Tor Is Upping Its Game: The World’s Most Notorious Browser Introduces New Defense Against DDoS Attacks

Tor is the world’s most famous and notorious dark web browser, hailed for protecting user anonymity. With its latest release, Tor is implementing a new defense mechanism to head off cyber attacks and prevent outages from impacting the user experience. But does that make Tor a safe option for dark web access?

What is Tor, and why should analysts and investigators care about this update?

Tor is an anonymized browser that lets you access the dark web without revealing your identity. For anyone working on dark web research or investigations, including law enforcement analysts and investigators, Tor is a key tool for open source dark web data collection.

Tor recently enhanced their services by introducing a Proof-of-Work (PoW) defense mechanism with Tor version 0.4.8.4 that mitigates Distributed Denial-of-Service (DDoS) attacks. This update will make Tor less susceptible to downtimes and breaches, providing a more reliable and secure service to users.

Warning: While Tor might hide your identity, it doesn’t protect you from things like phishing, malware, or traffic analysis attacks. Stay safe by using a secure virtual machine like DarkPursuit, which firewalls your personal and professional information while you access the live dark web.

How PoW impacts users

This PoW mechanism mostly remains dormant and is only triggered when Tor detects heavy traffic or a DDoS attempt. DDoS cyber attacks consist of a large number of compromised devices (often spread across the world) flooding a target server or network to cause outages and sometimes illegally access data. If Tor detects this kind of activity, it activates the PoW defense, which works by requiring clients (devices or apps attempting to access a server or network) to solve lightweight computational puzzles before accessing Tor services. As traffic increases, the puzzles get more difficult, requiring additional computational effort to solve.

In other words, when PoW is activated, any time you try to access a site on Tor, your computer will be asked to solve a small puzzle in the background. This is not a problem for the average user, who is only making a few requests at a time and whose device has ample capacity to solve the puzzles. Users may notice a small delay (between 5 and 30 milliseconds) when the network is under stress.

However, these increasingly difficult puzzles are a huge problem for the DDoS devices, which must waste a high amount of computational energy on them, meaning that sustaining the DDoS attack will have diminishing returns. The end result is that real people can continue using the service with almost no negative effect, while attackers are successfully repelled.

Understanding the benefits of PoW

The PoW defense offers a few key benefits:

DDoS attack deterrence: By making attacks more costly, it discourages malicious actors.
Improved network performance: Reducing DDoS attacks means the network stays faster and more reliable for real users.
Enhanced security: PoW addresses past DDoS issues and helps make onion services more secure.

Conclusion: Even with safer updates, a virtualized browser is best

The introduction of the Proof-of-Work defense in Tor version 0.4.8.4 marks a significant advancement in securing onion services against DDoS attacks. By integrating this feature at the protocol level, the Tor Project ensures robust, network-wide protection while maintaining its commitment to privacy and anonymity.

But even with the PoW update, Tor is far from safe. Running Tor directly on your computer might help you stay anonymous, but you’re still at risk of exposure from phishing and malware. Clicking one wrong link could give criminals access to all the information on your machine.

That’s why it’s important to always access Tor from within a virtualized environment. This ensures that a mis-click or unsecure downloaded file will have no impact on your personal computer or information. Consider using DarkPursuit, a managed attribution tool within the DarkBlue Intelligence Suite, for secure and anonymous access to the open and dark web. Take advantage of tools to scrape data, securely download files, blur images, and spoof your location. While improvements in cyber security are important to staying safe, a vigilant user is the best defense of all.

Want more insights from DarkBlue? Subscribe to our newsletter for blog posts, intel, webinars, and more.