Tor Pursues 'Anonymous Tokens' to Stop Hacks, DoS Attacks

The privacy-oriented browser Tor is researching ways "Anonymous tokens" could counter Denial of Service attacks - a pressing issue for the network.

While there are technical fixes Tor has worked to implement, the nature of the network and the anonymity of the traffic on it make it particularly susceptible to DoS attacks.

In August, Tor introduced the idea of using anonymous tokens to counter such attacks, allowing them to differentiate between "Good" and "Bad" traffic, and to avoid implementing user accounts, which most sites and networks use to identify traffic and bad actors.

During last week's "State of the Onion" address, when the Tor team gave updates on projects and forecasted new developments for 2021, the team reinforced their interest in developing these anonymous tokens.

The process of navigating the Tor network to secure a connection between a server and remote user also requires intensive work by a central processing unit, which can get to a state where it's maxed out and unable to accept new traffic, a feature DoS attacks exploit.

These tokens would allow websites accessible through the Tor network to "Intelligently prioritize which requests it answers."

"We could use anonymous tokens. Tokens are a part of the internet that use blockchains and other protocols like Cloudflare's Privacy Pass," saids Kadianakis during the presentation.

Private bridges are how users access the Tor network in places where censors have blocked access to public Tor relays by blocking their IP addresses.

In the case of DDoS attacks, Kadianakis said Tor could employ proof-of-work tokens created by the clients themselves and sent directly to the service.

In terms of other ways of earning these tokens, Tor lays out a number of options, such as allowing connected sites to award tokens to trusted users or giving users tokens with every donation they make to the project.