Tor version 0.4.7.16 in Whonix 17 is now considered obsolete. Any action required?

Torprotector · November 29, 2025, 12:37am

You’re somewhat overestimating the security risk in this case. As stated in the conflux specifications ( 329-traffic-splitting - Tor design proposals ), conflux is currently only used for non-Onion services. Conflux support for Onion hidden services is under development in arti and partially in tor. However, for those running Onion services and not using Tor for the regular network, conflux shouldn’t affect or interfere with vanguards at all.

(Although I admit I’m also unhappy that the torproject team isn’t paying attention to this issue.)

Arti 1.0.0: Ready for production use

When we defined our set of milestones, we defined Arti 1.0.0 as “ready for production use”: You should be able to use it in the real world, to get a similar degree of privacy, usability, and stability to what you would with a C client Tor. The APIs should be (more or less) stable for embedders.

We believe we have achieved this. You can now use arti proxy to connect to the Tor network to anonymize your network connections.

Note that we don’t recommend pointing a conventional web browser at arti (or, indeed, C Tor): web browsers leak much private and identifying information. To browse the web anonymously, use Tor Browser; we have instructions for using it with Arti.

protectivecat · November 29, 2025, 8:56pm

You’re somewhat overestimating the security risk in this case. As stated in the conflux specifications ( 329-traffic-splitting - Tor design proposals ), conflux is currently only used for non-Onion services. Conflux support for Onion hidden services is under development in arti and partially in tor. However, for those running Onion services and not using Tor for the regular network, conflux shouldn’t affect or interfere with vanguards at all.

The problem is not about lack of conflux in Onion Services traffic. It is about lack of complete vanguards support due to incompatibility with conflux feature. Full mode is essential for anonymity of “high uptime” Onion Services, which most of publicly accessible onions are. Tor Project admits it in article you previously linked:

Full, for onion services with high uptimes (longer than one month)

There also seem to be differences between the Tor Project and Mike Perry’s approach. The implementation of the bandguards subsystem was not mentioned. I assume that “Relaxed path building restrictions” refer as the equivalent of the Rendguard subsystem:

github.com/mikeperry-tor/vanguards

README_TECHNICAL.md

master

# What does this addon do?

This addon uses the [Stem Tor control port
library](https://stem.torproject.org/) to connect to a Tor control port
listening on port 9051 (or on an alternate user-specified port, or UNIX file
system socket).

This addon protects against guard discovery and related traffic analysis
attacks. A guard discovery attack enables an adversary to determine the guard
node(s) that are in use by a Tor client and/or Tor onion service. Once the
guard node is known, traffic analysis attacks that can deanonymize an onion
service (or onion service user) become easier.

# Onion Service Overview

To understand these attacks as well as the rest of this document, first let's
give a quick overview of how onion services work in Tor.

Onion service addresses are announced in encrypted descriptor documents which
are uploaded to specially selected Tor relays, called HSDIRs. These

This file has been truncated. show original

Arti 1.0.0: Ready for production use

It seems that their blog article and official documentation are contradictory on this:

Arti is not yet ready for production use, but it is ready for testing and experimentation.

Duck · December 6, 2025, 7:02am

Hello guys! I’m a regular user. I don’t understand what you are talking about, tell me what to do? Wait for the update to be released, right?

Patrick · December 6, 2025, 12:07pm

When user action are required, we post a news in category important-news as per: