Onionize your Workflow with the Onion Guide Fanzine

At the Tor Project, we build technologies that allow anybody to access the Internet privately. We maintain the software that runs the Tor network as well as utilities and clients to use the network. We also collect anonymous data on the network that allows us to detect problems that may occur, and we connect with the users of the Tor network through training and feedback exercises that help to improve our tools.

In some places, the organizations and individuals we work with are in risk of persecution for the digital services they run. It could be reproductive rights services that are criminalized in some countries or content that is censored by an Internet provider or government. Or it could be that they need to protect their own users when accessing their content and find a way for their community to use Tor Browser for protection.
 
One way we help human rights defenders and organizations take back their right to privacy online is by helping them to use and set up onion services. Websites that are only accessible over Tor are called "onions" and end in the TLD .onion. For example, the DuckDuckGo onion is https://3g2upl4pq6kufc4m.onion. You can access these websites by using Tor Browser. The addresses must be shared with you by the website host, as onions are not indexed in search engines in the typical way that other websites are.
 
Last year, thanks to the support of Digital Defenders Partnership, we wrote a series of Onion Guides intended to make it easier for our partners to correctly and safely set up their own onion services. To create these Onion Guides, we collected and improved existing disparate information about the benefits of onion services and how to set them up for a website. 
 
During the last activity of this project, we ran a survey between December 2020 and January 2021. The participants were partner organizations and individuals who were known to use onion services and had received training from Tor in the past. All questions asked were related to the Onion Guides and onion services. Five people responded to this survey.
“[Tor] offers the possibility for those of us who do work for social transformation to access the Internet safely, without exposing ourselves or exposing our processes, but also, it is a tool that is there and can be even more accessible to different people in different territories.” - Survey response.
When asked if they can define onion services, all participants in this study gave different answers. Some related to specific services, like OnionShare and SecureDrop; others associated onion services to a service without metadata; only two participants answered that it is a service that can only be accessed over the Tor network.
 
When asked if onion services respond to the threats they or their organizations face, most participants answered YES. One of the participants answered NO. Same for the question asking if you feel safer using onion services.
 
When asked to define the best benefit of using onion services, most participants answered (a) anonymity; followed by (b) accessing digital security guides and tools; other mentions were: (c) sharing and storing documents and sensitive information; and (d) NAT punching.
 
When asked if they would recommend onion services to anyone, all survey participants answered YES, because of safety.
 
You can find the Onion Guide in our community portal, well as the section on Onion Services, in English, Spanish and Portuguese. Feel free to use it to set up your own .onion site, and let us know how it works for you.
Anonymous

March 09, 2021

Permalink

The fanzine recommends OnionShare and Ricochet Refresh. Neither has been audited. OnionShare's chat implementation is in fact completely new. If Tor Project recommends it, Tor Project should at least warn people. Otherwise, do a thorough review rather than a recommendation.

The fanzine and community documents for onion services would also do well to mention 1) vanity domain generators for v3 onion addresses, 2) OnionBalance, and 3) possibly EOTK. Newbies from the clearnet are used to memorable domain names. Larger sites demand load balancers. These are important for convincing web and network administrators to set up an onion service.

Read:
https://blog.torproject.org/search/node?keys=vanity
https://blog.torproject.org/search/node?keys=OnionBalance

> Five people responded
> When asked if onion services respond to the threats they or their organizations face, one of the participants answered NO. Same for the question asking if you feel safer using onion services.

I'm curious what that one's reasons were.

Anonymous

March 28, 2021

Permalink

If you start promoting onions as a next generation to TLS, CA, DNS, etc. infrastructure, your message will be much more understandable by the broad audience.

Anonymous

March 28, 2021

Permalink

Speaking of SecureDrop, it would be wonderful if Tor Project had one. Actually you probably do, but it seems to be a secret if so.

Anonymous

March 28, 2021

Permalink

It's very irresponsible that this post introducing the concept of onions would give a V2 address as it's primary "for example" this late into the sunset of V2. Posts like this should be aiming to IMPROVE public understanding of onions, not be introducing obsolete legacy confusions to newcomers. If V2 is being phased out then STOP promoting it to people - months ago!

Join the discussion...

We encourage respectful, on-topic comments. Comments that violate our Code of Conduct will be deleted. Off-topic comments may be deleted at the discretion of the post moderator. Please do not comment as a way to receive support or report bugs on a post unrelated to a release. If you are looking for support, please see our support portal or ways to get in touch with us.

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

12 + 6 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.