Millions of people around the world use Tor every day to protect themselves from surveillance and censorship. While most people use Tor to reach ordinary websites more safely, a tiny fraction of Tor traffic makes up what overhyped journalists like to call the “Dark Web”. Tor onion services (formerly known as Tor hidden services) let people run Internet services such as websites in a way where both the service and the people reaching it can get stronger security and privacy.
The year 2004 was the first release of the onion service protocol. Over the years, as it aged, weaknesses started to appear in its design. These design flaws are a problem because people rely on onion services for many critical use cases, like metadata-free chat and file sharing, safe interaction between journalists and their sources, safe software updates, and more secure ways to reach popular websites like Facebook.
In this talk I’ll shortly present our legacy onion service, then an in-depth look of our new and improved onion service design, which provides stronger security and better scalability and a status update on the development.