Arti 2.0.0 Ships: Tor Rust Rewrite Hits Major Milestone

The Tor Project released Arti 2.0.0 on February 2, 2026, and while version numbers alone rarely matter, this one signals something concrete about where Tor development is heading. Arti is the complete Rust rewrite of the original C tor codebase that has powered the anonymity network since 2002, and the jump to version 2.0.0 indicates breaking changes that force developers to adapt and pay attention.

The version bump stems from three specific breaking changes rather than marketing fluff. First, the deprecated configuration options proxy.socks_port and proxy.dns_port are gone permanently, replaced by proxy.socks_listen and proxy.dns_listen which anyone using outdated configs will discover the hard way. Second, the legacy directory authority syntax has been removed in favor of new specification methods. Third, and most significant for developers building on top of Arti, all APIs in the arti crate have been marked experimental with the intention to migrate or eliminate them entirely, which means if you built something using those APIs directly you should probably report your use case before they disappear.

So why does any of this matter beyond developer housekeeping? Because Arti represents everything C tor should have been but could never become given the constraints of its 2002 origins and the programming language it was built with.

The original C implementation of Tor has been hemorrhaging security vulnerabilities for over two decades, and the CVE database documents exactly how bad it got: heap-based buffer overflows, use-after-free bugs, and memory corruption flaws that let remote attackers crash relays or potentially execute arbitrary code. A 2023 penetration test found unmaintained C code from 2012 still running in the tun2socks module, which is exactly the kind of technical debt that accumulates when you are trying to patch a building while people live in it.

Rust changes the equation fundamentally. According to the Tor Project estimates, at least half of the security flaws they have identified in C tor become impossible in Rust, and many more become extremely unlikely. Memory safety enforcement catches buffer overflows at compile time rather than after an attacker exploits them, which means the vulnerability class that dominated tor CVE history stops existing by default. The same type system that prevents memory unsafety also prevents dangerous concurrent access patterns, so Arti circuit cryptography has been multicore from day one with minimal extra programming effort.

The Tor Project started work on Arti around 2020 and reached production readiness with Arti 1.0.0 in September 2022, accelerated in part by a 670,000 dollar Zcash Community Grant that funded development. By December 2025, Arti 1.8.0 shipped with Proposal 368 circuit isolation, onion service migration tooling, and relay infrastructure progress, and now version 2.0.0 continues that trajectory with meaningful architectural work.

The 2.0.0 release specifically advances relay functionality through a generic modular circuit reactor architecture, relay channel launching capability, handshake response handling, and groundwork for server-side TLS connection handling. Directory authority work progresses with systems for downloading, validating, and storing authority certificates. None of this means you can run Arti as a relay or directory authority today, and the Tor Project explicitly states that remains unsupported, but each release pushes closer to the point where the network infrastructure itself can run on memory-safe code.

The new inet-auto socket type for automatic selection of unused TCP ports when deploying RPC servers represents the kind of quality-of-life improvement that indicates maturing software, because as a codebase matures the focus shifts from major features to polish and convenience.

For anyone running Arti in production or embedding it in applications, the breaking changes mean checking your configuration files and API usage, because the old syntax simply will not work. The deprecated options have been gone since 1.4.1 when they were first marked for removal, so this should not surprise anyone paying attention, but inertia is real and some deployments will break. The explicit experimental marking of arti crate APIs signals that the Tor Project expects to refactor the interface layer, which makes sense given they are still building out major subsystems like relay support.

The C tor implementation cannot be incrementally modernized because the existing codebase grew so interconnected that isolated modules cannot be extracted for piece-by-piece rewrites, and the parts needing replacement most urgently are the most tangled. Rust security guarantees depend on Rust code interacting with other Rust code, so incremental migration offers minimal benefits, which is why the Tor Project committed to a complete rewrite rather than endless patching of legacy code.

Contributors to this release include Niel Duysters, carti-it, hjrgrn, and sjcobb, and the full changelog documents every detail for those tracking development closely.

Once relay support reaches production quality, the Tor Project can begin phasing out C tor entirely, transitioning the network infrastructure that keeps anonymous communication possible from code written when buffer overflows were considered a fact of life to code that makes them structurally impossible. Every release like Arti 2.0.0 brings that transition closer, and while the version number by itself means nothing, the work it represents means everything for anyone who relies on Tor actually working when it matters.