When the client receives the signed descriptor, they verify the signature of the descriptor using the public key that is encoded in the onion address. Now the next thing that needs to happen is that the client goes to the distributed hash table from Step 2 and ask for the signed descriptor of SecureDrop's Onion Service.Īct 5: Where the client verify onion address signature In this case, the client has the onion address of SecureDrop and want to visit it, so they connect to the service with Tor Browser. Now let's fast-forward to the point where an actual client wants to visit the service. You find the onion address for the newspaper's SecureDrop from a public website or friend.Īct 4: Where the client introduces itself to the Onion ServiceĪll the previous steps were just set up for the Onion Service so that it's reachable by clients. Say you want to anonymously send some tax fraud data to your local newspaper through its SecureDrop. It uses an anonymized Tor circuit to do this upload so that it does not reveal its location.Īct 3: Where a client wants to visit the Onion Service The Onion Service upload that signed descriptor to a distributed hash table, which is part of the Tor network, so that clients can also get it. The identity private key used here is the private part of the public key that is encoded in the Onion Service address. Now that the introduction points are set up, we need to create a way for clients to be able to find them.įor this reason, the Onion Service assembles an Onion Service descriptor, containing a list of its introduction points (and "authentication keys"), and signs this descriptor with the Onion Service's identity private key. The Onion Service will hide and protect itself behind the Tor network by only allowing access through three introduction points that it connects to through a two-hop Tor circuit.Īct 2: Where the Onion Service publishes its descriptors These circuits are anonymized circuits, so the server does not reveal the service location to the introduction points. Let's imagine that your local newspaper decides to set up an Onion Service (using SecureDrop) to receive anonymous tips.Īs the first step in the protocol, the Onion Service will contact a bunch of Tor relays and ask them to act as its introduction points by establishing long-term circuits to them. Here is a detailed breakdown of how this happens: Act 1: Where the Onion Service sets up its introduction points The Onion Service protocol uses the Tor network so that the client can introduce itself to the service, and then set up a rendezvous point with the service over the Tor network. That's one of the reasons we can achieve the security properties above. This looks weird and random because it's the identity public key of the Onion Service. In particular, an Onion Service's address looks like this: vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion Usually, people connect to an IP address and are done, but how can you connect to something that does not have an IP address? Now the question becomes what kind of protocol is needed to achieve all these properties? They only establish outgoing connections. Onion services don't need open ports because they punch through NAT. This could happen if you are in a university campus, an office, an airport, or pretty much anywhere. Is your network filtered and you can't open ports on your firewall? This is like getting strong SSL/HTTPS for free. Onion service traffic is encrypted from the client to the onion host. Usually, reaching a website does not mean that a man-in-the-middle did not reroute to some other location (e.g. No impersonation is possible, which is generally not the case. When a user visits a particular onion, they know that the content they are seeing can only come from that particular onion. Onion services are an overlay network on top of TCP/IP, so in some sense IP addresses are not even meaningful to Onion Services: they are not even used in the protocol. Location hidingĪn Onion Service's IP address is protected. Onion services offer various privacy and security benefits to their users. Running an Onion Service gives your users all the security of HTTPS with the added privacy benefits of Tor Browser. Onion services are services that can only be accessed over Tor.