Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Tor to Reject End-of-Life Relays by Default

Starting with its next stable release, Tor (The Onion Router) browser will reject End-Of-Life relays by default, the Tor Project has announced.

Starting with its next stable release, Tor (The Onion Router) browser will reject End-Of-Life relays by default, the Tor Project has announced.

There are over 6,000 relays in the Tor network at the moment, some running software released going all the way back to the 0.2.4.x series, released on December 10, 2013. There are also 85 different Tor versions in use by relays today.

The decision to reject End-Of-Life relays was driven by the fact that they have a negative impact on the network, mainly affecting its stability and security, but also preventing the rollout of new features.

“One example is the Denial of Service defenses that we rolled out at the start of 2018 as an emergency reaction to a large scale attack on the network. Unfortunately, that defense is only available for relays running supported versions,” Tor says.

The Tor circuit padding defense, which was introduced in version 0.4.1.x to better hide client onion service requests from network observers, was also impacted, and it would only work for circuits that have a 0.4.1.x (or later) relay as their middle hop.

Moreover, a bug in the 0.3.2.x series causes some out-of-date relays to increase latency and add overall network load.

Thus, Tor has decided to remove End-Of-Life relays from the network, and has already taken steps to contact relay operators with valid ContactInfo fields to ask them to upgrade. The Tor relay community was informed on this change in early September.

At the moment, the End-Of-Life relays make up around 12% of the total bandwidth, or roughly 750 relays. Only 62 are exit relays, with only 1.68% of the total exit traffic going through them.

Advertisement. Scroll to continue reading.

“We expect a minor impact on the size of the network, and a small drop in the Metrics graph,” Tor says.

Starting this week, the 9 directory authorities will begin to refuse End-Of-Life relays.

Expected sometime in November, the next stable Tor release will reject End-Of-Life relays by default, but, until then, the Tor Project plans on rejecting around 800 obsolete relays based on their fingerprints.

Obsolete bridges will only be rejected later this year, after the Tor software change is deployed.

Relay operators will be able to re-join the network upon upgrading to a version that is still supported. Those who upgrade will be able to keep their relay keys by emailing the bad relay list to ask them to stop rejecting their fingerprint.

“Support from relay operators is essential to keep the network healthy. Operators must keep their relays and machines up to date. Relays are the backbone of all software that relies on Tor, and each operator helps immensely in providing people with privacy and freedom online around the world. We cannot thank them enough,” the Tor Project notes.

Related: Tor Raises $86K to Smash Bugs

Related: Attacking Tor: What it Takes to Disrupt the Popular Onion Routing Network

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...