The Tor Project is experimenting with stateless, diskless relay systems designed to leave no recoverable data behind, aiming to protect operators and users from forensic analysis following server seizures.
The approach seeks to eliminate persistent storage entirely while preserving relay identity and network reliability.
The concept was outlined by the Italian research group Osservatorio Nessuno, which operates Tor exit relays and has firsthand experience dealing with legal and physical risks. Their work builds on discussions initiated at the Tor Community Gathering in 2025 and reflects ongoing efforts within the Tor ecosystem to harden relay infrastructure against both state-backed and independent adversaries.
Tor, a decentralized anonymity network relied upon by journalists, activists, and whistleblowers, routes traffic through volunteer-operated relays to obscure user identities. However, when authorities seize relay hardware, as has happened in countries including Germany, the United States, and Russia, any data stored on those systems can potentially be analyzed, creating a weak point in the network’s trust model.
A stateless relay addresses this by running entirely in RAM using a fixed, read-only operating system image. Each reboot wipes the system clean, ensuring no logs, keys, or artifacts persist on disk. This model enforces several security properties by design, including resistance to physical attacks, immutable runtime environments, and reproducible system states that can be audited.
New approach to an old idea
Though projects like Tor-ramdisk have implemented RAM-only relays since at least 2015, the Tor community is now revisiting it with more advanced tooling and hardware-backed protections.
One of the main challenges lies in preserving a relay’s long-term cryptographic identity. Tor relays build reputation over time using persistent identity keys, which influence how much traffic they handle. Losing these keys forces a relay to start from scratch, reducing its usefulness to the network.
To address this, researchers are leveraging Trusted Platform Modules (TPMs), specialized hardware chips that can securely store cryptographic secrets. In this model, the relay’s identity key is sealed within the TPM and bound to a specific system state, allowing it to survive reboots without being directly extractable, even if the hardware is physically accessed. TPMs also enable remote attestation, allowing external systems to verify that a relay is running an expected software stack.
However, TPM integration introduces its own complications. Tor’s ed25519 keys are not natively supported by TPM hardware, requiring additional handling that still leaves some theoretical extraction risk. Additionally, system updates can invalidate TPM-sealed states, forcing operators to “re-seal” keys after changes to the boot chain.
Osservatorio Nessuno outlines several deployment models currently in use. Simpler setups rely on RAM-only systems with manually managed keys, while more advanced configurations, such as Emerald Onion’s VM-based approach, use ephemeral virtual machines combined with offline master keys. Their own Patela framework takes a hardware-centric route, combining TPM-backed identity storage with cryptographically verified boot processes.
Despite the security benefits, stateless relays still introduce operational trade-offs. Memory constraints become critical without disk swapping, and frequent reboots can impact relay stability and reputation within the network. Maintaining up-to-date software is also more complex, as stateless systems revert to their base image on restart, potentially undoing applied updates.
Looking ahead, the Tor community is exploring enhancements such as transparency logs for publicly auditable relay states, confidential computing technologies like AMD SEV-SNP to isolate virtualized environments, and protocol changes that could reduce hardware requirements for running relays.
Leave a Reply