Tor’s latest release makes it easier to find secure onion services

Tor Browser 9.5 is also working towards making Dark Web addresses easier to remember.

Tor Project to fix old bug used against dark web (.onion) websites.

The Tor Project has introduced new features in its browser's latest release designed to make accessing onion addresses easier and more memorable. 

On Tuesday, the non-profit released Tor Browser 9.5, a build the team says is "focused on helping users understand onion services."

Derived from the idea of onion routing, the Tor Project provides a browser able to access .onion domains to improve anonymity and reduce the risk of tracking by passing requests through multiple servers and encrypting at each node. 

While some associate Tor with the Dark Web and criminal activities, the network is ultimately used to bypass censorship and to make accessing Internet services a private affair for civil rights groups, the media, lawyers, and members of the public concerned about their individual privacy.  

See also: Black Lives Matter: Turning words into action

With the introduction of version 9.5, the Tor Browser now includes an opt-in feature for desktop users to automatically select an onion variant of an online service if the vendor in question has made one available. 

"For years, some websites have invisibly used onion services with alternative services (alt-svc), and this continues to be an excellent choice," the Tor Project says. "Now, there is also an opt-in mechanism available for websites that want their users to know about their onion service that invites them to upgrade their connection via the .onion address."

Publishers can now use an HTTP header to make their users aware of their onion service. The Tor Project says that if the "Onion Location" feature is enabled, visitors will be shown a prompt and asked if they wish to select the onion alternative. 

screenshot-2020-06-03-at-09-02-18.png

The names of onion services will also potentially being overhauled in the future. Often made up of random letters and numbers for the purposes of cryptographic protection, domain addresses can be extremely difficult to remember. 

CNET: DEA reportedly authorized to 'conduct covert surveillance' of George Floyd protests

To reach this goal, the Tor Project has partnered with Freedom of the Press Foundation (FPF) and the Electronic Frontier Foundation (EFF)'s HTTPS Everywhere scheme to start developing onion names that are both memorable and secure. 

The first proof-of-concept names have been developed, an example being Lucy Parsons Labs, switched from qn4qfeeslglmwxgb.onion to lucyparsonslabs.securedrop.tor.onion. Based on feedback, the Tor Project and partners will consider the next steps to potential deployment to other domains. 

Alongside these features, the browser's latest release includes improved secure/non-secure web address alerts. Following in the footsteps of Firefox, the browser will now use modern indicators to make it easier for users to understand when they have landed on a non-secure site. 

TechRepublic: How to protect your organization against Business Email Compromise attacks

Tor Browser 9.5 also includes security fixes for Mozilla's Firefox browser, introduced on June 2 with the release of Firefox 77. Firefox's core code provides the backbone of the Tor Browser, albeit with overlays and changes to promote user security and privacy developed by the Tor Project team. 

In related news, the Tor Project recently had to lay off 13 out of 35 members of staff due to the economic disruption caused by the novel coronavirus outbreak. The non-profit said the crisis hit them "hard" and, going forward, the core team will be made up of 22 people.  

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0