Update: Arti 1.1.12 is released: Now you can test onion services! | The Tor Project
4 Likes
We’ve reached our first milestone! Details here: Arti 1.2.0 is released: onion services development | The Tor Project
Update: Arti 1.2.1 is released: onion services development | The Tor Project
Update: Arti 1.2.2 is released: onion services development | The Tor Project
Hello!
We are happy to update you on the status of our Arti project, which you
have generously sponsored for most of its lifetime.
Arti is making a lot of progress, and we are getting towards our goals,
but we have also had a few hick-ups along the way that we want to
describe in this update. I am going to go over each milestone and give
estimates for the remainder of the work in this grant.
Milestone #1: Version 1.2.0
This milestone was about delivering support for both Client and Service
Access for the Tor network’s Onion Services/Hidden Services feature.
This is entirely completed and allows users to build native Rust
applications with Onion Services exposed and reach Onion Services from
the client layer.
Our community has contributed to testing here. People have successfully
been running Arti to access remote services such as SSH, using Arti on
both the service and client sides.
Our VPN project (a separate grant used for dogfooding on the Arti APIs
internally before Tor Browser adoption) also uses this feature.
We consider this work finalized.
Milestone #2: Version 2.0.0
The defined goals for this deliverable are:
- Parity with C tor client: all relevant non-deprecated C Tor client
features are present. - Full embedding support: Arti exposes a set of APIs that are sufficient
for developing applications that use it in Rust and non-rust
languages.
Our team has focused on supporting the relevant features needed for
builing applications such as Tor Browser and our ongoing VPN project. We
believe we have implemented the needed features to use Arti to build
more powerful user applications and experiences than what was ever
possible with the C Tor implementation.
Regarding embedding, this is an area we are a bit behind on. The team
has worked with our external and internal community at the beginning of
2023 to prepare for this feature. The product of this is an RPC layer
that will allow both Rust clients that need out-of-process communication
with an external Arti process (such as on mobile devices with a global
Arti daemon provided by a platform service like a VPN) as well as
applications written in other languages than Rust that wish to
communicate and utilize Arti without having to switch languages.
The RPC layer uses a wire protocol that will allow communication over
remote layers (such as TCP) and local layers (such as Unix domain
sockets). It will also contain a data plane to allow developers to build
applications that use Arti’s internal socket representation to build
applications that do not need to access Tor via a SOCKS proxy port, as
it has with the reference implementation of Tor.
Once the RPC layer is finished, Arti will enter the 2.x.x version range.
We expect to wrap up this project with embedability and RPC access by
February 1st, 2025. During this time, our team will work in parallel on
our other deliverables for moving Arti to have relay support.
Milestone #3: Protection against guard discovery attacks
The defined goal for this deliverable:
- Vanguard design for protection against guard discovery attacks is implemented in Arti.
This work was completed and was released in Arti 1.2.1 on April 2nd,
2024.
Milestone #4: Documentation
The defined goal for this deliverable:
- Documentation updated on https://arti.torproject.org
We worked with external partners to build a new website for Arti. This
website is currently available at
but the site will be moved to and replace the current
https://arti.torproject.org/ within the next month and be used as the
primary portal of information on the Arti project.
We will continue to update the documentation as we progress with this
grant.
Conclusion
While we need to catch up on the RPC/embedability deliverables, we are
pleased about the current state of the Arti project. We plan to wrap up
the remaining items in the next few months and will deliver a final
report with the next update.
We encourage people who are excited about anonymity technology to try
out Arti for their projects. We believe the Rust API is starting to work
well, and we can internally use Arti for more and more things, including
our VPN experiment project, analysis of data, and Arti’s low-level API
was even used once to deliver a PoC for us on a security issue :')
Thanks again for your continued support for our work!
Please ask any questions here if you have any 
All the best,
Tor Arti Team
8 Likes
FYI Tor edited a previous post they made on May 17th, 2024 to add their May 17th update and timeline change so please note the above post is from May 17th.
5 Likes
Thanks @Danika!
1 Like
5 Likes
Update: Arti 1.2.5 is released: onion services development, security fixes | The Tor Project
We’ve reached Milestone 3! (Milestone 2 is set to be completed on Feb 1, 2025, as explained in a previous post above). Details here: Announcing Vanguards Support in Arti | The Tor Project
8 Likes
Just dropping in here to add that thanks to Arti existing and being very usable 
I’ve been able to add APIs to the zcash_client_backend Rust crate for:
- Fetching USD/ZEC exchange rates over Tor: zcash_client_backend: Add a Tor client that can fetch USD/ZEC exchange rates by str4d · Pull Request #1422 · zcash/librustzcash · GitHub
- Connecting to
lightwalletdover Tor: zcash_client_backend: Add `tor::Client::connect_to_lightwalletd` by str4d · Pull Request #1472 · zcash/librustzcash · GitHub
These will be available in the upcoming zcash_client_backend 0.13.0 crate release, and we’ll start using them in the Android and iOS mobile SDKs.
11 Likes
I will add that we’ve only run into one non-trivial issue: we are stuck using arti-client 0.11, because arti-client has a fixed (transitive) dependency on rusqlite, and arti-client 0.12+ use a rusqlite version newer than we are currently able to (and having two versions in the dependency tree causes a compilation failure due to incompatible libsqlite3-sys versions).
As part of debugging the above, I’ve also noticed that arti-client tends to have internally inconsistent (and thus multiple) versions of its own external dependencies. It has a very large internal dependency tree, so I’m not surprised that this occurs on occasion, but it’s something to watch out for (particularly as we need to compile the Rust code for 4-5 mobile architectures each in the Android and iOS SDKs, so any bloat is multiplied).
3 Likes
What’s the setup on the server side to expose the service and does it work with the streaming API?
2 Likes
- I’ve not made any changes to
lightwalletditself.zcash_client_backendonly implements the client side, and in particular it does not currently enable connecting to onion services (because in the version ofarti-clientwe currently depend on they were very experimental). Thelightwalletdconnection is made through a Tor exit node to a regular public server (secured by TLS, so the exit node can’t intercept traffic). Once I’m able to upgradearti-clientthen it might be worth setting up, particularly given that Arti now supports vanguards. - Yes, I’ve tested it for sync and
GetBlockRange(which returns(stream CompactBlock)) is pretty fast (at least for non-sandblasting block ranges). I wouldn’t recommend doing bulk sync of the sandblasting ranges over Tor (and we probably won’t callGetBlockRangeover Tor at all in the mobile SDKs, at least initially), but if necessary it would probably work.
2 Likes
Are there significant advantages to using NYM instead of Tor?
2 Likes
I think a table of pros/cons would be super helpful personally. Right tools for the right job, but we need to understand the tools intended use cases.
1 Like
That would probably be useful. This is also not the thread for it (suffice to say we want to use both Tor and Nym, for what each is best at).
3 Likes
3 Likes