As you might have heard, some onion services have been experiencing issues with denial-of-service (DoS) attacks over the past few years. In this post, we would like to present you with two options that we believe can provide a long-term defense to the problem while maintaining the usability and security of onion services.
This blog post aims to give some more context about an attack that happened earlier this year on the Tor network and what we have done to address this type of attack. We also want to share some information about the Tor Project’s capacity right now and some of our plans for the future.
At the beginning of August 2019, we asked you to help us build our very first Bug Smash Fund. This fund will ensure that the Tor Project has a healthy reserve earmarked for maintenance work and smashing the bugs necessary to keep Tor Browser, the Tor network, and the many tools that rely on Tor strong, safe, and running smoothly. We want to share a final update on the work the 2019 Bug Smash Fund made possible.
So far, we’ve marked 77 tickets with BugSmashFund. As of today, 56 of those tickets have been closed, and 21 of them are still in progress. With this reserve, we’ve been able to fix bugs and complete necessary maintenance on core tor, bridgedb, Snowflake, and Metrics, as well as complete the Tor Browser ESR 68 migration.
The biggest change introduced thanks to this project is a generic publish-subscribe mechanism for delivering messages internally. It is meant to help us improve the modularity of our code by avoiding direct coupling between modules that don't actually need to invoke one another.
I'd like to tell you about some of our work your contributions can help over the coming year. I'll be focusing on things that my team works on in the "tor" program itself.
The Tor network is comprised of thousands of volunteer-run relays around the world, and millions of people rely on it for privacy and freedom online everyday. To monitor the Tor network's performance, detect attacks on it, and better distribute load across the network, we employ what we call Tor bandwidth scanners.