Skip to main content

Tor Integration: Enhanced Privacy and Accessibility

RSS

Announcing Tor2Web gateway integration and onion service support for enhanced privacy and accessibility. Technical specifications and implementation details.

Date: October 18, 2025
Reading time: 4 min read
Tags:
privacy tor security infrastructure accessibility

Tor Integration: Enhanced Privacy and Accessibility

Today marks a significant milestone for jpfchang.org as we announce the integration of Tor support, providing enhanced privacy and accessibility options for our visitors. This implementation includes both Tor2Web gateway support for passive mirroring and comprehensive onion service integration.

What’s New

Tor2Web Gateway Integration

We’ve implemented Tor2Web gateway support to provide passive mirroring capabilities. This allows users to access our content through Tor2Web proxies without requiring the Tor Browser installation.

Supported Gateways:

  • onion.ly (primary, most reliable)
  • onion.ws (alternative)
  • tor2web.org (legacy)
  • onion.to (legacy)

Onion Service Support

Our site now supports onion service integration with multiple hosting options:

  • Self-hosted Tor daemon (recommended for full control)
  • Third-party onion service providers
  • Tor2Web gateway fallback (already implemented)
  • Flexible configuration for different hosting scenarios

Enhanced Privacy Features

  • Onion-Location Header: Automatically informs Tor Browser users about onion service availability
  • Tor Detection: Server-side detection of Tor Browser and Tor2Web requests
  • Privacy Warnings: Clear warnings about Tor2Web privacy implications

Technical Implementation

Middleware Integration

The Tor functionality is integrated into our middleware (src/middleware.ts) with the following features:

// Tor integration
const onionAddress = context.locals.runtime?.env?.ONION_ADDRESS;
if (onionAddress) {
  // Add Onion-Location header for Tor Browser users
  const onionLocation = getOnionLocationHeader(onionAddress, context.url.pathname);
  newResponse.headers.set('Onion-Location', onionLocation);
  
  // Add Tor-specific headers for debugging
  if (isTorBrowser(context.request)) {
    newResponse.headers.set('X-Tor-Access', 'true');
  }
  
  if (isTor2WebRequest(context.request)) {
    newResponse.headers.set('X-Tor2Web-Access', 'true');
  }
}

Tor Utility Library

We’ve created a comprehensive Tor utility library (src/lib/tor.ts) that provides:

  • Onion Address Validation: Support for both v2 (deprecated) and v3 onion addresses
  • Tor Browser Detection: Multiple detection methods including header analysis
  • Tor2Web Request Detection: Identification of Tor2Web gateway requests
  • URL Generation: Automatic generation of onion and Tor2Web URLs
  • Access Method Management: Unified interface for different access methods

Component Architecture

The Tor information is displayed through a dedicated component (src/components/TorInfo.astro) that:

  • Shows available access methods
  • Provides privacy warnings
  • Explains Tor benefits
  • Links to Tor Browser download

Privacy Considerations

Using Tor Browser provides:

  • Maximum Privacy: Multi-layer encryption and onion routing
  • Anonymous Browsing: No IP address tracking
  • Censorship Resistance: Bypasses network restrictions
  • No Logs: Tor network doesn’t keep connection logs

Tor2Web Gateways (Use with Caution)

While Tor2Web gateways provide accessibility, they have privacy implications:

  • Reduced Privacy: Gateway operators can see your traffic
  • No Anonymity: Your IP address is visible to the gateway
  • Single Point of Failure: Gateway becomes a potential surveillance point
  • Educational Purpose: Primarily for users who cannot install Tor Browser

Why This Matters

Enhanced Accessibility

This implementation ensures our content remains accessible even in:

  • Countries with Tor restrictions
  • Corporate networks blocking Tor
  • Environments where Tor Browser installation is restricted
  • Educational institutions with limited software installation rights

Privacy-First Approach

By supporting multiple access methods, we:

  • Respect user privacy choices
  • Provide clear privacy warnings
  • Maintain transparency about data handling
  • Support the broader Tor ecosystem

Technical Innovation

This implementation demonstrates:

  • Modern web development practices
  • Privacy-by-design architecture
  • Accessibility considerations
  • Security-first mindset

Implementation Details

Environment Configuration

The Tor integration requires the following environment variable:

# Set your Cloudflare-provided onion address
ONION_ADDRESS=your-onion-address.onion

Onion Service Setup Options

Option 1: Self-hosted Tor daemon (Recommended)

  1. Set up a VPS or dedicated server
  2. Install Tor: sudo apt install tor
  3. Configure /etc/tor/torrc: 
    HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:8080
  4. Restart Tor: sudo systemctl restart tor
  5. Get onion address: sudo cat /var/lib/tor/hidden_service/hostname
  6. Set up reverse proxy to your Cloudflare Pages site
  7. Set the ONION_ADDRESS environment variable

Option 2: Third-party providers

  • Research onion service providers
  • Configure your domain with their service
  • Get the provided .onion address
  • Set the ONION_ADDRESS environment variable

Option 3: Tor2Web gateways (already implemented)

  • No additional setup required
  • Users can access via onion.ly, onion.ws, etc.
  • Privacy warnings are automatically displayed

Security Headers

The implementation adds several security headers:

  • Onion-Location: Directs Tor Browser users to onion service
  • X-Tor-Access: Debugging header for Tor Browser requests
  • X-Tor2Web-Access: Debugging header for Tor2Web requests

Future Enhancements

Planned Features

  • Tor Metrics: Analytics for Tor usage (privacy-preserving)
  • Enhanced Detection: Improved Tor Browser detection methods
  • Gateway Health: Monitoring of Tor2Web gateway availability
  • User Education: More detailed privacy guidance

Community Feedback

We welcome feedback on:

  • Gateway reliability
  • User experience improvements
  • Privacy feature requests
  • Technical implementation suggestions

Conclusion

The integration of Tor support represents our commitment to privacy, accessibility, and technical innovation. By providing multiple access methods with clear privacy implications, we ensure our content remains available to users regardless of their technical capabilities or privacy requirements.

This implementation follows privacy-by-design principles while maintaining the high performance and user experience standards that define jpfchang.org.

Access Methods:

  • Clearnet: https://jpfchang.org (standard access)
  • Tor Browser: [Onion address available after self-hosted setup]
  • Tor2Web: Available through supported gateways (onion.ly, onion.ws, etc.)

For questions or feedback about this implementation, please reach out through our contact page or social media channels.

This implementation follows Tor Project guidelines and best practices for onion service integration. For more information about Tor and privacy, visit torproject.org.