No, the .onion top level domain (TLD) is not about parody news, it’s a way of accessing websites that run on the Tor (the onion router) network. The Tor network is an Internet fixture that provides anonymity to users by bouncing connections across a wide network to thwart traffic analysis and surveillance. Tor is free, open source, and exists through the effort of volunteers who want to give anonymity and protection to people who need privacy.
Wednesday, Jacob Appelbaum, computer security researcher and independent journalist, tweeted that .onion had been given special-use domain status by the Internet Assigned Numbers Authority (IANA) at behest of the Internet Engineering Task Force (IEFT) as provided for in a proposed standard.
Special-use domains are domain names classified for specific purposes and are therefore unused by domain registrars or for regular use. For example “localhost,” which should resolve to 127.0.0.1, represents the IP address of the computer using the name. Also in the special-use list are “example.com,” “example.net,” and “example.org,” which are used only in documentation and in testing and are not used for websites. Just visit example.com to understand.
The details of the addition to the special-use domain names appeared on the Facebook Over Tor page, a Facebook (product of Facebook, Inc.) page dedicated to information on accessing Facebook via the Tor network.
By making .onion a special-use domain name the IEFT has enabled SSL certificates, the cryptographic certificates used to secure web connections that start with “https://”, to be issued with that domain. This means it will be easier for Tor domains to use SSL encrypted connections with standard browsers such as Internet Explorer, Chrome, Safari, and Firefox.
“Together, this assures the validity and future availability of SSL certificates,” the Facebook post added, “in order to assert and protect the ownership of Onion sites throughout the whole of the Tor network – including https://www.facebookcorewwwi.onion/ and https://m.facebookcorewwwi.onion/.”
The Hack Angle
As mentioned above, Tor is extremely important for persons who have need of increased security and anonymity. For example, users in countries such as China or Egypt where the government seeks control over communications and mistreats dissidents benefit greatly from counter-surveillance.
“Implementing secure transmissions in any web-based transaction is always welcome,” SiliconANGLE Security Analyst John Casaretto said about the special-use domain name.
As to the assisting with SSL and HTTPS connections, Casaretto added, “The notion of combining domains, assigning certificates, and putting it all together in an anonymous network will be interesting to see how that plays out.”
While Tor anonymizes network activity, making it harder for a snooper to see where packets are coming from or going, it does not secure or encrypt the traffic. Many users of Tor additionally wrap their traffic with a Virtual Private Network (VPN) or additional security. Casaretto believes by making it easier to enable the secure layer for the web (via HTTPS) this is clearly a boon for Tor users.