Next-Generation Tor Onion Services

Presented at DEF CON 25 (2017), July 28, 2017, 1 p.m. (45 minutes)

Millions of people around the world use Tor every day to protect themselves from surveillance and censorship. While most people use Tor to reach ordinary websites more safely, a tiny fraction of Tor traffic makes up what overhyped journalists like to call the "dark web". Tor onion services (formerly known as Tor hidden services) let people run Internet services such as websites in a way where both the service and the people reaching it can get stronger security and privacy. I wrote the original onion service code as a toy example in 2004, and it sure is showing its age. In particular, mistakes in the original protocol are now being actively exploited by fear-mongering "threat intelligence" companies to build lists of onion services even when the service operators thought they would stay under the radar. These design flaws are a problem because people rely on onion services for many cool use cases, like metadata-free chat and file sharing, safe interaction between journalists and their sources, safe software updates, and more secure ways to reach popular websites like Facebook. In this talk I'll present our new and improved onion service design, which provides stronger security and better scalability. I'll also publish a new release of the Tor software that lets people use the new design.

Presenters:

• Roger Dingledine - The Tor Project
  Roger Dingledine is President and co-founder of the Tor Project, a non-profit that writes software to keep people around the world safe on the Internet. Roger is a leading researcher in anonymous communications and a frequent public speaker. He coordinates and mentors academic researchers working on Tor-related topics, he is on the board of organizers for the international Privacy Enhancing Technologies Symposium (PETS), and he has authored or co-authored over two dozen peer-reviewed research papers on anonymous communications and privacy tools. Among his achievements, Roger was chosen by the MIT Technology Review as one of its top 35 innovators under 35, he co-authored the Tor design paper that won a Usenix Security "Test of Time" award, and he has been recognized by Foreign Policy magazine as one of its top 100 global thinkers. Roger graduated from The Massachusetts Institute of Technology and holds a Master's degree in electrical engineering and computer science as well as undergraduate degrees in computer science and mathematics.

Links:

• https://defcon.org/html/defcon-25/dc-25-speakers.html#Dingledine
• https://infocon.org/cons/DEF CON/DEF CON 25/DEF CON 25 video and slides/DEF CON 25 - Roger Dingledine - Next-Generation Tor Onion Services.mp4
• https://infocon.org/cons/DEF CON/DEF CON 25/DEF CON 25 video and slides/DEF CON 25 - Roger Dingledine - Next-Generation Tor Onion Services.srt (subtitles)
• https://www.youtube.com/watch?v=Di7qAVidy1Y

Similar Presentations:

• NorthSec 2017 / Deep Dive Into Tor Onion Services
• 32C3 (2015) / Tor onion services: more useful than you think
• The Eleventh HOPE (2016) / Understanding Tor Onion Services and Their Use Cases