The Tor Project is censoring discussion about killing off Tor v2

on blog at

Tor is pretty great. It provides a free pseudoanonymous proxy to the clear web, and more importantly, it provides a secure name to address service in the form of .onion domains. For the last 15 years tor's version 2 services have been heavily used. But, they're getting a bit long in the tooth and the prefix of the hash of the private key that allows you to control a .onion domain is starting to become feasible for a powerful/rich actor to brute force. And there are security issues re: DoS types that v2 relaying allows.

So naturally the tor project introduced a new tor version, an incompatible one, called version 3. This one won't have issues with brute forcing for a long time since it has a much longer prefix of the hash used and a stronger hash function. Tor v3 was announced in 2017 and generally usable by 2018 or so with depreciation in 2021 announced in 2019.

Depreciation... that usually means, it's suggested not to use it. But that's not what the tor project meant. What they meant is that in Oct 2021 they were going to completely remove all code and support for version 2 .onion resolution from all official tor software. The clients, the relays, everything. Version 2 was to be completely killed off. For Tor, who value security above all else, there was no other option. And so, 15 years or .onion community interlinking, bookmarks, search indices, and communities just disappeared. Sure, some created a new v3 .onion domain and encouraged their users to switch. But the vast majority of .onions did not create new v3.onions to replace them. In fact, they mostly still exist and are still accessible because the relays out there still support v2. And they will until the tor project releases a new version with a consensus flag to block old versions that support v2.

So, version 2 relays are still used. The majority of sites are v2 (despite someone spamming v3 onions right after their creation to make 6 times the number of v2 onions and make it seem like v3 was getting use, v2 traffic is still more). So now people are updating their tor client software, trying to go to a tor onion website, and instead getting a error #0xf6, a generic error saying it's not a valid onion domain.

These users come to #tor on OFTC and ask why they cannot access the tor onion website. And... they won't get an answer beyond "<ggus> S17: probably you're trying to visit a v2 onion site (16 chars). the v2 support was fully removed in Tor Browser 11.". ggus has further declared to me personally that any talk about tor v2 beyond linking to the depreciation blog post will result in a ban. That's right. The tor project IRC chat is censoring discussion directly relevant to tor. Tor censoring. Laughable if the consequences weren't so dire.

They claim that no one uses v2 and that's a lie. They actively try to hide the reasons why users cannot access real tor sites. They're attacking their own userbase. And all in the name of security. Tor v2 doesn't neeed to die. It isn't even dead now, it's still very active. There need not be a single answer to, "Is tor v2 still okay to use?". That's a personal question and top-down forcing and then censorship is definitely the wrong way to address the issue.

[comment on this post] Append "/@say/your message here" to the URL in the location bar and hit enter.

[webmention/pingback] Did you respond to this post? What's the URL?