Arti 1.1.12: Tor’s Rust Implementation Begins Onion Service Testing

By Riley ThompsonTechnology News

Arti 1.1.12: Onion Service Testing Begins in Tor’s Rust Implementation

The developers of the anonymous Tor network have announced the release of Arti 1.1.12, a project developing a Tor client written in Rust. The 1.x branch is marked as suitable for regular users and provides the same level of privacy, usability, and stability as the main C implementation. The code is distributed under the Apache 2.0 and MIT licenses.

Unlike the C implementation, which was originally designed as a SOCKS proxy and later adapted for other needs, Arti is being developed from the start as a modular, embeddable library that can be used by various applications. Additionally, the new project takes into account all previous Tor development experience, helping to avoid known architectural issues and making the project more modular and efficient. Once the Rust code reaches a level where it can fully replace the C version, the developers plan to make Arti the main Tor implementation and discontinue support for the C version.

The main reason for rewriting Tor in Rust is to achieve a higher level of code security by using a language that ensures safe memory management. According to the Tor developers, at least half of all vulnerabilities tracked by the project could be eliminated in the Rust implementation, provided that “unsafe” code blocks are not used. Rust also enables faster development compared to C, thanks to its expressive language features and strict guarantees, which reduce the need for double-checking and writing extra code.

The Arti 1.1.12 release is notable for bringing onion service implementation to the point where it is ready for testing and experimentation. With Arti, users can now not only connect to existing onion services but also create their own onion services. However, some features for privacy and onion service protection—such as client authorization, DoS attack protection, and the “Vanguard” mechanism to prevent Guard node identification—are not yet available. Therefore, this implementation is not currently recommended for production use.

Leave a Reply