Tor Proof-of-Work Defense on the Source Interface

The SecureDrop Source Interface is served as an onion service with an .onion URL, requiring Tor Browser to access it over the Tor network. Tor is sometimes targeted for denial-of-service (DoS) attacks that can slow down the Tor network as a whole as well as burden individual onion services, including SecureDrops.

Tor now includes a proof-of-work (PoW) defense against denial-of-service attacks that can be turned on for individual onion services. As of SecureDrop 2.9.0, new SecureDrops have this feature enabled by default, and we encourage all SecureDrop administrators to turn it on for their instances. While this measure can’t speed up the Tor network as a whole if it’s slow, it can protect your SecureDrop from being attacked specifically; and more onion services running with this feature helps improve the resilience of the Tor network.

Enabling the proof-of-work defense

If you’re installing SecureDrop for the first time, the proof-of-work defense will be enabled by default, unless you explicitly disable it.

To enable it on an existing SecureDrop instance, on the Admin Workstation:

cd ~/Persistent/securedrop
./securedrop-admin sdconfig

The prompts will include:

Enable Tor's proof-of-work defense against denial-of-service attacks for the Source Interface?: yes

Type <Enter> to accept the new default yes value. When you finish the prompts, rerun the installation script:

./securedrop-admin install

The Tor configuration will be updated to enable the proof-of-work defense. When the script finishes, confirm that you can access the Source Interface.

Disabling the proof-of-work-defense

Follow the instructions above for enabling the proof-of-work defense, but answer no at the prompt:

Enable Tor's proof-of-work defense against denial-of-service attacks for the Source Interface?: no