Today we are happy to announce an expansion of the Tor community's day-to-day conversations by bridging our IRC community the Matrix platform. For regular Tor users, it means that you can chat with us using a friendly App like Element.
Hello, Tor world! We owe you a thank you. In August, you helped us raise $107,672.20 for the Bug Smash Fund this year! Thank you to everybody who made a contribution to the Bug Smash Fund during the month of August. This work is critical in helping us to provide safer tools for millions of people around the world exercising their human rights to privacy and freedom online.
With the deprecation of V2 onion services right around the corner, it is a good time to talk about V3 onion services. This post will discuss the most important privacy improvements provided by V3 onion services as well as their limitations. Aware of those limitations, our research group at the Institute of Network and Security at JKU Linz conducted an experiment that extracts information about how V3 onion services are being used from the Tor network.
There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.7.1-alpha from the download page on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely some time next week.
Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.
This version is the first alpha release of the 0.4.7.x series. One major feature is Vanguards Lite, from proposal 333, to help mitigate guard discovery attacks against onion services. It also includes numerous bugfixes.
Changes in version 0.4.7.1-alpha - 2021-09-17
Major features (Proposal 332, onion services, guard selection algorithm):
Clients and onion services now choose four long-lived "layer 2" guard relays for use as the middle hop in all onion circuits. These relays are kept in place for a randomized duration averaging 1 week. This mitigates guard discovery attacks against clients and short-lived onion services such as OnionShare. Long-lived onion services that need high security should still use the Vanguards addon (https://github.com/mikeperry-tor/vanguards). Closes ticket 40363; implements proposal 333.
Minor features (bridge testing support):
Let external bridge reachability testing tools discard cached bridge descriptors when setting new bridges, so they can be sure to get a clean reachability test. Implements ticket 40209.