The release of the Tor 0.4.7.7 toolkit used to organize the work of the anonymous Tor network is presented. Tor 0.4.7.7 is recognized as the first stable release of the 0.4.7 branch, which has been in development for the past ten months. The 0.4.7 branch will be maintained as part of the regular maintenance cycle – updates will be discontinued 9 months later or 3 months after the release of the 0.4.8.x branch.
- Added an implementation of the RTT Congestion Control that regulates traffic routed through the Tor network (flow control on the client side, exit nodes and onion services, but without delay correlation on different sides). The protocol aims to overcome the current bandwidth limitations and reduce the size of relay queues. Until now, the speed of a single download stream through output nodes and onion services was limited to 1 MB / sec, since the send window has a fixed size of 1000 cells per stream and 512 bytes of data can be sent in each cell (stream speed with a delay in the chain of 0.5 sec = 1000*512/0.5 = ~1 MB/sec). To predict the available bandwidth and determine the total size of the packet queue, the new protocol uses an estimate of the round trip time (RTT), which serves as a criterion for limiting the sending of data. The simulation showed that the use of the new protocol on exit nodes and onion services will lead to a decrease in queue delays, removal of restrictions on the flow rate, an increase in the performance of the Tor network and a more optimal use of the available bandwidth. On the client side, flow control support will be offered on May 31st in the next major release of Tor Browser, built on the Tor 0.4.7 branch.
- Added simplified Vanguards-lite protection against deanonymization attacks of short-lived onion services, which reduces the risk of detecting guard nodes (guard) of an onion service or onion client when the service has been running for less than a month (for onion services running more than a month, it is recommended to use add-on vanguards ). The essence of the method is that onion clients and services automatically select 4 long-running guard nodes (“layer 2 guard relay”) for use in the middle of the chain, and these nodes are stored for a random time (on average, a week).
- For directory servers, the ability to assign the MiddleOnly flag to relays using a new consensus method has been implemented. The new method involves moving the logic of setting the MiddleOnly flag from the client level to the side of directory servers. For relays marked MiddleOnly, the Exit, Guard, HSDir and V2Dir flags are automatically removed, and the BadExit flag is set.
Addendum: Next, another test version of the Arti 0.3.0, which develops the Tor client written in Rust, has been published. A 1.0 release is planned for September with API, CLI and settings stabilization, which will be suitable for initial use by regular users. When developing the project, past Tor development experience was taken into account, which will avoid known architectural problems, make the project more modular and efficient. The most notable changes in the 0.3.0 release are related to work on improving reliability, adding automatic time discrepancy, support for secure logging (excluding client-related information from logs), and expanding the configuration management API.