Tor's Fall Harvest: the Next Generation of Onion Services
We are hyped to present the next generation of onion services! We've been working on this project non-stop for the past 4 years and we officially launched it two weeks ago by publishing our first alpha releases.
What's in an onion?
We are assuming you are familiar with traditional onion services: fun little sites that look like nytimes3xbfgragh.onion. This weird variety of onions has been around for over 10 years and is used for all sorts of things. Here are just some examples:
- news organizations use them for private information disclosure (see SecureDrop)
- websites use them to defeat censorship and provide a secure gateway for their users (e.g. ProPublica)
- the cryptocurrency ecosystem uses them to perform private transactions and mining
- people use them for their reachability and permanent onion address if they are behind NAT or dynamic IP
We believe that being able to express yourself and publish content with privacy is as important as being able to browse the web privately, and hence we consider onion services a critical part of the internet.
As previously mentioned, the legacy onion system has been around for over 10 years and its age has started to show. So let's get a taste of the improvements these next generation onions provide us with:
On the cryptography side, we are looking at cutting-edge crypto algorithms and improved authentication schemes. On the protocol end, we redesigned the directory system to defend against info leaks and reduce the overall attack surface. For example, did you know that in the legacy onion system, the network could learn about your onions? However, with this next-generation design, your onion address is completely private and only known to you and whoever you choose to disclose it to.
Now, from an engineer's perspective, the new protocol is way more extensible and features a cleaner codebase. And finally from the casuals user's PoV, the only thing that changes is that new onions are bigger, tastier and they now look like this: 7fa6xlti5joarlmkuhjaifa47ukgcwz6tfndgax45ocyn4rixm632jid.onion. For more information on the nitty-gritty details, please check out our technical specification.
All in all, the new system is a well needed improvement that fixes many shortcomings of the old design, and builds a solid foundation for future onion work. For more information, please check out our latest alpha Tor Browser release and try it out. You can also setup your own onion service and escape the legacy system for good.
New Features Are Yet to Come!
This is just the beginning, so let's talk about the future.
As the current code stabilizes further, we plan to add features like offline service keys, advanced client authorization, a control port interface, improved guard algorithms, secure naming systems, statistics, mixed-latency routing, blockchain support, AI logic and a VR interface (j/k about some of these). We are planning to take it slow, since there is lots to do and many bugs to squash.
Furthermore, we don't want to destabilize the current onion community and so we are not planning to kill the legacy system just yet. As a matter of fact, the legacy system will remain the default option for some more time, while the userbase migrates to the next generation and as we kill bugs and write features. After a while, we plan to push the switch and make the next gen the default. Then in a few years and if the community welcomes the change, we will phase out the legacy system entirely, and let it lie in eternal internet history... but that's not really soon :)
Help Us Grow!
There are tons of things that need doing and not too many of us! Help and funding is always appreciated.
Are you a project or a company that depends on onion services? Get in touch if you'd like to sponsor us to work on onion services to make them faster, slower, or stabler.
We also need coding help. Are you a computer daredevil? Do you see your life as a protocol in need of optimization? Do you believe in the cause? The first step is to visit our humble test hub and start looking at our code and spec. We have lots of open tickets and a plan forward so get in touch!
And please don't forget to donate to The Tor Project. We are a small team of motivated individuals taking a stand against tracking, surveillance, and censorship, and we hope you'll join us.
We Are Happy Farmers
Finally and before closing this post, the Tor onion services crew would like to extend a huge thank you to the people who made this project a reality.
From initial idea to design to code, we would like to express our gratitude: Nick Matthewson (nickm), Roger Dingledine (armadev), Ian Goldberg, Paul Syverson, Aaron Johnson, Tim Wilson-Brown (teor), s7r, karsten, special, haxxpop, Yawning and the whole Tor Browser Team.
During the testing phase (still ongoing), many volunteers showed up and helped us greatly by reporting bugs to us: loisiqr, cathugger, willscott, epi, micah, pastly, ahf and hellais, and all the people from the test network.
This project started 4 years ago so this can NOT possibly be all the people who helped out so sorry if we forgot about you. It was and still is a humongous team effort coming from the entire spectrum of the Tor community.
Thanks for reading and we are happy to welcome you to this new part of the internet! :)