Tor Ditches C for Rust and Your Privacy Benefits

The Tor Project shipped Arti 1.8.0 on December 2, 2025, continuing their multi-year project to rebuild the entire Tor client from scratch in Rust. This release implements Proposal 368 circuit isolation, adds onion service migration tooling, and pushes relay development closer to completion.

For anyone running Tor, this matters because the original C implementation has been hemorrhaging security vulnerabilities for over two decades. The CVE database documents a parade of heap-based buffer overflows, use-after-free bugs, and memory corruption flaws that allowed remote attackers to crash relays or potentially execute arbitrary code. A 2023 penetration test found the tun2socks module still running unmaintained C code from 2012.

The Tor Project estimates that Rust makes at least half of these historical security flaws impossible by design. Memory safety enforcement catches buffer overflows at compile time rather than after an attacker exploits them. The team had tried for years to modularize the C codebase incrementally, but found the components too intertwined to disentangle safely. So they started fresh around 2020, and by September 2022 declared Arti production-ready with version 1.0.0.

Proposal 368: Smarter Circuit Timeouts

The headline feature in 1.8.0 implements usage-based timeouts for strongly isolated circuits per Proposal 368 specifications. The old approach combined two separate functions into a single "Circuit Dirty Timeout" that controlled both when circuits became unavailable for new streams and when idle circuits got closed. This created predictable timeout patterns that could reveal user behavior to traffic analysis.

The fix separates these mechanisms: one timer controls stream attachment eligibility, while a randomized second timer closes idle circuits after disconnection. Circuits with application-level isolation identifiers now persist indefinitely for matching streams, and the KeepAliveIsolateSOCKSAuth option activates by default. Randomizing when idle circuits close reduces fingerprinting from predictable timeout patterns, while persistent isolated circuits improve responsiveness without enabling cross-service tracking.

Onion Service Migration

Operators running hidden services on the legacy C Tor implementation can now migrate their restricted discovery keys to Arti using the new experimental arti hsc ctor-migrate command. This bridges the gap for anyone wanting to transition infrastructure without losing existing client authorization configurations. The release also adds a configuration option controlling which onion services launch at startup.

Relay Development Advances

Arti has functioned as a client since 1.0, but relay support remains the major missing piece for replacing C Tor entirely. Version 1.8.0 continues backend infrastructure work including routing architecture, protocol implementation, Tor network document parsing and generation, directory cache support, and OR port listener configuration. Relay support remains the primary development focus for Arti's future, and each release chips away at the remaining work.

Developer Tooling

The release adds experimental tokio-console support for developers building on or debugging Arti. Enabling this requires building with the tokio-console cargo feature and --cfg tokio_unstable flag. For anyone contributing to the project or integrating Arti into applications, async runtime visibility helps diagnose performance issues and deadlocks.

Counter Galois Onion Encryption

While CGO landed in earlier Arti versions, it deserves mention because it represents the most significant cryptographic upgrade to Tor in years. The new encryption scheme blocks tagging attacks where adversaries modify traffic at one network position and observe predictable changes elsewhere. The old tor1 algorithm used a 4-byte SHA-1 digest for authentication; CGO replaces this with a modern 16-byte tag while adding forward secrecy that discards keys after each cell transmission. The Tor Project calls tagging attacks "the most important attack we are solving with CGO."

Why Rust Matters

C served Tor reasonably well when development started in 2001, but the language encourages low-level approaches that require painstaking care to implement safely. Thread safety in C is fragile enough that the team wanted multi-core relay cryptography for years but couldn't risk the subtle bugs or security holes that concurrent C code invites. The existing codebase grew so interconnected that isolated modules couldn't be extracted for incremental rewrites, and the parts needing replacement most urgently were the most tangled.

Rust's security guarantees depend on Rust code interacting with other Rust code, so incremental migration offered minimal benefits. A $670,000 grant from Zcash Community Grants funded the accelerated development that reached production readiness in two years.

What Comes Next

The Arti project moves closer to feature parity with C Tor every release. Version 1.7.0 in November 2025 stabilized onion service restricted discovery. Version 1.5.0 in August advanced Conflux path selection and congestion control. Relay support remains the primary development focus, after which the Tor Project can begin phasing out C Tor entirely.

For privacy-focused users, Arti represents everything a security rewrite should be: memory-safe by default, resistant to entire vulnerability classes, and incrementally gaining features while maintaining stability. The C implementation will eventually become legacy code, and every release brings that transition closer.

Contributors to version 1.8.0 include Dimitris Apostolou, hashcatHitman, hjrgrn, Mynacol, Neel Chauhan, nield, Nihal, and NoisyCoil. The full changelog lives in the Arti GitLab repository.