To bring these hidden services out into the open where people will actually use them, Tor Project developers have outlined a two-step plan that will begin by soliciting users’ opinions on how to improve the hidden services. Then, to finance the actual work, they plan on starting a crowdfunding campaign.
The money is sorely needed; until now, Tor's hidden services have been largely developed by volunteers.
Changes to Tor’s hidden services will largely depend on what users want, according to Nick Mathewson, co-founder of the Tor Project. But the team already has a few ideas of its own for how to improve them: expanding Tor-dependent chat protocols like TorChat to mobile phones, for example, and giving developers the option to build a hidden service that sacrifices some anonymity for faster connection speeds—perfect for clearnet sites where users might post personal information, but still want an encrypted connection.
Whatever the eventual outcome of this campaign, the idea is to expand Tor’s powers of anonymity and encryption across more services, where more people can actually use them.
“I think we are experts when it comes to anonymity and privacy on the internet,” Mathewson said. “But one area where a large number of privacy initiatives have faltered is in providing privacy in a way that is compatible with being useful to users. That’s where we hope to get a lot of people involved.”
"The cryptography used in hidden services was very good when we came up with it in 2004, but it’s been 11 years since then"
This idea has been in the works for some time, Mathewson said, and last year Tor Project executive director Andrew Lewman told the Daily Dot that the organization was considering a similar funding drive.
Mathewson told me that the Tor Project developers also wants to fix some of the underlying infrastructure for hidden services—in particular, by dedicating more resources to improving their security. “The cryptography used in hidden services was very good when we came up with it in 2004, but it’s been 11 years since then,” Mathewson said. “We’ve got real cryptographers who would like to help us do it even better this time and get it right.”
“I hope that the users, and the wider internet community at large, will realize that this is important infrastructure,” he continued.
As another example of how investing in and improving the underlying protocols for hidden services could help Tor, Mathewson told me that the distributed denial of service attack that has been hammering the Tor network over the past several days could have been avoided. Right now, the Tor network is extremely susceptible to attacks that overload it with traffic, because it doesn’t have much bandwidth to begin with, and its heavily encrypted packets consume more network resources than typical internet traffic.
But whatever ideas the Tor Project team have in mind, Mathewson said, the key is that users tell them what to improve. So, whether you’re a darknet miscreant skulking in the shadowy corners of Tor’s hidden services, or a big time social network looking to make access to your service more secure, here’s your chance to help decide Tor’s future.
Correction: An earlier version of this article stated that developing Tor has largely been a volunteer project. Rather, developing Tor's hidden services has been a volunteer endeavor. We apologize for this inaccuracy.