Onion-Location Measurements and Fingerprinting
Authors: Paul Syverson (U.S. Naval Research Laboratory), Rasmus Dahlberg (Independent), Tobias Pulls (Karlstad University), Rob Jansen (U.S. Naval Research Laboratory)
Volume: 2025
Issue: 2
Pages: 512–526
DOI: https://doi.org/10.56553/popets-2025-0074
Abstract: Onion-Location makes it easy for websites offering onion service access to support automatic discovery in Tor Browser of the random-looking onion address associated with their domain. We provide the first measurement study of how many websites are currently using Onion-Location. We also describe the open-source tools we created to conduct the study. Onion-Location has been criticized elsewhere for its lack of transparency and vulnerability to blocking. Perhaps even more troubling, we show that Onion-Location is vulnerable to very accurate fingerprinting. We present recommended changes to and alternatives to Onion-Location as well as steps towards even more secure onion discovery and association.
Keywords: onion services, Onion-Location, website fingerprinting, circuit fingerprinting, network measurement
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.
