Arti is a project to produce an embeddable, production-quality implementation of the Tor anonymity protocols in the Rust programming language.
Arti is not ready for production use; see below for more information.
Rust is more secure than C. Despite our efforts, it's all too simple to mess up when using a language that does not enforce memory safety. We estimate that at least half of our tracked security vulnerabilities would have been impossible in Rust, and many of the others would have been very unlikely.
Rust enables faster development than C. Because of Rust's expressiveness and strong guarantees, we've found that we can be far more efficient and confident writing code in Rust. We hope that in the long run this will improve the pace of our software development.
Arti is more flexible than our C tor implementation. Unlike our C tor,
which was designed as SOCKS proxy originally, and whose integration features
were later "bolted on", Arti is designed from the ground up to work as a
modular, embeddable library that other applications can use.
Arti is cleaner than our C tor implementation. Although we've tried to develop C tor well, we've learned a lot since we started it back in 2002. There are lots of places in the current C codebase where complicated "spaghetti" relationships between different pieces of code make our software needlessly hard to understand and improve.
Arti is a work-in-progress. It can connect to the Tor network, bootstrap a view of the Tor directory, and make anonymized connections over the network.
Arti is currently missing some features that are required for good privacy, and is therefore vulnerable to a lot of attacks that do not yet affect the Tor network. Therefore, you should probably not use Arti in production if you want any kind of privacy at all.
There are absolutely no guarantees about API stability yet: if you write code that uses Arti, you should expect that
Arti can act as a SOCKS proxy that uses the Tor network. (Not a very secure or anonymous one!) It knows how to download directory information and how to load it from cache, but it doesn't try to download more than one directory per run.
To try it out, run the demo program in arti as follows. It will open a
SOCKS proxy on port 9150.
% cargo run --release
Again, do not use this program yet if you need anonymity, privacy, security, or stability.
Have a look at our contributor guidelines.
Thanks to a generous grant from Zcash Open Major Grants (ZOMG), we're able to devote some significant time to Arti in the years 2021-2022. Here is our rough set of plans for what we hope to deliver when.
The goal times below are complete imagination, based on broad assumptions about developer availability. Please don't take them too seriously until we can get our project manager to sign off on them.
Arti 0.1.0: Okay for experimental embedding (Goal: Mid March, 2022??)
Arti 1.0.0: Initial stable release (Goal: Mid September, 2022??)
Arti 1.1.0: Anti-censorship features (Goal: End of october, 2022?)
Arti 1.2.0: Onion service support (not funded, timeframe TBD)
Arti 2.0.0: Feature parity with C tor as a client (not funded, timeframe TBD)
Arti ?.?.?: Relay support
See CONTRIBUTING.md for a few ideas for how to get
started.
This code is licensed under either of
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
(The above notice, or something like it, seems to be pretty standard in Rust projects, so I'm using it here too. This instance of it is copied from the RustCrypto project's README.md file.)