The challenges¶
About¶
- What: The Onion Plan is an applied research to help and facilitate Onion Services improvement.
- Why: discussions often gets easily dispersed and buried; there's a need to keep track of many options and how to translate those into funding projects.
- How: collecting and analyzing proposals; building roadmap scenarios.
- Who: it's a multi-team effort and everyone can collaborate. Currently it's happening mostly on Community and Network teams.
- When: discussions on Onion Service improvements happens for years and years; we started organizing it during 2022.
Objectives¶
Imagine a communication technology that has:
- Built-in resistance against surveillance, censorship and denial of service.
- Built-in end-to-end encryption.
- A huge address space (maybe bigger than IPv6) without allocation authority.
- Support for multiple, pluggable naming systems.
- And that also works as an anonymization layer.
What is still missing?¶
While some of these properties are already implemented for Tor Onion Services, there are still some building blocks and enhancements still missing:
- Pluggable discoverability (multiple naming systems).
- Many other enhancements in usability and tooling.
The rest of this research deals with how to get these in place!
Current context¶
As of September 2023,
- The usability improvements of Onion Services still presents outstanding challenges that are being discussed for years. Now that the protocol v3 is successfully deployed, it's a good time to think in the roadmap scenarios for the next steps.
- There's a common feeling similar to when the privacy-aware internet was moving from HTTP to HTTPS, but now with Onion Services! Perhaps not in the same scale, but still related in terms of scope.
- For some desired features, the roadmap seems to be stalled, not only for the lack of developers but also because we're missing a "perfect" solution that we never (and may never) find.
- Now there's an Onion Service Working Group at Tor, which takes care of converging Onion Service development happening on multiple teams.
- In terms of governance, Tor cannot be responsible for things like domain issuance: it cannot be authoritative (Tor just makes the software, don't run the network and cannot issue Onion Names) and it's a non-profit (cannot have a revenue out of Onion Names issuance), which makes even harder to decide who else could be responsible (or finding solutions that do not rely on any authoritative instance) for it and how development could be sustained.
- Part of The Onion Plan was incorporated into Tor's Strategic Plan for 2023:
- Goal 2 (product) - Objective 2 (any person on the planet be able to use Tor
to access any online service):
- Key Result 1 - Health of onion services its improved, onion names plan draft is concluded.
- Goal 2 (product) - Objective 2 (any person on the planet be able to use Tor
to access any online service):
Converging the planning, the fundraising strategy and an adoption campaign can help put things moving forward again.