or a Tor client that accesses Tor onion services.

45 comments

Privacy International Protects Partners With Its Onion Address

Many PI partners work in challenging environments, with massive state surveillance and/or ongoing censorship programmes. Giving them an ability to securely browse the web (both clear and onion) in a way which allows them to evade dragnet surveillance also allows them to conduct investigations securely.

26 comments

Italian Anti-Corruption Authority (ANAC) Adopts Onion Services

Anonymity technologies are becoming a legal requirement for public agency and corporate anti-corruption compliance.

36 comments

News Orgs & Activists: Onionize Your Sites Against Censorship

Launching an onion address is a preventative measure for news organizations and activists to take against censorship around the world.

28 comments

Upcoming Events

July 27, 2020 - July 31, 2020

Rightscon online

August 11, 2020 - August 18, 2020

Bornhack (DK)

August 12, 2020 - August 14, 2020

Walking Onions @ USENIX Security Symposium '20

See All Upcoming Events

Recent Updates

#MoreOnionsPorfavor: Onionize your website and take back the internet

Starting today, July 8th, the Tor Project is running a one month campaign called #MoreOnionsPorfavor to raise awareness about onion sites, that is, websites

New releases: Tor 0.3.5.11, 0.4.2.8, and 0.4.3.6 (with security fixes)

We have new stable releases today. If you build Tor from source, you can download the source code for 0.4.3.6 on the website. Packages should be available within the next several weeks, with a new Tor Browser by the end of the month.

There are also updated versions for older supported series. You can download 0.3.5.11 and 0.4.2.8 at https://dist.torproject.org/.

These releases fix TROVE-2020-001, a medium-severity denial of service vulnerability affecting all versions of Tor when compiled with the NSS encryption library. (This is not the default configuration.) Using this vulnerability, an attacker could cause an affected Tor instance to crash remotely. This issue is also tracked as CVE-2020- 15572. Anybody running a version of Tor built with the NSS library should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha or later. (If you are running a version of Tor built with OpenSSL, this bug does not affect your installation.)

Tor 0.4.3.6 backports several bugfixes from later releases, including some affecting usability. Below are the changes in 0.4.3.6. You can also read the changes in 0.3.5.11 and the changes in 0.4.2.8.

Changes in version 0.4.3.6 - 2020-07-09

Major bugfixes (NSS, security, backport from 0.4.4.2-alpha):
- Fix a crash due to an out-of-bound memory access when Tor is compiled with NSS support. Fixes bug 33119; bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001 and CVE-2020-15572.
Minor bugfix (CI, Windows, backport from 0.4.4.2-alpha):
- Use the correct 64-bit printf format when compiling with MINGW on Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha.

New alpha release: Tor 0.4.4.2-alpha

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.4.2-alpha from the download page on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release around the end of the month.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

This is the second alpha release in the 0.4.4.x series. It fixes a few bugs in the previous release, and solves a few usability, compatibility, and portability issues.

This release also fixes TROVE-2020-001, a medium-severity denial of service vulnerability affecting all versions of Tor when compiled with the NSS encryption library. (This is not the default configuration.) Using this vulnerability, an attacker could cause an affected Tor instance to crash remotely. This issue is also tracked as CVE-2020- 15572. Anybody running a version of Tor built with the NSS library should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha or later. If you're running with OpenSSL, this bug doesn't affect your Tor.

Changes in version 0.4.4.2-alpha - 2020-07-09

Major bugfixes (NSS, security):
- Fix a crash due to an out-of-bound memory access when Tor is compiled with NSS support. Fixes bug 33119; bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001 and CVE-2020-15572.
Minor features (bootstrap reporting):
- Report more detailed reasons for bootstrap failure when the failure happens due to a TLS error. Previously we would just call these errors "MISC" when they happened during read, and "DONE" when they happened during any other TLS operation. Closes ticket 32622.

Anti-censorship team report: June 2020

Tor's anti-censorship team writes monthly reports to keep the world updated on its progress. This blog post summarizes the anti-censorship work we got done in June 2020.