Millions of people around the world use Tor every day to protect themselves from surveillance and censorship. While most people use Tor to reach ordinary websites more safely, a tiny fraction of Tor traffic makes up what overhyped journalists like to call the "dark web". Tor onion services (formerly known as Tor hidden services) let people run Internet services such as websites in a way where both the service and the people reaching it can get stronger security and privacy.
I wrote the original onion service code as a toy example in 2004, and it sure is showing its age. In particular, mistakes in the original protocol are now being actively exploited by fear-mongering "threat intelligence" companies to build lists of onion services even when the service operators thought they would stay under the radar.
These design flaws are a problem because people rely on onion services for many cool use cases, like metadata-free chat and file sharing, safe interaction between journalists and their sources, safe software updates, and more secure ways to reach popular websites like Facebook.
In this talk I'll present our new and improved onion service design, which provides stronger security and better scalability. I'll also publish a new release of the Tor software that lets people use the new design.