The Tor network is a part of the Internet that hides the IP addresses of users. You can access it with the Tor Browser, managed by the Tor Project. You can also set up websites that are only accessible via the Tor network, called onion services.
These Tor-only web addresses end with “.onion,” but otherwise the rest of the address is randomly generated. For example, to access the onion version of the privacy-centric search engine Duck Duck Go, in your Tor Browser (this will not work in a normal browser) you go to https://3g2upl4pq6kufc4m.onion/.
Trying to get human-readable .onion addresses has been an ongoing problem for many years, given the high bar for security. Since ENS is a decentralized naming service that runs as a set of smart-contracts on the Ethereum blockchain, we believe ENS can be helpful tool to solve this problem.
Try It Right Now
- Open the Tor Browser. If you don’t already have it, you can download it here.
- Enable the Ethereum browser extension MetaMask. You can get it in the Firefox add-on store (Tor Browser is Firefox-based).
- Enter the following example ENS name into the address bar and hit Enter: duckduckgotor.eth (I set this up recently to show off the new capability)
- Wait a few seconds while ENS, Metamask, and the Tor Browser do their magic, and… voilà, you should be seeing the onion version of Duck Duck Go!
How it Works
Here’s what’s going on to make this work:
- After you enter duckduckgotor.eth in the address bar of the Tor Browser, MetaMask recognizes that duckduckgotor.eth is an ENS name and so prevents the browser from treating it as a search or normal DNS name.
- MetaMask does a look-up on ENS on Ethereum, grabbing the .onion address for Duck Duck Go in the “Content” field (the same field that also accepts IPFS and Swarm hashes) in the ENS record for duckduckgotor.eth and returning it to the address bar in the Tor Browser.
- Since what is returned is a .onion address, the Tor Browser then navigates to the onion website at that address.
How to Set Up Your Own ENS Name to Resolve to a .Onion Address
Setting up an ENS name to resolve to a .onion address in the Tor Browser is very simple.
Second, you set up your ENS record. You can do this with our Manager in an Ethereum-enabled browser and some ETH.
Set the Resolver to the “Public Resolver” (our standard ENS record set). Then set a “Content” record that says “onion://[insert .onion address without the .onion ending]”. Once your transactions to set this record are confirmed, you are good to go. If you already own some ETH, the whole process should only take a few minutes.
Just open up the Tor Browser with MetaMask enabled, type in your ENS name, and it should immediately be ready to resolve to the .onion address you put in the record.
If you’re using Tor and an onion version of Duck Duck Go, security is likely a high priority for you. So how secure is this setup?
We will be publishing a separate blog post soon that addresses this question in greater depth than we can here. In the meantime, be careful using this setup with anything too sensitive until we’re able to explain the security tradeoffs.
Who Built It
This new functionality did not come from the ENS team. It started off as a project called sTorgate at the ETHGlobal hackathon ETHNewYork in May of this year, by team members Alessandro Ricottone, Jeremy Macaluso, You Song Hou, and Luis Carbajal. Yes, this is a hackathon success story!
We were anxious to get the meat of this project into production, so Ricottone put together the necessary pull requests for the various open source projects to make this work and, after several weeks of patient waiting and prodding, they finally all got accepted.
A big thank you to the whole sTorgate team, but especially Ricottone for making this happen!