Interest Article

Introducing Onion Names for SecureDrop

October 15, 2020

We are pleased to announce that human-readable onion addresses in the format <yourname>.securedrop.tor.onion are now available for SecureDrop instances using v3 onion services that are listed in the SecureDrop directory.

SecureDrop uses onion services—accessible only via the Tor network—to protect sources sending tips to news organizations. When you visit an onion service (address ends with “.onion”), all traffic to and from the service is encrypted and anonymized.

“Anonymous” should not mean “impossible to remember”. But unless you have total recall, you’re unlikely to keep an address like sdolvtfhatvsysc6l34d65ymdwxcujausv7k5jk4cy5ttzhjoi6fzvyd.onion in the back of your mind. These long addresses help to secure your communications with an onion service, but they’re also very unwieldy.

As part of efforts to make onion services more user-friendly, starting with version 9.5, Tor Browser introduced the Onion Names feature. Upon launch, Tor Browser retrieves a map of notable .onion addresses to human-readable aliases, called onion names, and keeps it up-to-date. For example, the onion name lucyparsonslabs.securedrop.tor.onion is mapped against the SecureDrop address for Lucy Parsons Labs.

In the case of SecureDrop instances (onion names ending with “.securedrop.tor.onion”), this map is maintained by Freedom of the Press Foundation, the nonprofit organization behind SecureDrop.

When you visit a SecureDrop using an onion name, Tor Browser looks it up in the map of onion names (under the hood, this is done using ruleset update channels for the HTTPS Everywhere browser extension, but don’t be confused—onion names have nothing to do with HTTPS). If it finds a match, it loads the corresponding full-length .onion address. The address bar will continue to show the onion name.

For the last few weeks, we have been trialing onion names with selected news organizations. We’re pleased to announce that onion names are now available free of charge to any SecureDrop instance which is part of the SecureDrop Directory and uses v3 onion services.

Every onion name must have the form “<yourname>.securedrop.tor.onion”, where “<yourname>” is a succinct and unambiguous identifier for an organization. In some cases, we may ask for a qualifier like a country code to be added, to avoid future collisions.

To get an onion name:

  • If you’re already listed in the directory and using a v3 onion address, contact us via our Support Portal or via (GPG encrypted).
  • If you’re not listed in the directory yet, please submit an entry, and specify the preferred onion name along with the other requested information.

Please note that we will only list SecureDrop instances that meet our security requirements.

For more information, please see our FAQ: Getting An Onion Name For Your SecureDrop.

Return to News