Everyone starts out not knowing things. And that’s nice, you don’t need to know everything! :) This blog is about a vocabulary term I didn’t know very well about when I was applying for Outreachy.
What are Onion services?
Onion services (formerly known as hidden services) are services that are only accessible through the Tor network. Further, onion site refers exclusively to websites accessible via Tor. For example, the DuckDuckGo onion is https://3g2upl4pq6kufc4m.onion. Every onion service has its own public private key pair and you address them using the public key. There’s no middle man or certificate providing authority who can decide what is to encrytped.
These services use .onion Top Level Domain (TLD) instead of .com, .net, .org, etc that you see in normal sites. The idea behid is that the traffic generated by onion services doesn't ever leave the Tor network, which means they do not have an exit relay! Most onion services use six hops in a circuit.
How to get the Onion address?
Onions are not indexed in search engines so you can’t find them the typical way. The address must be shared with you by the website host.
Onion-Location is a new HTTP header that web sites use to advertise their onion counterpart. If the web site that you’re visiting has an onion site available, a purple suggestion pill will prompt at the URL bar saying “.onion available”. When you click on “.onion available”, the web site will be reloaded and redirected to its onion counterpart.
At this point, I’d like to clear the air : Oninon sevices are NOT controlled by Tor Project. A list of our Onion Services is available at onion.torproject.org
What's the need?
The goal of Tor is to protect meta-data, which contains alot of information.
Onion services allow people to browse but also to publish anonymously. These are also called privacy enhancing technology (PETs). Meaning, you can offer a web server without revealing your IP address to its users. In this way, protection for both the user and the server is acheived.
One of the scenarios where you would need these are Secure drop instances. This is basically a way of interacting in a back-and-forth way with journalists where let's say you got to know a story about some terrible thing the government did and now you want to hand this over to the New York Times or The Washington Post or any other xyz, so that they can write a good article around it but, you want to stay anonymous. News papers like these run onion sites for rescue.
One thing that I’ve been encouraged to do is ask. Mentors and the people of the outreach community are very nice, always willing to help. Sometimes you might run into thoughts like - that’s a simple question, asking this would make me look stupid. That’s completely fine, you should ask those too. I would go around this like - hey, i think xyz works like abc. Did i get it right? Lastly, don’t be nervous because everyone struggles! :D
