In the internet era, user privacy has become a hot-button issue in many jurisdictions.
This has led to the development of more than 800 encryption tools that serve to protect the identity of internet users worldwide.
All these tools employ various forms of cryptography to ensure secure communications between parties.
Among the most popular and useful privacy tool is the Tor network.
Since the conception of the Tor, this service has help users browse the internet anonymously.
However, the Tor network is not immune from vulnerabilities and exploits.
For this reason, the Seattle-based organization is constantly working on ways to improve the security of the network.
The Tor Project recently announced that it would be making significant changes on the network in efforts to improve the privacy and security of Tor users.
One of the main changes involves the service that allows users to host websites anonymously and privately.
The Tor network utilizes relays to ensure user anonymity.
Relays are randomly selected computers through which communications can be bounced.
The problem arises from the fact that relays are hosted on secondary websites, which can be taken down or pressured to censure internet activity.
Tor changes seek to address this problem by upgrading the onion services feature.
Onion services allows users to operate a website, chat service, file sharing site or video calling platform using a dedicated server or their own devices while still maintaining anonymity.
This way, authorities or opponents will find it very difficult to take them down.
The upgrade will cater to a number of flaws exhibited in the original design of onion services.
They will also incorporate the latest cryptography to make the service safe for years to come.
The Tor Project seeks to enhance security and improve user privacy for the existing users.
They also aim to entice new users who may have been critical of the network’s ability to protect their privacy.
There are currently approximately 50,000 onion services running on the Tor network.
Due to their occasional offline and online status, obtaining definite numbers is not so easy.
The Tor Project, by policy and design, has no account of the activities carried out by the onion services operating on the Tor network.
Anonymity services have in the past been largely adopted by users for criminal purposes.
However, this is no longer the case as more and more internet users utilize these tools for ethical and legal reasons.
It is not possible to know about an onion service if the operator chooses not to broadcast its existence.
Tor search engine services such as Ahmia enable users to locate onion services that have been publicly broadcasted.
A Tor user can set up an onion service manually or by utilizing third party programs such as Onionshare.
This could only be known by the creator who could then develop ways of making the service known to certain parties.
However, other parties and opponents could be able to learn about the newly created onion service due to a flaw in the system design.
The flaw arises from the fact that onion services have to broadcast their existence to a number of Tor relays.
A cyber attacker, for instance, could manipulate sufficient relays to identify new onion service registrations and develop an index of public and private onion sites.
This is exactly what happened back in 2014.
By exploiting this design flaw, an attacker could render onion services unreachable by replacing service relays.
Opponents could essentially take entire sites offline.
The Tor network modifications will prevent these scenarios from occurring in two ways.
First, the network will randomly assign the relays that each onion service contacts.
Secondly, the relay message will be encrypted, thus making it unreadable to the human operator.
The relay will be able to automatically follow the command.
In addition, the onion domain names will exhibit additional characters.
Traditionally, onion domain names were made up of 16 randomly generated characters.
The new domain names will have 56 random characters.
These upgrades are meant to make it much more difficult to discover private onion services.
In case a user manages to find hidden services, they will be required to submit a password.
For additional protection, The Tor Project has switched from the older RSA cryptosystem to the more efficient elliptic-curve cryptography.
Other elements that have been upgraded are the hash functions and secret keys for the Advanced Encryption Standard.
These improvements will be implemented in the coming months.
Tor users can rest easy knowing that their privacy and anonymity will be protected for a long time to come.
Latest posts by Richard (see all)
- Exclusive Interview with Commander X - September 22, 2018
- Further Tor Vulnerabilities Discovered: Public IP Address of Tor Hidden Sites Identified via SSL Certificates - September 7, 2018
- What is SADD.IO and How Does It Work? - September 3, 2018