FYI.

This story is over 5 years old.

Tech

Tor Is Trying to Make Dark Web Sites More Secure

The improvements aim to keep hidden sites' servers and users unknown.
Image: asharkyu/Shutterstock

Tor users were reminded about the importance of dark web security recently with news that a university had unmasked both the servers and users of some hidden services—sites that hide their location using the Tor network—and provided that information to the FBI.

Tor has since patched the vulnerability that the attackers took advantage of, but there are still concerns with some aspects of its security.

Advertisement

With that in mind, the Tor Project is making several security improvements to the infrastructure that allows dark web sites to remain hidden.

"The plan for the next generation of onion services includes enhanced security as well as improved performance," a Tor developer who used the handle "d20" told Motherboard. D20 wanted to remain pseudonymous for privacy reasons.

"When a random person sets up a hidden service, they expect that hidden service to be hidden"

The attack on Tor in 2014 involved setting up malicious nodes within the Tor network and monitoring users' connections to dark web sites. Nodes are parts of the Tor network that can be set up by anybody.

"Guard nodes are the first hop of a Tor circuit and hence the only part of the network that can see the real IP address of a hidden service," d20 said. In other words, they are the first part of the Tor network that dark web sites connect to in order to hide the location of their servers.

The more guard nodes that a hidden service might use, the more exposed it is, and the more likely that a malicious node might unmask its location or users.

"The way Tor currently picks entry guards is not ideal," d20 said, and added that the current code that manages this "is not bulletproof." D20 said Tor is now going to make sure that hidden services use only one guard wherever possible.

Another attack vector on hidden services is via a "directory server." These servers store information about hidden services and are required for a user to access such sites. But directory servers, if run by an attacker, can also be used to harvest the addresses and other details of hidden services.

Advertisement

"It's a problem because when a random person sets up a hidden service, they expect that hidden service to be hidden," d20 said.

If the security of the dark web is not robust for everyone, it will be weak for all

One of the attractions of dark web sites is that they aren't swept up by traditional search engines. If someone sets one up and keeps the address to themselves, the idea is that no one else will come across it. This could help keep a site which political dissidents use to communicate away from the eyes of a government, or, indeed, a forum of child pornography off law enforcement's radar. There are no two ways about it: It's impossible to keep some sites secure and not others.

In order to ensure that the hidden services stay underground, Tor is making changes so that when a directory server exchanges information with a client, an "ephemeral identity" is used.

"So now the directory servers never learn the long-term identity," d20 said.

These improvements "are already being rolled out," Kate Krauss, Tor's spokesperson, told Motherboard in an online chat.

In the continuing debate about encryption, privacy and security, commentators are sure to point to Tor hidden services as another tool for extremists or criminals. That may be true, but if the security of the dark web is not robust for everyone, it will be weak for all.