The dark web is no longer just a marketplace for illicit drugs, weapons, and other nefarious material. Mainstream media and social networks, from The New York Times to Facebook, are also using it to give users an anonymous way to access their sites. These so-called “onion” services can help publishers evade country-specific web censorship, while also delivering their content to people who simply use the Tor Network to surf in private. The tradeoff for anonymity is a sluggish web browsing experience, but it’s a sacrifice more than 2 million people are willing to make. Now, with its almost decade-old onion domains getting rusty, Tor is unveiling its next-gen sites, with the focus on strengthening security.
The Tor Project released a patch for a vulnerability that leaks the real IP addresses of macOS and Linux users of its Tor Browser when they visit certain types of addresses. However, Windows and Tails users running Tor Browser 7.0.8 remain unaffected.
The patch was issued late Friday and fixes a vulnerability found in Tor Browser version 7.0.8. The patch is in an upgrade to Tor Browser 7.0.9.
TorMoil, as the flaw has been dubbed by its discoverer, is triggered “Due to a Firefox bug in handling ‘file://’ URLs, rather than the more common https:// and http:// address prefixes. Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser,” according to a brief blog post published by We Are Segment, the security firm that privately reported the bug to Tor developers.
By using new encryption algorithms, improved authentication, and a redesigned directory, Tor claims its next-gen design will keep an onion address completely private. In the past, its network could learn about your onions, which could have resulted in info leaks and cyber attacks. Just this year, news emerged that a hacker had knocked out about a fifth of the Tor network (over 10,000 “secret” sites in total). “All in all, the new system is a well needed improvement that fixes many shortcomings of the old design, and builds a solid foundation for future onion work,” reads the blog post.