Tthe Tor Project is ending support for v2 onion services. Users of the Tor Browser will be greeted with a warning about the change as the deadline rapidly approaches.
In a related FAQ which is also available below, Tor wrote, “v2 onion services will not be reachable after September 2021.” There you have it. Although I suppose if you were stubborn enough you could essentially continue to run a v2 onion service. You would be one of the only visitors, given that most users will not be compiling their own copy of the browser.
How do I know if I’m using v2 or v3 onion services?
You can identify v3 onion addresses by their 56 character length, e.g. Tor Project’s v2 address:
http://expyuzz4wqqyqhjn.onion/, and Tor Project’s v3 address:
If you’re an onion service administrator, you must upgrade to v3 onion services as soon as possible. If you’re a user, please ensure that you update your bookmarks to the website’s v3 onion addresses.
What is the timeline for the v2 deprecation?
In September 2020, Tor started warning onion service operators and clients that v2 will be deprecated and obsolete in version 0.4.6. Tor Browser started warning users in June, 2021.
In July 2021, 0.4.6 Tor will no longer support v2 and support will be removed from the code base.
In October 2021, we will release new Tor client stable versions for all supported series that will disable v2.
You can read more in the Tor Project’s blog post Onion Service version 2 deprecation timeline.
Can I keep using my v2 onion address? Can I access my v2 onion after September? Is this a backward-incompatible change?
V2 onion addresses are fundamentally insecure. If you have a v2 onion, we recommend you migrate now. This is a backward incompatible change: v2 onion services will not be reachable after September 2021.
What is the recommendation for developers to migrate? Any tips on how to spread the new v3 addresses to people?
In torrc, to create a version 3 address, you simply need to create a new service just as you did your v2 service, with these two lines:
HiddenServiceDir /full/path/to/your/new/v3/directory/ HiddenServicePort <virtual port> <target-address>:<target-port>
The default version is now set to 3 so you don’t need to explicitly set it. Restart tor, and look on your directory for the new address. If you wish to keep running your version 2 service until it is deprecated to provide a transition path to your users, add this line to the configuration block of your version 2 service:
This will allow you to identify in your configuration file which one is which version.
If you have Onion-Location configured on your website, you need to set the header with your new v3 address. For technical documentation about running onion services, please read the Onion Services page in our Community portal.
I didn’t see the announcement, can I get more time to migrate?
No, v2 onion connections will start failing nowish, first slowly, then suddenly. It’s time to move away.
Will services start failing to be reached in September, or before already?
Already, introduction points are not in Tor 0.4.6 anymore, so they will not be reachable if relay operators update.
As a website administrator, can I redirect users from my v2 onion to v3?
Yes, it will work until the v2 onion address is unreachable. You may want to encourage users to update their bookmarks.
Are v3 onion services going to help in mitigating DDoS problems?
Yes, we are continuously working on improving onion services security. Some of the work we have in our roadmap is ESTABLISH_INTRO Cell DoS Defense Extension, Res tokens: Anonymous Credentials for Onion Service DoS Resilience, and A First Take at PoW Over Introduction Circuits. For an overview about these proposals, read the detailed blog post How to stop the onion denial (of service).