A project is in the works to make the Tor Client more adaptable and easier for third parties to use, with some help from Zcash Open Major Grants (ZOMG). With a better code foundation for developers to build on, solutions to existing issues on Tor will be easier for developers to address.
ZOMG announced on Tuesday that it is awarding the privacy-focused Tor Project a $670,000 grant to continue to develop Arti, a Rust coding language implementation of the Tor Client. A client is a hardware or software product that accesses a service made available by a server. Arti should make it simpler for third parties to embed and customize the Tor Client than the current implementation in the C coding language. Rust is a coding language that developers use to create software.
“Arti is a project to make an improved version of Tor that will be more reliable, more secure, and easier for other software to use,” said Nick Mathewson, chief network architect and co-founder of the Tor Project. “We hope that within the next several years, Arti will become the preferred implementation of the Tor protocols.”
In a release announcing the award, ZOMG said that Arti (an acronym for “A Rust Tor Implementation) is a “next generation codebase that will focus on flexibility in embedding, straightforward maintenance, flexible deployment and performance.”
The privacy coin Zcash and the Tor Project both focus on privacy, though in different arenas. Zcash focuses on making financial transactions private, while the Tor Project created the Tor (The Onion Router) browser, which users can download to help protect them against network-level surveillance. The software Tor uses prevents third parties from tracking what websites Tor users visit.
“Thus, [Tor] fits as a “missing piece” of the Zcash privacy story – not only as a communications privacy layer for Zcash, but also for all the other communications tools that Zcash users employ,” Mathewson wrote on a Zcash community forum post.
The birth of Arti
Mathewson said he started Arti as a side project so that he could learn Rust. After a while, he realized that Arti could solve many of Tor’s long-term software issues, and so he decided to try to bring it into production.
“Onion routing has just had its 25th anniversary in May, and although Tor is a great set of privacy tools, the C program “tor” itself (note the lowercase t) is beginning to show its age,” Mathewson said. “We’ve found over the recent years that the complexity of the existing C code, and the fragility of the C language, make it unnecessarily difficult to improve the code while maintaining our security and privacy guarantees.”
Onion routing refers to a technique that allows anonymous communication over a computer network through layers of encryption.
The “C tor” is also tricky to embed in other software, as it began its life as a network proxy,
A proxy server translates traffic between networks or protocols. Think of it as a web filter, separating end users from their destinations.
Mathewson said Rust provides the benefits of a systems programming language (high performance, access to low-level resources, fine-grained control) with the ease-of-use of a modern high-level language.
“Roughly half of Tor’s security issues since 2016 would have been impossible in Rust, and many of the other issues would have been much less likely, based on our informal audit,” he said.
Zcash and Tor
Mathewson, in his initial community forum post, said Arti could help Zcash in the short term and over the long term. In the past, when Zcash had looked into using Tor as a privacy layer, a number of issues arose.
The primary issue is that Tor is difficult to embed. Another is that it doesn’t allow for “fine-grained” control over Tor’s behavior or make it easy to replace pieces of the Tor implementation. And finally, the timeline for delivering improvements to Tor is long and slow because of its legacy code.
“Zcash users will get the benefit of a widely used private communication network and its anti-censorship features; their Zcash traffic will blend in with traffic from millions of other users around the world,” Mathewson said.
The idea here is that while Zcash client Zcashd can support connections over Tor, the user has several extra steps they have to go through to do so. Tor’s network-level surveillance, which focuses on protecting against metadata surveillance and censorship, means that Zcash users who live in countries that censor the internet could in fact use Zcash.
“When you send a Zcash transaction today, you reveal your IP (internet protocol) address to a light wallet server or other nodes on the peer-to-peer network; this applies to virtually all other blockchains,” said Michelle Lai, a member of the ZOMG committee. “This may reduce the utility of Zcash for people who want or need more privacy than the average user. Tor offers protection against this kind of metadata leakage, but it is difficult to embed Tor into Zcash client nodes. Arti will make this much more achievable.”
The funding
The funding will go toward developer salaries as they develop Arti. Mathewson said the goal with this round of funding is to advance Arti to the point where it is ready for general use, testing and embedding.
“After that point, Arti will still have a way to go before it is a feature-complete Tor client, and we are in the process of raising additional funding to cover that work,” he said.