Tor Project Modernization: Rust Rewrite and Network Enhancements

The Tor Project is currently in the midst of a profound transformation, undertaking a comprehensive modernization effort that promises to redefine the landscape of online anonymity and censorship circumvention. This ambitious initiative, encompassing a complete rewrite of its foundational codebase into Rust, alongside continuous network enhancements and new application releases, underscores a steadfast commitment to delivering a more secure, resilient, and accessible private browsing experience for millions globally. The culmination of these efforts, particularly the progression of Arti—the Rust implementation of Tor—signifies a pivotal moment in the project’s 24-year history, directly addressing legacy vulnerabilities and paving the way for future innovations in digital freedom.

Arti: A Rust-Powered Revolution for Enhanced Security and Performance

At the heart of the Tor Project’s modernization lies Arti, a ground-up rewrite of the original 23-year-old C codebase into the memory-safe Rust programming language. This monumental undertaking is primarily driven by security concerns, aiming to eliminate two decades of technical debt and a long history of vulnerabilities inherent in C, such as buffer overflows, use-after-free bugs, and memory corruption issues.

Rust’s inherent memory safety guarantees prevent entire classes of bugs that have historically plagued C implementations. This doesn’t mean Arti will be bug-free, but it significantly reduces the likelihood of critical memory-related vulnerabilities that can be exploited for deanonymization. The Tor Project has approached this rewrite meticulously, emphasizing that Arti “eliminates one category of vulnerabilities while introducing new development velocity” rather than serving as a panacea for all security problems.

Recent strides in Arti’s development highlight its rapid maturation:

• Arti 2.0.0, released on February 2, 2026, marked a significant milestone, bringing major improvements to relay and directory authority functionality.
• Arti 2.1.0 followed on March 3, 2026, further advancing relay and Remote Procedure Call (RPC) development.
• The latest release, Arti 2.2.0, on March 31, 2026, introduces robust support for HTTP CONNECT as an alternative to SOCKS for connecting to the Tor network, a feature now enabled by default in full builds. This release also enhances the RPC client library (`arti-rpc-client-core`) with non-blocking requests and application event loop integration, alongside a new “superuser” facility for administrative access. Crucially, Arti 2.2.0 also patched a low-severity security issue (TROVE-2026-005) that could weaken DoS resistance in certain embedded configurations.

Beyond memory safety, Arti’s modular design in Rust offers substantial benefits. It improves maintainability, performance, and flexibility, making it easier for other applications to integrate Tor’s anonymity protocols. This modularity is a stark contrast to the less-modular design of the C implementation, which often hindered analysis and safe improvements. The rewrite also allows for the implementation of security features previously deemed too risky in C, such as experimental support for onion service operator key migration in Arti 1.8.0, which ensures cryptographic keys can be moved securely without exposure.

Bolstering the Network: Counter-Censorship and Onion Service Resilience

Alongside the codebase rewrite, the Tor Project is making significant strides in strengthening the underlying network’s resilience against attacks and enhancing censorship circumvention capabilities. A critical development in this area is the ongoing implementation of Counter Galois Onion (CGO).

CGO is a new, modern relay encryption algorithm designed to replace the older `tor1` algorithm, offering improved security for circuit traffic. Its primary advantages include:

• Non-malleability: CGO employs wide-block encryption and tag chaining, making any modification to a cell or future cells unrecoverable, thereby blocking tagging attacks.
• Forward Secrecy: Keys are updated after every cell, meaning that even if current keys are compromised, past traffic cannot be decrypted.
• Stronger Authentication: SHA-1 is removed, and CGO utilizes a robust 16-byte authenticator, significantly improving tamper detection compared to the previous 4-byte digest.
• Circuit Integrity: Encrypted tags and nonces are chained across cells, ensuring that each cell’s integrity is dependent on all previous cells.

This encryption upgrade directly addresses long-standing vulnerabilities like tagging attacks, where an attacker controlling multiple relays could subtly alter data to link a user’s activity. The integration of CGO is underway in both the C Tor implementation and Arti, with experimental support already present in Arti, and plans to enable it by default after thorough testing. Work is also being done to extend CGO support to onion services, further enhancing their security.

Efforts are also concentrated on making onion services more widely accessible for anonymous information publishing and reaching censored regions. This includes initiatives like OnionSpray, a plug-and-play toolkit launched in 2024 to simplify converting existing websites into .onion domains. Arti itself supports Vanguards, a defense mechanism against guard discovery attacks targeting onion services and clients, first introduced in 2018.

Expanding Reach: Tor Browser, Tails OS, and the Android VPN App

The Tor Project’s commitment to user anonymity and censorship circumvention is also evident in the continuous development and release of its user-facing applications. Recent releases demonstrate a focus on refining existing tools and venturing into new platforms.

Tor Browser Updates

Tor Browser remains the flagship tool for accessing the Tor network. The project consistently releases new versions, incorporating security updates and new features. Most recently, Tor Browser 16.0a5 was released on April 1, 2026. This alpha version, now based on Firefox’s betas, includes important security updates to Firefox and updated components like NoScript to 13.6.14.90101984 and Tor to 0.4.9.6.

Users are reminded that alpha releases are for testing and may contain bugs affecting usability, security, and privacy, making them unsuitable for high-risk users. The project aims to provide quicker access to new Mozilla features, allowing testers to evaluate their interaction with Tor’s privacy and security patches over a longer development period.

The stable release channel also sees continuous updates, with Tor Browser 15.0.8 released on March 24, 2026, and Tor Browser 15.0.9 on April 7, 2026, fixing important security vulnerabilities.

Tails OS Enhancements

Tails (The Amnesic Incognito Live System) is a Debian-based live operating system designed for privacy and anonymity, routing all internet traffic through Tor. The recent release of Tails 7.6 on March 26, 2026, introduced several key enhancements:

• Automatic Tor Bridges: A significant new feature allows the Tor Connection assistant to detect when direct access to Tor is blocked and automatically request bridges suited to the user’s region. This utilizes the Tor Project’s Moat API and domain fronting to disguise the connection, closing a long-standing gap in Tails’ censorship-circumvention capabilities.
• GNOME Secrets: Tails 7.6 replaced KeePassXC with the GNOME Secrets password manager as the default credential storage tool. Secrets offers a simpler interface and better integration with the GNOME desktop, restoring accessibility features like the on-screen keyboard and cursor scaling. Existing KeePassXC databases are compatible, ensuring a smooth transition for users.
• Updated Components: The release also included updates to Electrum (from 4.5.8 to 4.7.0), Tor Browser (to 15.0.8), Thunderbird (to 140.8.0), and various firmware packages for improved hardware support.

An emergency release, Tails 7.6.1, was quickly issued on April 8, 2026, to address important security vulnerabilities in Tor Browser, underscoring the project’s rapid response to potential threats.

The Beta Android VPN App

In a strategic move to extend anonymity to a wider range of mobile traffic, the Tor Project has quietly launched a beta Android VPN app. This experimental application allows users to route app-level traffic through the Tor network, representing the organization’s first mobile VPN.

Key features of the Tor VPN Beta include:

• Network-level privacy: It masks the user’s real IP address and location from apps and services.
• Per-app routing: Users can select specific Android applications to route through Tor, with each app assigned its own Tor circuit and exit IP. This design aims to prevent traffic correlation between different applications.
• Censorship avoidance: It enables access to content blocked in certain regions or networks.
• Support for onion services: The app can connect to .onion domains, similar to Tor Browser.
• Built on Arti: The VPN utilizes Tor’s next-generation Rust implementation, leveraging its safer memory handling and modern code architecture.

The project emphasizes that this beta release is experimental and not yet suitable for high-risk users or sensitive activities due to potential information leaks and expected bugs. Its primary purpose is to gather public testing and feedback to shape the future of mobile privacy.

The Path Ahead: Security, Sustainability, and the Future of Digital Rights

The overarching Tor Project modernization is not merely a technical overhaul; it’s a strategic repositioning to ensure the continued viability and effectiveness of anonymous communication in an increasingly surveilled and censored digital world. The shift to Rust with Arti represents a significant investment in long-term security and development velocity, preventing future memory safety bugs and allowing for more robust security feature implementation.

Ongoing code audits, such as those conducted by 7ASecurity in 2025, regularly assess the security of Tor’s tools and infrastructure, identifying vulnerabilities and recommending hardening measures. This commitment to continuous security scrutiny is vital for maintaining user trust.

The Tor Project also recognizes the crucial role of its community and sponsors. While a significant portion of its funding comes from individual donors, partnerships with organizations like Mullvad contribute substantially to its budget. The project actively encourages community engagement, from testing beta software to advocating for digital rights.

As the digital landscape evolves, so too do the challenges to privacy and freedom of information. The Tor Project’s relentless pursuit of innovation through Arti, CGO, and enhanced user-facing applications demonstrates its unwavering dedication to providing powerful, accessible tools for a freer and more open internet. This ongoing modernization is a testament to the idea that safeguarding digital rights in 2026 and beyond will indeed “take all of us”.