Tor 0.4.8 Stable Release: Key Features and Updates

By Riley ThompsonTechnology News

Tor 0.4.8 Stable Branch Released

The Tor Project has announced the release of Tor 0.4.8.4, the toolkit used to operate the anonymous Tor network. Version 0.4.8.4 is the first stable release in the 0.4.8 branch, which has been in development for the past 15 months. The 0.4.8 branch will be supported according to the standard maintenance cycle—updates will end either 9 months after release or 3 months after the 0.4.9.x branch is launched.

Main Changes in the New Branch

  • Conflux Traffic Splitting Protocol: The new Conflux protocol increases bandwidth and connection reliability by splitting traffic to the exit node into two streams, each routed through different node chains. Pairs of conflux circuits are selected from a pre-built pool; if the pool is exhausted, Tor reverts to using standard circuits. When sending data to the exit node, the circuit with the lowest latency is chosen. To further boost bandwidth, outgoing data is multiplexed and distributed across both channels. Clients can also switch to a low-latency mode, where the channel with the lowest delay is used for incoming data. 
    Primary Circuit (lower RTT)
   +-------+      +--------+
   |Guard 1|----->|Middle 1|----------+
   +---^---+      +--------+          |
+-----+      |                           +--v---+
| OP  +------+                           | Exit |--> ...
+-----+      |                           +--^---+
   +---v---+      +--------+          |
   |Guard 2|----->|Middle 2|----------+
   +-------+      +--------+
Secondary Circuit (higher RTT)
  • New DoS Protection for Onion Services: A new method protects onion services from DoS attacks using proof-of-work (PoW). Clients must solve a computational task to receive priority service. The task is easy to verify but resource-intensive to solve, with difficulty adjusted dynamically based on traffic volume. Initially, solving the task takes 5–30 ms on a typical computer—unnoticeable for real users. During heavy attack traffic, the difficulty increases and solving may take up to a minute, making automated attacks much harder. Traditional rate-limiting by IP address is ineffective for onion services due to Tor’s privacy features. The PoW approach helps prevent service disruption from mass fake connections. New “HiddenServicePoW” options have been added to torrc for configuration, but are disabled by default.
  • Additional DoS Protections: Enhanced protection against DoS attacks targeting partially open channels and known relays.
  • Improved Directory Authority Handling: Directory authorities and relays now properly interact with directory servers that have changed their IP addresses. Previously, nodes would continue sending data to the old address listed in the configuration file, even after the network consensus indicated an address change.
  • IPv6 Relay Selection: The ClientUseIPv6 setting is now enabled by default, allowing clients to select relays with IPv6 addresses.
  • Build and Compatibility Fixes: Issues with building on DragonFlyBSD, FreeBSD, OpenBSD, and NetBSD have been resolved, and compatibility with LibreSSL 3.5+ has been improved.
  • Automatic Restart for Pluggable Transports: Processes implementing pluggable transports now automatically restart after they exit.

Leave a Reply