6

Many websites offer both standard domains that you can access through any browser and onion addresses only accessible via Tor.

I wonder what is the privacy advantage (if any) for the end user when connecting to a website using an onion address over using a regular address with Tor.

For example, is it any better (using Tor Browser in both cases) to connect to https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion instead of https://duckduckgo.com.

user253751
  • 3,885
  • 3
  • 19
  • 15
gracjan
  • 221
  • 7

2 Answers2

4

See this for the advantages of hidden services and how the protocol works.

When not using hidden services, Tor just functions as an encrypted proxy (because there is an "exit node" to access the clearnet), while using the .onion urls, you get:

  • To use a rendezvous point (here's another description of the protocol as an explanation)
  • NAT punchthrough. Onion services only establish outgoing connections and don't require open ports.
  • End-to-end authentication - hidden services are not vulnerable to DNS spoofing attacks and you know the HS you request is that which you will get
belkarx
  • 1,207
  • 2
  • 18
3

When accessing a site by a standard domain name (such as https://duckduckgo.com) through https over TOR - your connection is routed through a TOR exit node which makes a connection to the site's server (see diagram). This means that the exit node is in a position to attempt a man-in-the-middle (MITM) attack on the https connection to the site.

In order to prevent MITM attacks, https relies on certificates (and therefore, certificate authorities) to verify a site's authenticity. While rare, there have been cases where certificate authorities have issued fraudulent certificates for sites (see If an adversary took over a major Certificate Authority, what bad things could they do? for more info).

On the other hand, when accessing a site through TOR using the site's onion address (such as https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion), you do not need to rely on a CA to provide authenticity. This is because the site's onion address contains the sites's public key. See https://community.torproject.org/onion-services/overview/ for more info.

Any secure protocol must provide three basic ingredients - confidentiality, integrity, and authenticity. https does a fairly good job at providing confidentiality and integrity - but we must trust third-party CA's to provide authenticity. TOR's onion routing protocol eliminates the need for us to rely on CA's by encoding the site's public identity key in the onion address. So, we have positive way of verifying the site's authenticity without trusting CA's - at the expense of less user-friendly, squirrelly-looking addresses.

mti2935
  • 19,868
  • 2
  • 45
  • 64