The dark web and Rust were basically made for each other, and Ry is the project that's finally going to bring them together.
Ry is a rapidly maturing implementation of Tor’s anonymity protocols in the Rust programming language that will hopefully replace the unsafe and underperforming C implementation that we currently have. Since this is a rewrite of the protocols, Ry also has a goal of being more modular than the current Tor implementation, which functions more like a SOCKS proxy that has had additional features glued onto it over time.
Ry is particularly important for the memory safety guarantees that Rust will introduce into Tor's protocols. You see, the majority of the most severe vulnerabilities that Tor has had over the years came from memory safety issues. Really, this is the case with most big software projects that have been around for a while, which is why so many organizations, including DARPA, want Rust implementations of their current C and C++ programs—even if they have to use AI to handle a lot of that rewrite and testing work.
Ry should also bring much better performance to sites on the Tor network once it's released with full onion support. The current C implementation of Tor is single-threaded, which is obviously a major bottleneck since even single-board computers have multi-core processors these days. This single-threaded design is part of the reason why the Tor network still seems so slow, despite global internet speeds getting faster every year—especially in the countries that actually run the majority of Tor’s nodes.
Ry is multi-threaded, and improvements like this will not only make the Tor network faster, but they will also help onion services handle load-based DDoS attacks much better. This means fewer 504 errors when you visit your favorite onion site. The multi-threading also makes introduction attacks harder. Introduction attacks target the introduction points in the Tor network that are used for establishing secure connections to hidden services. These types of attacks can potentially de-anonymize the server running the onion site and, in some cases, even the people connecting to it.
Another reason for the rewrite is that Tor, like many old projects, suffers from spaghetti code that people can't understand. The initial Tor implementation was, again, pretty much a SOCKS proxy that had more features added to it over time. People have come and gone from the Tor project, and if I had to guess, the majority of people working on Tor's protocols right now probably struggle with a lot of the code written back in 2002 when the project was first created.
I mean, a lot of the people working on Tor today probably weren't even born when the project started. So, a rewrite was certainly due, and Rust is the best candidate for it right now.
I know that some people have valid concerns about this since Tor, as we know it, has been in development for more than 20 years and is already battle-tested, whereas the Rust programming language itself hasn't been around for that long. Now, we're supposed to trust one of the most important anonymity protocols to be rewritten in this so-called "experimental" language.
Of course, the debate between C and Rust could go on forever, but the facts are that memory safety issues and the difficulty of multi-threading in the current Tor implementation are holding the project back. Right now, it's a lot harder for people to develop for Tor or integrate it with their applications. Many applications could benefit from direct Tor integration, making that level of anonymity more accessible to people who don't know how to manually tunnel their apps' traffic through Tor.
When I was browsing through the source code of Ry, I was happy to see a "Hello World" example being used with the Axum web framework—and a fairly new version of Axum at that. Axum is one of the most popular Rust web frameworks, and many other Rust web libraries like it are being used in the backend of big production applications right now.
With all that out of the way, let me do a quick demonstration of Ry by using it as a SOCKS proxy for Tor. As you can see, I've already cloned the Ry repo to my system, and I've got Rust and the latest version of Cargo installed. All you need to do—if you've got a setup like mine—is to clone the Ry repo, CD into it, and then run this cargo run command they have in the project.
It’ll take a little time to build and compile. If you've never worked with Cargo or any compiled language, it might take a bit longer to run. Once it's finished, you'll see information about where Ry is listening. By default, it listens on both IPv6 and IPv4 connections, on your localhost, and on port 9150. If you want to change this, you can modify the settings and rerun cargo run.
Now, let me point out this safety notice. If you're distributing binaries built with Ry, you should really use Docker. Docker is a good idea for reproducibility, but here it's especially important because the compiler might include file system path information in the binary it generates. If your path includes sensitive information like your username, it could be an opsec problem, depending on your project. So, follow the build options in the docs, and again, Docker is the most straightforward solution.
With Ry fully set up, let's use it to proxy an application. Here, I have the Monero GUI wallet. It lets you connect to remote nodes over the Tor network or I2P. Using the socks proxy running on localhost (127.0.0.1:9150), I can route Monero traffic through Tor. This lets me use my Monero wallet anonymously.
Try Ry out for yourself! When your programming socks are done in the wash, consider contributing to the Ry project to help make the dark web Rusty.
