Bugs, lack of support lead to Tor Cloud Project shutdown

Tor Project shuts down its AWS bridge effort, Tor Cloud, but encouraged developers to set up their own Tor bridges to promote anonymous cloud usage.

The Tor Project Inc. has pulled the plug on its cloud effort after nearly four years.

The Tor Cloud Project, an intuitive service for anonymous Internet access through Amazon EC2 cloud via Tor relays, was shut down this week due to insufficient maintenance and support to fix bugs. Yet the founders of the project, launched in 2011, are now encouraging users to set up their own cloud bridging projects.

Bridges are exit nodes not publicly listed in the Tor relay lists. They are the result of users contributing their bandwidth to the project so they can use Tor's services without revealing their IP addresses -- thereby avoiding scrutiny from governments, ISPs and others. As a result, cloud users can enjoy increased privacy through Tor relays, as their cloud presence remains anonymous through the channeling of several other users' nodes.

Tor Cloud was originally designed to make this privacy simple to attain.

"The main purpose of Tor Cloud was to make it as convenient as possible for users to set up a Tor bridge," Dr. Karsten Loesing, metrics researcher and developer for the Tor Project, said in an email to SearchSecurity. "Users could always set up their own Tor bridge by picking an operating system image of their choice and installing a Tor bridge themselves. In fact, they can still do that today."

Tor Cloud is not vital to the setting up of such a bridge, but made it easier, according to Loesing. "Not everyone who wants to contribute to the Tor network is necessarily a good systems administrator," he said. "Giving users a ready cloud image with all software already installed means they don't have to be."

Setting up a Tor bridge may also be accomplished through the deployment of other easy-use bridge systems such as Ansible Tor or cirrus, or by forking the existing Tor Cloud code.

Tor Cloud used a configured image to constrain its bandwidth use and run as Amazon micro-instances on the EC2. This allowed users to run Tor bridges on Amazon Web Services (AWS) at no cost for up to a year, since "AWS Free Tier includes 750 hours of Linux and Windows t2.micro instances each month for one year," according to the AWS website.

AWS was the best choice for Tor Cloud in terms of monthly cost and geographical diversity at the time, according to Loesing. But the project could have been extended to other cloud platforms as well.

The main purpose of Tor Cloud was to make it as convenient as possible for users to set up a Tor bridge.
Dr. Karsten Loesing, Tor Project

"If someone were to re-do Tor Cloud today, they should probably re-evaluate the big cloud providers and possibly choose another provider than AWS," Loesing said. "Our experience with AWS was good though, and discontinuing Tor Cloud was unrelated to choosing AWS as provider."

Tor Cloud had been faced with a number of hazardous bugs, according to the Tor project's blog, some of which rendered the service "completely dysfunctional." Consequently, there was a stark decline in the number of Tor Cloud bridges in 2014, and the project was unable to find developers to maintain the software.

"The main reason for discontinuing Tor Cloud is the fact that software requires maintenance, and Tor Cloud is no exception," according to the Tor Project blog.

However, help may still be extended to maintain the Tor browser by running relays and through donations to Torservers.net, an independent network that runs high bandwidth Tor relays.

Next Steps

Find out why enterprises should be concerned about employees using Tor networks

Dig Deeper on Public Cloud Computing Security