Enable allow_onion_addrs by default
According to the README and arti-example-config.toml
, allow_onion_addrs
was disabled by default because Arti was lacking vanguard support:
Arti has support for connecting to Onion Services aka Tor Hidden Services.
However, currently it is disabled by default.
This is because Arti currently lacks the
"vanguards" feature that Tor uses to prevent guard discovery attacks over time.
As such, you should probably stick with C Tor if you need to make a large
number of onion service connections, or if you are using the Tor protocol
in a way that lets an attacker control how many onion services connections that you make -
for example, when using Arti's SOCKS support from a web browser such as Tor Browser.
Now that vanguards are enabled by default we should consider making allow_onion_addrs
default to true
. But first we need to make sure we're not missing other security features that would warrant disabling onion services connections by default.