Servizi Onion

If you cannot reach the onion service you desire, make sure that you have entered the 56-character onion address correctly; even a small mistake will stop Tor Browser from being able to reach the site. Se non sei ancora in grado di connetterti al servizio onion, per favore riprova più tardi. Potrebbe esserci un problema temporaneo di connessione, o gli operatori del sito potrebbero averlo messo offline senza avviso.

You can also ensure that you're able to access other onion services by connecting to DuckDuckGo's onion service.

How do I know if I'm using v2 or v3 onion services?

You can identify v3 onion addresses by their 56 character length, e.g. Tor Project's v2 address:http://expyuzz4wqqyqhjn.onion/, and Tor Project's v3 address: http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/

If you're an onion service administrator, you must upgrade to v3 onion services as soon as possible. If you're a user, please ensure that you update your bookmarks to the website's v3 onion addresses.

What is the timeline for the v2 deprecation?

In September 2020, Tor started warning onion service operators and clients that v2 will be deprecated and obsolete in version 0.4.6. Tor Browser started warning users in June, 2021.

In July 2021, 0.4.6 Tor will no longer support v2 and support will be removed from the code base.

In October 2021, we will release new Tor client stable versions for all supported series that will disable v2.

You can read more in the Tor Project's blog post Onion Service version 2 deprecation timeline.

Can I keep using my v2 onion address? Can I access my v2 onion after September? Is this a backward-incompatible change?

V2 onion addresses are fundamentally insecure. If you have a v2 onion, we recommend you migrate now. This is a backward incompatible change: v2 onion services will not be reachable after September 2021.

What is the recommendation for developers to migrate? Any tips on how to spread the new v3 addresses to people?

In torrc, to create a version 3 address, you simply need to create a new service just as you did your v2 service, with these two lines:

HiddenServiceDir /full/path/to/your/new/v3/directory/
HiddenServicePort <virtual port> <target-address>:<target-port>

The default version is now set to 3 so you don't need to explicitly set it. Restart tor, and look on your directory for the new address. If you wish to keep running your version 2 service until it is deprecated to provide a transition path to your users, add this line to the configuration block of your version 2 service:

HiddenServiceVersion 2

This will allow you to identify in your configuration file which one is which version.

If you have Onion-Location configured on your website, you need to set the header with your new v3 address. For technical documentation about running onion services, please read the Onion Services page in our Community portal.

I didn't see the announcement, can I get more time to migrate?

No, v2 onion connections will start failing nowish, first slowly, then suddenly. It's time to move away.

Will services start failing to be reached in September, or before already?

Already, introduction points are not in Tor 0.4.6 anymore, so they will not be reachable if relay operators update.

As a website administrator, can I redirect users from my v2 onion to v3?

Yes, it will work until the v2 onion address is unreachable. You may want to encourage users to update their bookmarks.

Are v3 onion services going to help in mitigating DDoS problems?

Yes, we are continuously working on improving onion services security. Some of the work we have in our roadmap is ESTABLISH_INTRO Cell DoS Defense Extension, Res tokens: Anonymous Credentials for Onion Service DoS Resilience, and A First Take at PoW Over Introduction Circuits. For an overview about these proposals, read the detailed blog post How to stop the onion denial (of service).

Durante la navigazione di un Servizio Onion, Tor Browser visualizza diverse icone di cipolla nella barra degli indirizzi che indicano la sicurezza della pagina Web corrente.

Image of an onion Una cipolla significa:

  • The Onion Service is served over HTTP, or HTTPS with a CA-Issued certificate.
  • The Onion Service is served over HTTPS with a Self-Signed certificate.

Image of an onion with a red slash Una cipolla con uno slash rosso significa:

  • Il Servizio Onion è servito con uno script da un URL insicuro.

Image of an onion with a caution sign Un onion con un simbolo di pericolo significa:

  • The Onion Service is served over HTTPS with an expired Certificate.
  • The Onion Service is served over HTTPS with a wrong Domain.
  • The Onion Service is served with a mixed form over an insecure URL.

Onion-Location is a HTTP header that web sites can use to advertise their onion counterpart. If the web site that you're visiting has an onion site available, a purple suggestion pill will prompt at the URL bar saying ".onion available". Quando tu clicchi su ".onion disponibile", il sito web sarà ricaricato e reindirizzato alla sua parte onion. In questo momento, Onion-Location è disponibile per Tor Browser desktop (Windows, macOS e GNU/Linux). You can learn more about Onion-Location in the Tor Browser Manual. If you're an onion service operator, learn how to configure Onion-Location in your onion site.

I servizi onion permettono alle persone di navigare ma anche di pubblicare in modo anonimo, includendo anche la pubblicazione di siti web anonimi.

I servizi onion sono anche utilizzati per la condivisione di file e chat senza metadati, interazioni più sicure tra giornalisti e le loro fonti come con SecureDrop o OnionShare, aggiornamenti software più sicuri e modi più sicuri per raggiungere siti Web popolari come Facebook.

Questi servizi utilizzano il dominio di primo livello ad uso speciale (TLD) .onion (anziché .com, .net, .org, ecc.) e sono accessibili solo attraverso la rete Tor.

Icona onion

Quando si accede ad un sito che usa un servizio onion, Tor Browser mostrerà nella barra degli URL un'icona di una piccola cipolla verde che indica lo stato della tua connessione: sicuro e con un servizio onion.

To learn more about onion services, read How do Onion Services work?

An authenticated onion service is an onion service that requires you to provide an authentication token (in this case, a private key) before accessing the service. The private key is not transmitted to the service, and it's only used to decrypt its descriptor locally. You can get the access credentials from the onion service operator. Reach out to the operator and request access. Learn more about how to use onion authentication in Tor Browser. If you want to create an onion service with client authentication, please see the Client Authorization section in the Community portal.

I siti internet che sono accessibili soltanto tramite Tor sono chiamati "onion" e finiscono con il dominio di primo livello .onion. For example, the DuckDuckGo onion is https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/. Puoi accedere a questi siti internet utilizzando Tor Browser. L'indirizzo deve esserti fornito da chi ospita il sito internet, in quanto gli onion non sono indicizzati nei motori di ricerca contrariamente a quanto accade con i normali siti internet.