pull down to refresh

Tor Hidden Services


For a user to communicate with a hidden service, a connection that is made of two circuits must be established: one from the user to a rendezvous point (RP) and one from the hidden service to the RP. Therefore, the path between the user and HS consists of six OR: three for the first circuit and three for the second. This access to the HS (dark web) requires twice as many nodes are required as those required to make a circuit to a site outside the Tor network (Surface web).
We depict the process followed to establish a connection between a client and a HS/OS. This process could be divided into two phases. The first phase is the setup of the HS and its announcement (steps 1–3). Then, in The second phase, once the service is announced, some clients could be interested in it and will access it (steps 4–11).

The first phase

  1. To set up the HS, the service picks up some relays and establishes long-term circuits to them. With these circuits, the service asks them to become introduction points (IP) by sending them its public key.
  2. Next, the service creates an onion service descriptor (OSD) and uploads it to the directory, which is a distributed hash table. The OSD is signed by the service and contains its public key and a list with information about the introduction points chosen.
  3. Finally, the service publishes its onion service address (an address finished in .onion, which in version 2 of the protocol has 16 characters and in version 3 has 56) to a (dark) web page, in a blog, by sending it via email, etc.

The second phase

  1. Once a user knows the onion address, he can start the process of accessing the HS.
  2. For this purpose, he creates a circuit to the directory and obtains the OSD corresponding to the onion address. He verifies the OSD using the public key encoded in the onion address.
  3. When successfully verified, he establishes a circuit to a relay, asking that it behave as a rendezvous point. He provides a one-time secret named a cookie to the RP.
  4. Next, he establishes a circuit to an IP of the service and passes it the cookie and the RP address.
  5. Then, the IP forwards this information to the HS.
  6. The HS builds a circuit to the RP and sends the cookie.
  7. If the cookie matches with the cookie sent by the client, the RP notifies her that the connection was successfully established.
  8. Finally, the connection between the client and HS is established and they can exchange information.
To use the Tor network to conceal one’s IP when accessing the surface web or for accessing HS (Dark web), users can install TorBrowser, which contains a customised version of Firefox, which connects to the Tor network and does not store browsing history; cookies are stored only for a session; it prevents browser fingerprinting; and includes some plug-ins to improve user’s privacy when surfing the (dark) web, such as HTTPS Everywhere and NoScript.
It is important to point out that to preserve our privacy on the web, it is not enough to hide our IP address; we must consider other mechanisms can be used to track us when surfing on the web such as cookies, Javascript, CSS, etc.