

1.2 Basic Overview of Tor Design and Onion Services These were systems specifically for connecting to a web service, a primary application of Tor’s onion services half a decade later. The first system with at least a research implementation to permit connections to a service without revealing the service’s network location was Rewebber , followed a few years after by Publius . These were all designs without any implementation. Ross Anderson introduced the design for a censorship-resistant Eternity Service the same year we introduced onion routing , which featured the location-hiding placement and retrieval of documents at redundant distributed servers. Another application was a protocol to permit mobile telephony, including per-call billing, without revealing to the local cell tower what phone number is making the call or, to the account provider, where the call is being made from . The sensors and routing infrastructure, however, could not tell which user was sending her location to which server. One application we proposed for reply onions was private location tracking: user location was regularly uploaded to a user’s server, which could then selectively provide access to the user’s location information. At the same time we introduced onion routing we also introduced reply onions, which were designed to allow replies to such connections or to otherwise permit connection to sites with hidden locations . Primary intended uses were for clients to connect to Internet sites with publicly discoverable network locations, such as connecting to ordinary websites, but without revealing to the infrastructure carrying the connection’s traffic, who is visiting which site. We introduced onion routing in the 1990s “to separate identification from routing” for networked communication . I will describe combining and extending protections provided by such conventional mechanisms with the stronger mechanisms of Tor’s onion services in ways that both further improve the security and usability that is currently provided by either alone and that promote broad adoption of more secure site access. The mechanisms for secure site access that we will discuss herein are roughly where certificates and TLS were at the turn of the century. Now this is recognized as fundamental to online commerce, government, and more generally to functioning in many aspects of modern life.

Prior to a decade ago, website access via encrypted and authenticated connections was relatively uncommon.
