The Tor Project has shuttered its cloud proxy service citing security vulnerabilities, usability bugs and a lack of resources.
Tor offers its users the capacity to surf the Web anonymously, bouncing traffic through a series of relay servers so that no observer at any point can tell where that user’s traffic is traveling to or coming from. The Tor Cloud Project essentially offered a platform for creating network bridges within Amazon’s Elastic Cloud Compute in order for users to evade censorship.
Unfortunately, like many other open-source security projects, the Tor Cloud suffered from a lack of funding and human resources. As security vulnerabilities and foundational bugs started to pile up, there was no one available to review and implement potential patches.
“We have tried to find a new maintainer for Tor Cloud for months, but without success,” says Dr. Karsten Loesing, a Tor developer who has also developed a system for gathering anonymous metrics in Tor. “There have been offers to send us patches, but we couldn’t find a Tor person to review and approve them.”
One bug in Tor Cloud images renders the service utterly unusable. Beyond that, there are some 16 vulnerabilities waiting to be patched, at least one of which is of the highest priority, according to Loesing.
The Tor Cloud’s code will remain open-source and available to the public. The Tor Project is encouraging developers to use Tor Cloud’s code in any potential spinoff projects.
“Tor Cloud is still a good idea,” Loesing believes, “it just needs somebody to implement it.”
Existing Tor Cloud bridges won’t be affected by the discontinuation, the Tor Project said in an announcement.