Guardians of the Onion: Ensuring the Health and Resilience of the Tor Network

This talk is designed to give an overview of Tor's 'new and not-so-new' network health initiatives in response to some of the pressing questions that emerged from the recent reporting about Tor in Germany. After a brief introduction to "Tor," we will primarily focus on issues relating to the Tor network and its community, underscoring the critical importance of distributed trust, transparency, and engagement in maintaining a robust and healthy ecosystem. We will provide a short overview of the fundamental components of the Tor network, detailing the different types of relays that constitute its infrastructure and the role these can have through their lifetime. We will emphasize that the network operates independently of the Tor Project, sustained by a decentralized, global community of contributors. By analyzing network metrics—such as relay distribution across countries and Autonomous Systems (AS)—we will highlight the current state of the network and identify opportunities for increasing geographic and technical diversity. This is followed by an introduction to the concept of network health. We will define the term, assess the current condition of the Tor network, and showcase the different modes of participation. We will primarily consider this through the lens of an 'alleged' over-reliance on relay concentration in specific regions, such as Europe and the United States. These insights will inform a discussion on how a more geographically distributed network could improve resilience, enhance security, and increase overall functionality. The talk will also address the primary challenges facing the Tor network: Sustainability remains a central concern, particularly with regard to maintaining a stable, secure, and decentralized network over time. Additionally, ensuring trust within the community is essential, especially in the face of potential misuse by malicious actors. We will explore the need for incentive structures that encourage the operation of relays while preserving the network’s independence and autonomy. We will review and debate initiatives the Tor Project has proposed to support a decentralized network without imposing centralized control. In response to these challenges, we will propose several potential solutions. Expanding outreach efforts to regions outside the Global North could promote greater diversity in the relay community, thereby strengthening the network’s ability to resist censorship and external threats. We will also examine existing incentive frameworks that support relay operators. Furthermore, we will discuss the success of Snowflake proxies—widely adopted in regions with restrictive internet environments—and how it demonstrates how lowering the barrier to entry for running nodes can encourage broader participation from the community. Finally, we will outline our strategy for ensuring the long-term health of the Tor network, focusing on governance, community engagement, and sustaining the network’s decentralized nature. We will conclude with a call to action, inviting participants to contribute to the continued sustainability and development of the Tor network.