The developers of the project Tor have announced the release of arti 1.4.0, the implementation of the Tor client written in the language Rust. Branch 1.x is now considered suitable for users, providing the same level of confidentiality, usability, and stability as the main implementation in SI. The goal is to reach parity with the SI client in branch 2.0. Once the Rust code reaches a level where it can fully replace the SI option, Arti will become the main implementation of Tor, with support for SI gradually phased out. The code is distributed under the licenses of Apache 2.0 and MIT.
Arti was originally developed as a modular built-in library that can be used by various applications. Lessons learned from past experiences in developing Tor were applied to Arti to avoid architectural issues associated with the original design of the SI implementation as SOCKS-Proxies. The shift to Rust also aims to improve code security by leveraging the language’s memory safety features. Tor developers believe that using Rust without UNSAFE blocks will prevent many typical vulnerabilities in the project and expedite development with its expressiveness and guarantees.
The new release introduces a new RPC interface to replace the control protocol via a TCP port specified through the Controlport parameter. The RPC allows applications and services to integrate with Arti without having the ARTI function embedded in the library.
Key differences in the new protocol include the use of JSON format for easier parsing, scalability of the protocol, a mechanism to check RPC availability, support for multiple requests in one connection, and ready-made client libraries for C, Python, and Rust.
Arti 1.4.0 also includes preparatory work to support relays and ongoing efforts to enhance protection for onion services against DDoS attacks.